[panda-users] taint segmentation fault
xiaojuan Li
xiaotan6666 at gmail.com
Fri Apr 17 02:31:05 EDT 2015
the question is this:
it will call this method:
[image: 内嵌图片 1]
the segfault occurs when it labels the phys addr in memory?
does it have no access to operate that mem?
Thanks a lot?
2015-04-16 21:04 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> i do not know which step is wrong:
> i use the avd to create the img:
> and the use pandaConvert.py to convert them to qcow2;
> then i use runpandroid.py(-m 512) to record and -m 512 to replay.
> the size of my host system is :
>
> why segfault while applying taint labels?it shouldn't.
>
>
> 2015-04-16 20:12 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>
> thanks first.
>> the segfault again...
>>
>> 2015-04-16 17:10 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
>>
>> The message about Hugetlb can be ignored -- it is just an optimization if
>>> HugeTLB is available on your system [1].
>>>
>>> In general, the taint system uses 16 times as much RAM as the guest
>>> system has, because it is trying to store two 64-bit pointers per byte of
>>> guest memory in order to keep track of the labels that a byte of memory
>>> has. This tends to make the taint system a lot faster, since many taint
>>> operations simply become copies from one place to another.
>>>
>>> Is the taint analysis working now?
>>>
>>> -Brendan
>>>
>>> [1] http://linuxgazette.net/155/krishnakumar.html
>>>
>>> On Thu, Apr 16, 2015 at 5:19 AM, xiaojuan Li <xiaotan6666 at gmail.com>
>>> wrote:
>>>
>>>> sorry about the repeat question of "record -m 512"..i am just in a
>>>> short circuit...
>>>> now the thing is:
>>>> the guest mem size is 512 when i record,mu host mem is large enough.
>>>>
>>>>
>>>> when replay,it just try to allocate so large size,but why?
>>>>
>>>>
>>>> thanks a lot!
>>>>
>>>>
>>>> 2015-04-15 23:25 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>
>>>> Hi,Brendan,
>>>>> i have tried it and segfault again.
>>>>> my host is 16G which is large enough.
>>>>> I think maybe this is not caused by size of mem.
>>>>> Please correct me!
>>>>> Thanks a lot!
>>>>>
>>>>> 2015-04-15 22:54 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>
>>>>> i see. i am going to try.
>>>>>> Thanks very much for your great patience!
>>>>>>
>>>>>> 2015-04-15 22:49 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
>>>>>>
>>>>>> Find the place in runandroid.py where it sets the amount of RAM. The
>>>>>>> line looks like:
>>>>>>>
>>>>>>> panda_cli.extend(["-kernel", kernel, "-initrd", initrd,
>>>>>>> '-global', 'goldfish_nand.system_path={0}'.format(system),
>>>>>>> '-global', 'goldfish_nand.user_data_path={0}'.format(data),
>>>>>>> '-global', 'goldfish_nand.cache_path={0}'.format(cache),
>>>>>>> '-append', KERNEL_CL,
>>>>>>> '-m', '2G', '-no-reboot', '-monitor',
>>>>>>> 'telnet:localhost:4321,server,nowait',
>>>>>>> '-show-cursor', '-serial', 'stdio', '-serial',
>>>>>>> 'telnet:localhost:4421,server,nowait',
>>>>>>> '-display', 'sdl', '-global',
>>>>>>> 'goldfish_mmc.sd_path={0}'.format(sdcard), '-android', '-S'])
>>>>>>>
>>>>>>> And change the 2G to 512. Then recreate the recording using
>>>>>>> "begin_record recordingname", and run the replay with -m 512 on the
>>>>>>> command line.
>>>>>>>
>>>>>>> For a recording where the guest OS uses 512M RAM, you will need 8GB
>>>>>>> on
>>>>>>> the host to replay with taint. If that is too much, you can try
>>>>>>> changing from 512 to 256 or lower, but you may run into trouble
>>>>>>> getting Android apps to run correctly.
>>>>>>>
>>>>>>> Hope this helps,
>>>>>>> Brendan
>>>>>>>
>>>>>>> On Wed, Apr 15, 2015 at 10:45 PM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>> wrote:
>>>>>>> > i have a question that:i set the mem of img created by avd is
>>>>>>> 8G?and then
>>>>>>> > when i boot the emulator i modify the runpandroid.py with -m 512 to
>>>>>>> > begin_record?
