[panda-users] taint segmentation fault
Brendan Dolan-Gavitt
brendandg at gatech.edu
Tue Apr 7 21:52:46 EDT 2015
Hmm. gdb should normally stop when you get a segfault.
Are you by any chance running PANDA using the runandroid script? If so, you
will need to instead invoke PANDA manually, i.e.:
gdb --args arm-softmmu/qemu-system-arm [...]
And then once it crashes, type "bt" at the gdb prompt to get a backtrace.
-Brendan
On Tue, Apr 7, 2015 at 9:47 PM, xiaojuan Li <xiaotan6666 at gmail.com> wrote:
> when gdb,it shows:
> and then i see the log:it shows segfault:
>
>
>
> 2015-04-08 9:03 GMT+08:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>
>> maybe i am wrong.
>> i use the command
>> line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
>> when i use taint2, after it loads panda_taint2.so,it
>> shows:"taint2:instructed not to inline taint ops .success".
>>
>> 2015-04-08 8:54 GMT+08:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>
>>> ok.
>>> 1.I want to use taint plugin to get information about some functions(of
>>> course, it is closed-source),so I think I can stringsearch potential data
>>> and then taint them and next I can locate the functions which solves these
>>> data.
>>>
>>> 2.the command line I used is : stringsearch:name=***;
>>> taint2:tainted_instructions=1.
>>>
>>> thanks
>>>
>>>
>>> 2015-04-08 8:40 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
>>>
>>>> Could you provide:
>>>>
>>>> 1. What information you're trying to get
>>>> 2. The command line you're using to run PANDA with the taint2 plugin
>>>>
>>>> ?
>>>>
>>>> Right now I believe taint2 does not produce very much output by
>>>> default. Instead you use the -pandalog <filename> command line option, and
>>>> taint2 will write its results there in pandalog format; you can then read
>>>> them using pandalog_reader (see panda/pandalog_reader.c for details on that
>>>> tool).
>>>>
>>>> -Brendan
>>>>
>>>> On Tue, Apr 7, 2015 at 8:32 PM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>> wrote:
>>>>
>>>>> when I tried taint2,it showed the same error with taint1, the olny
>>>>> difference is that taint2 has no segfault error,just uninit taint plugin.
>>>>>
>>>>> 2015-04-08 8:28 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
>>>>>
>>>>>> Could you be a little more descriptive about how it failed? Segfault?
>>>>>> Error message? Incorrect output?
>>>>>>
>>>>>> -Brendan
>>>>>>
>>>>>> On Tue, Apr 7, 2015 at 8:27 PM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> i tried taint2 too,it failed.
>>>>>>>
>>>>>>> 2015-04-07 5:20 GMT+08:00 Leek, Timothy - 0559 - MITLL <
>>>>>>> tleek at ll.mit.edu>:
>>>>>>>
>>>>>>>> Also note that the “taint” plugin is somewhat defunct. “taint2” is
>>>>>>>> the one we are actively using and developing.
>>>>>>>> --
>>>>>>>> Tim Leek
>>>>>>>> Technical Staff
>>>>>>>> Cyber System Assessments
>>>>>>>> MIT Lincoln Laboratory
>>>>>>>> 781-981-2975
>>>>>>>>
>>>>>>>>
>>>>>>>> From: Brendan Dolan-Gavitt <brendandg at gatech.edu>
>>>>>>>> Date: Monday, April 6, 2015 at 5:18 PM
>>>>>>>> To: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>> Cc: "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>>>
>>>>>>>> Could you run that under gdb and provide us with a backtrace when
>>>>>>>> it crashes?
>>>>>>>>
>>>>>>>> -Brendan
>>>>>>>>
>>>>>>>> On Sunday, April 5, 2015, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> excuse me,i have a question about taint
>>>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
>>>>>>>>> when I started it showed success:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> but when it finished search,it showd "uninit taint plugin
>>>>>>>>> segementation fault"
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> how can I fix it?
>>>>>>>>> Thanks a lot!
>>>>>>>>> --
>>>>>>>>> wait and hope~~
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> wait and hope~~
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> panda-users mailing list
>>>>>>> panda-users at mit.edu
>>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> wait and hope~~
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> wait and hope~~
>>>
>>
>>
>>
>> --
>> wait and hope~~
>>
>
>
>
> --
> wait and hope~~
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150407/cc199368/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qqtaint1.png
Type: image/png
Size: 25300 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150407/cc199368/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb2.png
Type: image/png
Size: 194887 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150407/cc199368/attachment-0005.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qqtaint2.png
Type: image/png
Size: 12246 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150407/cc199368/attachment-0006.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb1-2.png
Type: image/png
Size: 13244 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150407/cc199368/attachment-0007.png
More information about the panda-users
mailing list