[panda-users] taint segmentation fault

xiaojuan Li xiaotan6666 at gmail.com
Tue Apr 7 22:08:16 EDT 2015 

maybe I am not clear enough.
I want to do this thing:i am study a closed-source software and want to
find a function which solves particular data.so I put the data into
*_search_strings.txt, run replay, search it and taint it to find that
function or something like that.

your guys work is so great and hope PANDA gets better and better.

2015-04-08 9:50 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:

> To find out what instructions are tainted, you should use the
> tainted_instr plugin, rather than an option to taint. It will save its
> output in pandalog format to the file specified by the -pandalog
> argument.
>
> Sorry for all the confusion and lack of documentation here – the taint
> system is in flux right now. If you want to use something more stable
> that matches the documentation, you can use git to check out a
> previous version of PANDA.
>
> -Brendan
>
> On Tue, Apr 7, 2015 at 9:03 PM, xiaojuan Li <xiaotan6666 at gmail.com> wrote:
> > maybe  i am wrong.
> >  i use the command
> > line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
> > when i use taint2, after it loads panda_taint2.so,it
> > shows:"taint2:instructed not to inline taint ops .success".
> >
> > 2015-04-08 8:54 GMT+08:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> >>
> >> ok.
> >> 1.I want to use taint plugin to get information about some functions(of
> >> course, it is closed-source),so I think I can stringsearch potential
> data
> >> and then taint them and next I can locate the functions which solves
> these
> >> data.
> >>
> >> 2.the command line I used is :
> >> stringsearch:name=***;taint2:tainted_instructions=1.
> >>
> >> thanks
> >>
> >>
> >> 2015-04-08 8:40 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
> >>>
> >>> Could you provide:
> >>>
> >>> 1. What information you're trying to get
> >>> 2. The command line you're using to run PANDA with the taint2 plugin
> >>>
> >>> ?
> >>>
> >>> Right now I believe taint2 does not produce very much output by
> default.
> >>> Instead you use the -pandalog <filename> command line option, and
> taint2
> >>> will write its results there in pandalog format; you can then read them
> >>> using pandalog_reader (see panda/pandalog_reader.c for details on that
> >>> tool).
> >>>
> >>> -Brendan
> >>>
> >>> On Tue, Apr 7, 2015 at 8:32 PM, xiaojuan Li <xiaotan6666 at gmail.com>
> >>> wrote:
> >>>>
> >>>> when I tried taint2,it showed the same error with taint1, the olny
> >>>> difference is that taint2 has no segfault error,just uninit taint
> plugin.
> >>>>
> >>>> 2015-04-08 8:28 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu
> >:
> >>>>>
> >>>>> Could you be a little more descriptive about how it failed? Segfault?
> >>>>> Error message? Incorrect output?
> >>>>>
> >>>>> -Brendan
> >>>>>
> >>>>> On Tue, Apr 7, 2015 at 8:27 PM, xiaojuan Li <xiaotan6666 at gmail.com>
> >>>>> wrote:
> >>>>>>
> >>>>>> i tried taint2 too,it failed.
> >>>>>>
> >>>>>> 2015-04-07 5:20 GMT+08:00 Leek, Timothy - 0559 - MITLL
> >>>>>> <tleek at ll.mit.edu>:
> >>>>>>>
> >>>>>>> Also note that the “taint” plugin is somewhat defunct.  “taint2” is
> >>>>>>> the one we are actively using and developing.
> >>>>>>> --
> >>>>>>> Tim Leek
> >>>>>>> Technical Staff
> >>>>>>> Cyber System Assessments
> >>>>>>> MIT Lincoln Laboratory
> >>>>>>> 781-981-2975
> >>>>>>>
> >>>>>>>
> >>>>>>> From: Brendan Dolan-Gavitt <brendandg at gatech.edu>
> >>>>>>> Date: Monday, April 6, 2015 at 5:18 PM
> >>>>>>> To: xiaojuan Li <xiaotan6666 at gmail.com>
> >>>>>>> Cc: "panda-users at mit.edu" <panda-users at mit.edu>
> >>>>>>> Subject: Re: [panda-users] taint segmentation fault
> >>>>>>>
> >>>>>>> Could you run that under gdb and provide us with a backtrace when
> it
> >>>>>>> crashes?
> >>>>>>>
> >>>>>>> -Brendan
> >>>>>>>
> >>>>>>> On Sunday, April 5, 2015, xiaojuan Li <xiaotan6666 at gmail.com>
> wrote:
> >>>>>>>>
> >>>>>>>> Hi,
> >>>>>>>> excuse me,i have a question about taint
> >>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
> >>>>>>>> when I started it showed success:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> but when it finished search,it showd "uninit taint plugin
> >>>>>>>> segementation fault"
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> how can I fix it?
> >>>>>>>> Thanks a lot!
> >>>>>>>> --
> >>>>>>>> wait and hope~~
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> wait and hope~~
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> panda-users mailing list
> >>>>>> panda-users at mit.edu
> >>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> wait and hope~~
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> wait and hope~~
> >
> >
> >
> >
> > --
> > wait and hope~~
>



-- 
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/80679c0b/attachment.htm

More information about the panda-users mailing list