>>>>>>> > (i tried to use "begin_record name -m 512", it seems not right.)
>>>>>>> > i do not clear enough that "record with -m 512"
>>>>>>> > Thanks a lot
>>>>>>> >
>>>>>>> > 2015-04-15 22:39 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>> >
>>>>>>> >> i use the runpandroid.py to create, and the mem is 2G.
>>>>>>> >> I am going to set the required mem to do and thanks a lot.
>>>>>>> >>
>>>>>>> >> 2015-04-15 22:28 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com
>>>>>>> >:
>>>>>>> >>
>>>>>>> >>> How much RAM is installed on the system you're trying to use to
>>>>>>> replay? A
>>>>>>> >>> recording with 512M will need at least 8GB of RAM to replay with
>>>>>>> taint.
>>>>>>> >>>
>>>>>>> >>> -Brendan
>>>>>>> >>>
>>>>>>> >>> On Wed, Apr 15, 2015 at 10:27 PM, xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>
>>>>>>> >>> wrote:
>>>>>>> >>>>
>>>>>>> >>>> it seems does not work.
>>>>>>> >>>> i set the -m 512 before record,when replay it still shows
>>>>>>> segmentation
>>>>>>> >>>> fault.
>>>>>>> >>>>
>>>>>>> >>>> 2015-04-15 22:09 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>> mooyix at gmail.com>:
>>>>>>> >>>>
>>>>>>> >>>>> Yes, you need to record with -m 512. Just trying to replay the
>>>>>>> existing
>>>>>>> >>>>> recording with -m 512 will not work.
>>>>>>> >>>>>
>>>>>>> >>>>> -Brendan
>>>>>>> >>>>>
>>>>>>> >>>>> On Wed, Apr 15, 2015 at 10:08 PM, xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>
>>>>>>> >>>>> wrote:
>>>>>>> >>>>>>
>>>>>>> >>>>>> the question is can begin_record with "-m 512" args?
>>>>>>> >>>>>> I just set the img's ram size is 512.and if i replay it with
>>>>>>> "-m
>>>>>>> >>>>>> 512",it just be aborted
>>>>>>> >>>>>>
>>>>>>> >>>>>> Thanks
>>>>>>> >>>>>>
>>>>>>> >>>>>> 2015-04-15 22:01 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>> mooyix at gmail.com>:
>>>>>>> >>>>>>
>>>>>>> >>>>>>> The problem is that you are giving the system too much RAM –
>>>>>>> you need
>>>>>>> >>>>>>> to remake the recording with -m 512. Currently the taint
>>>>>>> system tries to
>>>>>>> >>>>>>> reserve 16x as much RAM as the guest system for taint, so
>>>>>>> for 2GB of guest
>>>>>>> >>>>>>> RAM it's trying to reserve 32GB.
>>>>>>> >>>>>>>
>>>>>>> >>>>>>> -Brendan
>>>>>>> >>>>>>>
>>>>>>> >>>>>>> On Wed, Apr 15, 2015 at 9:08 PM, xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>
>>>>>>> >>>>>>> wrote:
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>> Hi,Brendan,
>>>>>>> >>>>>>>> I have done it from the begin(convert img to qcow2),then i
>>>>>>> replay it
>>>>>>> >>>>>>>> with taint2 plugin,
>>>>>>> >>>>>>>> when it tstringsearch the maching, it just shows
>>>>>>> "segmentation
>>>>>>> >>>>>>>> fault",but i notice that it also tstringsearch the
>>>>>>> unmatching and there is
>>>>>>> >>>>>>>> no segfault.
>>>>>>> >>>>>>>> here is, my test string is "passwordisqemua":
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>> Thanks!
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>> 2015-04-15 13:05 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>> mooyix at gmail.com>:
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>> Hi,
>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>> It looks like the problem is that it's trying to allocate
>>>>>>> much more
>>>>>>> >>>>>>>>> RAM than you are likely to have available: 34359738368
>>>>>>> bytes, or 32 GiB.
