[panda-users] taint segmentation fault

xiaojuan Li xiaotan6666 at gmail.com
Tue Apr 7 22:14:32 EDT 2015 

I get the replay file by running runandroid script. and i use
qemu-system-arm command just to do some replay work.
I may not understand you at all in this emal.do you mean that i should gdb
the original program rather than the record file?
Thansk

2015-04-08 9:52 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:

> Hmm. gdb should normally stop when you get a segfault.
>
> Are you by any chance running PANDA using the runandroid script? If so,
> you will need to instead invoke PANDA manually, i.e.:
>
> gdb --args arm-softmmu/qemu-system-arm [...]
>
> And then once it crashes, type "bt" at the gdb prompt to get a backtrace.
>
> -Brendan
>
> On Tue, Apr 7, 2015 at 9:47 PM, xiaojuan Li <xiaotan6666 at gmail.com> wrote:
>
>> when gdb,it shows:
>> and then i see the log:it shows segfault:
>>
>>>>
>> 2015-04-08 9:03 GMT+08:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>
>>> maybe  i am wrong.
>>>  i use the command
>>> line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
>>> when i use taint2, after it loads panda_taint2.so,it
>>> shows:"taint2:instructed not to inline taint ops .success".
>>>
>>> 2015-04-08 8:54 GMT+08:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>
>>>> ok.
>>>> 1.I want to use taint plugin to get information about some functions(of
>>>> course, it is closed-source),so I think I can stringsearch potential data
>>>> and then taint them and next I can locate the functions which solves these
>>>> data.
>>>>
>>>> 2.the command line I used is : stringsearch:name=***;
>>>> taint2:tainted_instructions=1.
>>>>
>>>> thanks
>>>>
>>>>
>>>> 2015-04-08 8:40 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
>>>>
>>>>> Could you provide:
>>>>>
>>>>> 1. What information you're trying to get
>>>>> 2. The command line you're using to run PANDA with the taint2 plugin
>>>>>
>>>>> ?
>>>>>
>>>>> Right now I believe taint2 does not produce very much output by
>>>>> default. Instead you use the -pandalog <filename> command line option, and
>>>>> taint2 will write its results there in pandalog format; you can then read
>>>>> them using pandalog_reader (see panda/pandalog_reader.c for details on that
>>>>> tool).
>>>>>
>>>>> -Brendan
>>>>>
>>>>> On Tue, Apr 7, 2015 at 8:32 PM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> when I tried taint2,it showed the same error with taint1, the olny
>>>>>> difference is that taint2 has no segfault error,just uninit taint plugin.
>>>>>>
>>>>>> 2015-04-08 8:28 GMT+08:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>
>>>>>> :
>>>>>>
>>>>>>> Could you be a little more descriptive about how it failed?
>>>>>>> Segfault? Error message? Incorrect output?
>>>>>>>
>>>>>>> -Brendan
>>>>>>>
>>>>>>> On Tue, Apr 7, 2015 at 8:27 PM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> i tried taint2 too,it failed.
>>>>>>>>
>>>>>>>> 2015-04-07 5:20 GMT+08:00 Leek, Timothy - 0559 - MITLL <
>>>>>>>> tleek at ll.mit.edu>:
>>>>>>>>
>>>>>>>>> Also note that the “taint” plugin is somewhat defunct.  “taint2”
>>>>>>>>> is the one we are actively using and developing.
>>>>>>>>> --
>>>>>>>>> Tim Leek
>>>>>>>>> Technical Staff
>>>>>>>>> Cyber System Assessments
>>>>>>>>> MIT Lincoln Laboratory
>>>>>>>>> 781-981-2975
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> From: Brendan Dolan-Gavitt <brendandg at gatech.edu>
>>>>>>>>> Date: Monday, April 6, 2015 at 5:18 PM
>>>>>>>>> To: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>> Cc: "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>>>>
>>>>>>>>> Could you run that under gdb and provide us with a backtrace when
>>>>>>>>> it crashes?
>>>>>>>>>
>>>>>>>>> -Brendan
>>>>>>>>>
>>>>>>>>> On Sunday, April 5, 2015, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>> excuse me,i have a question about taint
>>>>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
>>>>>>>>>> when I started it showed success:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> but when it finished search,it showd "uninit taint plugin
>>>>>>>>>> segementation fault"
>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> how can I fix it?
>>>>>>>>>> Thanks a lot!
>>>>>>>>>> --
>>>>>>>>>> wait and hope~~
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> wait and hope~~
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> panda-users mailing list
>>>>>>>> panda-users at mit.edu
>>>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> wait and hope~~
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> wait and hope~~
>>>>
>>>
>>>
>>>
>>> --
>>> wait and hope~~
>>>
>>
>>
>>
>> --
>> wait and hope~~
>>
>
>


-- 
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/3e0afbb2/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb2.png
Type: image/png
Size: 194887 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/3e0afbb2/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qqtaint2.png
Type: image/png
Size: 12246 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/3e0afbb2/attachment-0005.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qqtaint1.png
Type: image/png
Size: 25300 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/3e0afbb2/attachment-0006.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb1-2.png
Type: image/png
Size: 13244 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150408/3e0afbb2/attachment-0007.png

More information about the panda-users mailing list