[panda-users] about search_strings.txt

Brendan Dolan-Gavitt brendandg at gatech.edu
Wed Apr 1 21:21:44 EDT 2015 

Ok, I see at least two things wrong in your screenshot, though neither
should cause the error you are seeing.

First: you should use
"taint:tainted_instruction=1,query_outgoing_network=1" (use a comma to
separate different options to the same plugin, not a semicolon).

Second: strings in the search_strings.txt file either need to be put in
quotes (as in "tygertygerburningbright") or they need to be a hex string
like 74:79:67:65:72:74:79:67.

As for PANDA not finding 1_search_strings.txt – could you make sure the
file is in the same directory as the one you are running ./qemu-system-arm
from and that it is readable by the current user? For example, does "cat
1_search_strings.txt" at the command line show the contents of that file?

-Brendan

On Wed, Apr 1, 2015 at 8:03 PM, xiaojuan Li <xiaotan6666 at gmail.com> wrote:

> thanks first!
> it shows error again.
> here is my command and the result:
> the following .png is the name and content of .txt:
>
>>
> 2015-04-01 21:55 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
>
>> The stringsearch plugin now allows you to choose the prefix for the
>> search_strings.txt file. You can use
>>
>> -panda 'callstack_instr;stringsearch:name=foo'
>>
>> and it will try to find strings in a file named
>> "foo_search_strings.txt" and write output to "foo_string_matches.txt".
>>
>> If you don't specify the name option, it should look for a file called
>> "stringsearch_search_strings.txt" in the current directory.
>>
>> What is the error you're getting?
>>
>> -Brendan
>>
>> On Wed, Apr 1, 2015 at 5:24 AM, xiaojuan Li <xiaotan6666 at gmail.com>
>> wrote:
>> > thanks first.
>> > I had tried renamed that .txt name as "stringsearch_search_strings",but
>> it
>> > just showed the same error.
>> >
>> > 2015-04-01 16:51 GMT+08:00 Federico "fox" Scrinzi <fox91 at anche.no>:
>> >>
>> >> On 2015-04-01 01:14, xiaojuan Li wrote:
>> >>>
>> >>> I notice that stringsfile is "stringsearch_search_strings.txt",not the
>> >>> file name--"search_strings.txt".
>> >>> Could you tell me something about this?
>> >>
>> >>
>> >> In the recent versions of the plugin the filename was changed, you
>> need to
>> >> use "stringsearch_search_strings.txt". You can use the plugin by adding
>> >> -panda callstack_instr -panda stringsearch to your PANDA command line.
>> >>
>> >>
>> >> Cheers,
>> >> Federico
>> >
>> >
>> >
>> >
>> > --
>> > wait and hope~~
>> >
>> > _______________________________________________
>> > panda-users mailing list
>> > panda-users at mit.edu
>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>> >
>>
>
>
>
> --
> wait and hope~~
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150401/8a0c4e99/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qq1.png
Type: image/png
Size: 59394 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150401/8a0c4e99/attachment-0002.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qq2.png
Type: image/png
Size: 6782 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150401/8a0c4e99/attachment-0003.png

More information about the panda-users mailing list