>>>>>>> >>>>>>>>> This may be because you are using a fairly large amount of
>>>>>>> RAM for the
>>>>>>> >>>>>>>>> Android system; could you try reducing that to 512M and
>>>>>>> seeing if that fixes
>>>>>>> >>>>>>>>> the problem?
>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>> On Wed, Apr 15, 2015 at 4:26 AM, xiaojuan Li
>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>> could you share any ways how do you do with it?even
>>>>>>> though now
>>>>>>> >>>>>>>>>> the bug is not fixed?
>>>>>>> >>>>>>>>>> Thanks a lot!
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>> 2015-04-13 22:05 GMT-04:00 Brendan Dolan-Gavitt
>>>>>>> >>>>>>>>>> <mooyix at gmail.com>:
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>> Yes, I downloaded the .rr and have reproduced your
>>>>>>> issue. I will
>>>>>>> >>>>>>>>>>> look into it and see if I can get the bug fixed!
>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>> On Mon, Apr 13, 2015 at 10:04 PM, xiaojuan Li
>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>> could you download that .rr correctly?
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>> 2015-04-13 10:05 GMT-04:00 xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>> yeah,i did not get seg fault when i reproduce the
>>>>>>> tainted
>>>>>>> >>>>>>>>>>>>> instructions tutorial.
>>>>>>> >>>>>>>>>>>>> Thanks for your patience very much!
>>>>>>> >>>>>>>>>>>>> your guys' work is great! do not say sorry.
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>> my command line is:(in /qemu/arm-softmmu
>>>>>>> >>>>>>>>>>>>> directory)./qemu-system-arm -m 2G -replay ime4-13 -M
>>>>>>> android_arm -kernel
>>>>>>> >>>>>>>>>>>>> /dev/null -android -panda
>>>>>>> "stringsearch:name=1;tstringsearch;tainted_instr";
>>>>>>> >>>>>>>>>>>>> the content of 1_search_strings.txt is: "cipher";
>>>>>>> >>>>>>>>>>>>> here is my .rr file:
>>>>>>> >>>>>>>>>>>>> http://pan.baidu.com/s/1gdCfTSn
>>>>>>> >>>>>>>>>>>>> (sorry for taking so long time to upload .rr)
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>> Thanks again!
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>> 2015-04-13 8:58 GMT-04:00 Leek, Timothy - 0559 - MITLL
>>>>>>> >>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> Uninit taint plugin *should* display at the end of
>>>>>>> the run.
>>>>>>> >>>>>>>>>>>>>> That is not an error. It is just a message. You
>>>>>>> aren't getting a seg fault
>>>>>>> >>>>>>>>>>>>>> when you reproduce the tainted instructions tutorial,
>>>>>>> though. Right?
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> I don't know what's wrong with your android run. We
>>>>>>> could try
>>>>>>> >>>>>>>>>>>>>> to reproduce and debug. Can you give us your
>>>>>>> replay? Package it up with
>>>>>>> >>>>>>>>>>>>>> scripts/rrpack.py. Stick the .rr file somewhere we
>>>>>>> can get it. And give us
>>>>>>> >>>>>>>>>>>>>> your complete command line. And the string search
>>>>>>> file.
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> That said -- we are fairly swamped right now. So
>>>>>>> might take a
>>>>>>> >>>>>>>>>>>>>> bit. Sorry!
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> Cheers.
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> Tim
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> ________________________________
>>>>>>> >>>>>>>>>>>>>> From: xiaojuan Li [xiaotan6666 at gmail.com]
>>>>>>> >>>>>>>>>>>>>> Sent: Monday, April 13, 2015 8:27 AM
>>>>>>> >>>>>>>>>>>>>> To: Leek, Timothy - 0559 - MITLL; panda-users at mit.edu;
>>>>>>> Brendan
>>>>>>> >>>>>>>>>>>>>> Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> let me describe how can i get my test snp:
>>>>>>> >>>>>>>>>>>>>> first i boot android emulator,begin_record, do some
>>>>>>> operations
>>>>>>> >>>>>>>>>>>>>> in emulator,end_record. then i use it to replay to
>>>>>>> taint the data i input
>>>>>>> >>>>>>>>>>>>>> before.
>>>>>>> >>>>>>>>>>>>>> (by the way, though i can get the result of the
>>>>>>> tutorial,it
>>>>>>> >>>>>>>>>>>>>> shows "uninit taint plugin" end of the result).
>>>>>>> >>>>>>>>>>>>>> Thanks!
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> 2015-04-13 8:14 GMT-04:00 xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>> Thanks first.
>>>>>>> >>>>>>>>>>>>>>> I tried it before and can get the result described
>>>>>>> in the
>>>>>>> >>>>>>>>>>>>>>> tutorial,but when turn to my snp, it still shows
>>>>>>> "segfault".
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>> 2015-04-13 7:26 GMT-04:00 Leek, Timothy - 0559 -
>>>>>>> MITLL
>>>>>>> >>>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> Maybe try git pull. Then make distclean in qemu
>>>>>>> dir. Then
>>>>>>> >>>>>>>>>>>>>>>> make. Then try the tutorial. Should work.
>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>> Tim Leek
>>>>>>> >>>>>>>>>>>>>>>> Technical Staff
>>>>>>> >>>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>> >>>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>> >>>>>>>>>>>>>>>> 781-981-2975
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> From: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>> Date: Sunday, April 12, 2015 at 11:41 PM
>>>>>>> >>>>>>>>>>>>>>>> To: Brendan Dolan-Gavitt <brendandg at gatech.edu>,
>>>>>>> >>>>>>>>>>>>>>>> "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> yeah.i fail to taint both in using sshkeygen and my
>>>>>>> test
>>>>>>> >>>>>>>>>>>>>>>> snp.
>>>>>>> >>>>>>>>>>>>>>>> here is the result of following the steps in the
>>>>>>> tutorial:
>>>>>>> >>>>>>>>>>>>>>>> Thanks!
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> 2015-04-13 11:34 GMT+08:00 Brendan Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> Are you able to follow the steps in the tutorial
>>>>>>> (using the
>>>>>>> >>>>>>>>>>>>>>>>> sshkeygen
>>>>>>> >>>>>>>>>>>>>>>>> replay)? Or does that fail as well?
>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> On Sun, Apr 12, 2015 at 11:27 PM, xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> > thanks first. i cannot either.
>>>>>>> >>>>>>>>>>>>>>>>> > just segfault while tainting.
>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>> >>>>>>>>>>>>>>>>> > 2015-04-13 4:52 GMT+08:00 Leek, Timothy - 0559 -
>>>>>>> MITLL
>>>>>>> >>>>>>>>>>>>>>>>> > <tleek at ll.mit.edu>:
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> Also, just a check. Are you able to reproduce
>>>>>>> the
>>>>>>> >>>>>>>>>>>>>>>>> >> results here?
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> https://github.com/moyix/panda/blob/master/docs/tainted_instructions.md
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> --
>>>>>>> >>>>>>>>>>>>>>>>> >> Tim Leek
>>>>>>> >>>>>>>>>>>>>>>>> >> Technical Staff
>>>>>>> >>>>>>>>>>>>>>>>> >> Cyber System Assessments
>>>>>>> >>>>>>>>>>>>>>>>> >> MIT Lincoln Laboratory
>>>>>>> >>>>>>>>>>>>>>>>> >> 781-981-2975
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> From: Brendan Dolan-Gavitt <
>>>>>>> brendandg at gatech.edu>
>>>>>>> >>>>>>>>>>>>>>>>> >> Date: Sunday, April 12, 2015 at 4:04 PM
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> To: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>>> >> Cc: "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>> >>>>>>>>>>>>>>>>> >> Subject: Re: [panda-users] taint segmentation
>>>>>>> fault
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> A few things:
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> 1. Did you make sure to do a make clean and
>>>>>>> then re-run
>>>>>>> >>>>>>>>>>>>>>>>> >> build.sh after
>>>>>>> >>>>>>>>>>>>>>>>> >> updating? I got a segfault just after taint was
>>>>>>> turned
>>>>>>> >>>>>>>>>>>>>>>>> >> on as well until I
>>>>>>> >>>>>>>>>>>>>>>>> >> did a make clean and re-ran build.sh.
>>>>>>> >>>>>>>>>>>>>>>>> >> 2. Are you running this on a 64-bit system?
>>>>>>> What kernel
>>>>>>> >>>>>>>>>>>>>>>>> >> version?
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >> On Sun, Apr 12, 2015 at 9:16 AM, xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >> <xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>>> >> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>> any suggestions? about segmentation fault?
>>>>>>> >>>>>>>>>>>>>>>>> >>> and after my test,I make sure it is not
>>>>>>> caused by
>>>>>>> >>>>>>>>>>>>>>>>> >>> insufficient memory.
>>>>>>> >>>>>>>>>>>>>>>>> >>> Thanks a lot!
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>> 2015-04-11 11:59 GMT+08:00 xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>> <xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>> excuse me:
>>>>>>> >>>>>>>>>>>>>>>>> >>>> I try to fix the segmentation error:
>>>>>>> >>>>>>>>>>>>>>>>> >>>> and find this piece of code:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>> do you mean that it doesn't support so large
>>>>>>> byte?or
>>>>>>> >>>>>>>>>>>>>>>>> >>>> it doesn't support
>>>>>>> >>>>>>>>>>>>>>>>> >>>> for android arm?
>>>>>>> >>>>>>>>>>>>>>>>> >>>> in the doc I noticed that network tainting is
>>>>>>> not
>>>>>>> >>>>>>>>>>>>>>>>> >>>> supported for arm
>>>>>>> >>>>>>>>>>>>>>>>> >>>> architecture,and the string I tainted was
>>>>>>> something
>>>>>>> >>>>>>>>>>>>>>>>> >>>> may go through the
>>>>>>> >>>>>>>>>>>>>>>>> >>>> network.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>> Thanks!
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>> 2015-04-09 21:30 GMT+08:00 xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>> <xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Now that the panda taint.md is not
>>>>>>> fresh,can you guys
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> give me some
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> help?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I use the replay plugin,here is my command
>>>>>>> and the
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> the content of pk_search_strings.txt is
>>>>>>> :"sdt"
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I am confused here:in the paper— Repeatable
>>>>>>> reverse
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> with panda:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> :
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> it is clear that:if I use the stringsearch
>>>>>>> and taint
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> plugin,when it
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> matches, the taint label will be put and
>>>>>>> then taint
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> action will start.but
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> when I use it, it seems wrong(the picture
>>>>>>> showed
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> before):no taint action
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> execute,and i am confused about the
>>>>>>> tstringsearch's
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> how can i use it to analysis?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Thanks a lot!
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> 2015-04-08 10:14 GMT+08:00 xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> <xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I get the replay file by running runandroid
>>>>>>> script.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> and i use
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> qemu-system-arm command just to do some
>>>>>>> replay work.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I may not understand you at all in this
>>>>>>> emal.do you
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> mean that i should
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> gdb the original program rather than the
>>>>>>> record
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> file?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> Thansk
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> 2015-04-08 9:52 GMT+08:00 Brendan
>>>>>>> Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> <brendandg at gatech.edu>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Hmm. gdb should normally stop when you get
>>>>>>> a
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> segfault.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Are you by any chance running PANDA using
>>>>>>> the
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> runandroid script? If
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> so, you will need to instead invoke PANDA
>>>>>>> manually,
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> i.e.:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> gdb --args arm-softmmu/qemu-system-arm
>>>>>>> [...]
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> And then once it crashes, type "bt" at the
>>>>>>> gdb
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> prompt to get a
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> backtrace.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> On Tue, Apr 7, 2015 at 9:47 PM, xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> <xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> when gdb,it shows:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> and then i see the log:it shows segfault:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> 2015-04-08 9:03 GMT+08:00 xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> maybe i am wrong.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> i use the command
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> when i use taint2, after it loads
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> panda_taint2.so,it
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> shows:"taint2:instructed not to inline
>>>>>>> taint ops
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> .success".
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> 2015-04-08 8:54 GMT+08:00 xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> ok.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 1.I want to use taint plugin to get
>>>>>>> information
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> about some
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> functions(of course, it is
>>>>>>> closed-source),so I
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> think I can stringsearch
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> potential data and then taint them and
>>>>>>> next I
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> can locate the functions which
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> solves these data.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2.the command line I used is :
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> stringsearch:name=***;taint2:tainted_instructions=1.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> thanks
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2015-04-08 8:40 GMT+08:00 Brendan
>>>>>>> Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Could you provide:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 1. What information you're trying to
>>>>>>> get
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 2. The command line you're using to
>>>>>>> run PANDA
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> with the taint2
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> plugin
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> ?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Right now I believe taint2 does not
>>>>>>> produce
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> very much output by
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> default. Instead you use the -pandalog
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <filename> command line option, and
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> taint2 will write its results there in
>>>>>>> pandalog
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> format; you can then read
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> them using pandalog_reader (see
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> panda/pandalog_reader.c for details on
>>>>>>> that
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> tool).
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> On Tue, Apr 7, 2015 at 8:32 PM,
>>>>>>> xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> when I tried taint2,it showed the
>>>>>>> same error
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> with taint1, the
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> olny difference is that taint2 has no
>>>>>>> segfault
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> error,just uninit taint
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> plugin.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> 2015-04-08 8:28 GMT+08:00 Brendan
>>>>>>> Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Could you be a little more
>>>>>>> descriptive about
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> how it failed?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Segfault? Error message? Incorrect
>>>>>>> output?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Apr 7, 2015 at 8:27 PM,
>>>>>>> xiaojuan Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> i tried taint2 too,it failed.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 2015-04-07 5:20 GMT+08:00 Leek,
>>>>>>> Timothy -
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 0559 - MITLL
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also note that the “taint” plugin
>>>>>>> is
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> somewhat defunct.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> “taint2” is the one we are
>>>>>>> actively using
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> and developing.
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Tim Leek
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Technical Staff
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 781-981-2975
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> From: Brendan Dolan-Gavitt
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <brendandg at gatech.edu>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Date: Monday, April 6, 2015 at
>>>>>>> 5:18 PM
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> To: xiaojuan Li <
>>>>>>> xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cc: "panda-users at mit.edu"
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <panda-users at mit.edu>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Subject: Re: [panda-users] taint
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> segmentation fault
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Could you run that under gdb and
>>>>>>> provide us
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> with a backtrace
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> when it crashes?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -Brendan
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sunday, April 5, 2015, xiaojuan
>>>>>>> Li
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <xiaotan6666 at gmail.com>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi,
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> excuse me,i have a question about
>>>>>>> taint
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> when I started it showed success:
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> but when it finished search,it
>>>>>>> showd
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> "uninit taint plugin
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> segementation fault"
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> how can I fix it?
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks a lot!
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users mailing list
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users at mit.edu
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>> >>>>>>>>>>>>>>>>> >>> --
>>>>>>> >>>>>>>>>>>>>>>>> >>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>> >>>>>>>>>>>>>>>>> > --
>>>>>>> >>>>>>>>>>>>>>>>> > wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>> --
>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>>
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>>
>>>>>>> >>>>>>>>>> --
>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>>
>>>>>>> >>>>>>>> --
>>>>>>> >>>>>>>> wait and hope~~
>>>>>>> >>>>>>>
>>>>>>> >>>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>> --
>>>>>>> >>>>>> wait and hope~~
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>
>>>>>>> >>>>
>>>>>>> >>>>
>>>>>>> >>>> --
>>>>>>> >>>> wait and hope~~
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >> --
>>>>>>> >> wait and hope~~
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > --
>>>>>>> > wait and hope~~
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> wait and hope~~
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> wait and hope~~
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> wait and hope~~
>>>>
>>>
>>>
>>
>>
>> --
>> wait and hope~~
>>
>
>
>
> --
> wait and hope~~
>
--
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9991.png
Type: image/png
Size: 28871 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0006.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory1.png
Type: image/png
Size: 10131 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0007.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9992.png
Type: image/png
Size: 7433 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0008.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step113.png
Type: image/png
Size: 11292 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0009.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory.png
Type: image/png
Size: 17898 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0010.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step114.png
Type: image/png
Size: 3468 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/1985108b/attachment-0011.png
More information about the panda-users
mailing list