[panda-users] taint segmentation fault
xiaojuan Li
xiaotan6666 at gmail.com
Fri Apr 17 07:19:41 EDT 2015
further, it stopped in case maddr:
[image: 内嵌图片 1]
just this "shad->ram->label(a->val.ma+a->off, ls)" sentence.
because it is not x86_64,so the ram is SdDir32 *ram
[image: 内嵌图片 2]
but there is no "label" in SdDir32:
[image: 内嵌图片 4]
so there is segfault,right?
Please correct me!
Thanks a lot!
2015-04-17 4:21 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> i try to locate the function where it stopped:
>
> and it stopped in this switch-case :
>
>
> i do not know why?
>
> Thanks a lot!
>
> 2015-04-17 2:31 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>
> the question is this:
>>
>> it will call this method:
>> [image: 内嵌图片 1]
>>
>> the segfault occurs when it labels the phys addr in memory?
>> does it have no access to operate that mem?
>>
>> Thanks a lot?
>>
>>
>> 2015-04-16 21:04 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>
>> i do not know which step is wrong:
>>> i use the avd to create the img:
>>> and the use pandaConvert.py to convert them to qcow2;
>>> then i use runpandroid.py(-m 512) to record and -m 512 to replay.
>>> the size of my host system is :
>>>
>>> why segfault while applying taint labels?it shouldn't.
>>>
>>>
>>> 2015-04-16 20:12 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>
>>> thanks first.
>>>> the segfault again...
>>>>
>>>> 2015-04-16 17:10 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
>>>>
>>>> The message about Hugetlb can be ignored -- it is just an optimization
>>>>> if HugeTLB is available on your system [1].
>>>>>
>>>>> In general, the taint system uses 16 times as much RAM as the guest
>>>>> system has, because it is trying to store two 64-bit pointers per byte of
>>>>> guest memory in order to keep track of the labels that a byte of memory
>>>>> has. This tends to make the taint system a lot faster, since many taint
>>>>> operations simply become copies from one place to another.
>>>>>
>>>>> Is the taint analysis working now?
>>>>>
>>>>> -Brendan
>>>>>
>>>>> [1] http://linuxgazette.net/155/krishnakumar.html
>>>>>
>>>>> On Thu, Apr 16, 2015 at 5:19 AM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> sorry about the repeat question of "record -m 512"..i am just in a
>>>>>> short circuit...
>>>>>> now the thing is:
>>>>>> the guest mem size is 512 when i record,mu host mem is large enough.
>>>>>>
>>>>>>
>>>>>> when replay,it just try to allocate so large size,but why?
>>>>>>
>>>>>>
>>>>>> thanks a lot!
>>>>>>
>>>>>>
>>>>>> 2015-04-15 23:25 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>
>>>>>> Hi,Brendan,
>>>>>>> i have tried it and segfault again.
>>>>>>> my host is 16G which is large enough.
>>>>>>> I think maybe this is not caused by size of mem.
>>>>>>> Please correct me!
>>>>>>> Thanks a lot!
>>>>>>>
>>>>>>> 2015-04-15 22:54 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>>
>>>>>>> i see. i am going to try.
>>>>>>>> Thanks very much for your great patience!
>>>>>>>>
>>>>>>>> 2015-04-15 22:49 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
>>>>>>>>
>>>>>>>> Find the place in runandroid.py where it sets the amount of RAM. The
>>>>>>>>> line looks like:
>>>>>>>>>
>>>>>>>>> panda_cli.extend(["-kernel", kernel, "-initrd", initrd,
>>>>>>>>> '-global', 'goldfish_nand.system_path={0}'.format(system),
>>>>>>>>> '-global', 'goldfish_nand.user_data_path={0}'.format(data),
>>>>>>>>> '-global', 'goldfish_nand.cache_path={0}'.format(cache),
>>>>>>>>> '-append', KERNEL_CL,
>>>>>>>>> '-m', '2G', '-no-reboot', '-monitor',
>>>>>>>>> 'telnet:localhost:4321,server,nowait',
>>>>>>>>> '-show-cursor', '-serial', 'stdio', '-serial',
>>>>>>>>> 'telnet:localhost:4421,server,nowait',
>>>>>>>>> '-display', 'sdl', '-global',
>>>>>>>>> 'goldfish_mmc.sd_path={0}'.format(sdcard), '-android', '-S'])
>>>>>>>>>
>>>>>>>>> And change the 2G to 512. Then recreate the recording using
>>>>>>>>> "begin_record recordingname", and run the replay with -m 512 on the
>>>>>>>>> command line.
>>>>>>>>>
>>>>>>>>> For a recording where the guest OS uses 512M RAM, you will need
>>>>>>>>> 8GB on
>>>>>>>>> the host to replay with taint. If that is too much, you can try
>>>>>>>>> changing from 512 to 256 or lower, but you may run into trouble
>>>>>>>>> getting Android apps to run correctly.
>>>>>>>>>
>>>>>>>>> Hope this helps,
>>>>>>>>> Brendan
>>>>>>>>>
>>>>>>>>> On Wed, Apr 15, 2015 at 10:45 PM, xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com> wrote:
>>>>>>>>> > i have a question that:i set the mem of img created by avd is
>>>>>>>>> 8G?and then
>>>>>>>>> > when i boot the emulator i modify the runpandroid.py with -m 512
>>>>>>>>> to
>>>>>>>>> > begin_record?
>>>>>>>>> > (i tried to use "begin_record name -m 512", it seems not right.)
>>>>>>>>> > i do not clear enough that "record with -m 512"
>>>>>>>>> > Thanks a lot
>>>>>>>>> >
>>>>>>>>> > 2015-04-15 22:39 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>>>> >
>>>>>>>>> >> i use the runpandroid.py to create, and the mem is 2G.
>>>>>>>>> >> I am going to set the required mem to do and thanks a lot.
>>>>>>>>> >>
>>>>>>>>> >> 2015-04-15 22:28 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>> >>
>>>>>>>>> >>> How much RAM is installed on the system you're trying to use
>>>>>>>>> to replay? A
>>>>>>>>> >>> recording with 512M will need at least 8GB of RAM to replay
>>>>>>>>> with taint.
>>>>>>>>> >>>
>>>>>>>>> >>> -Brendan
>>>>>>>>> >>>
>>>>>>>>> >>> On Wed, Apr 15, 2015 at 10:27 PM, xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>> >>> wrote:
>>>>>>>>> >>>>
>>>>>>>>> >>>> it seems does not work.
>>>>>>>>> >>>> i set the -m 512 before record,when replay it still shows
>>>>>>>>> segmentation
>>>>>>>>> >>>> fault.
>>>>>>>>> >>>>
>>>>>>>>> >>>> 2015-04-15 22:09 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>> >>>>
>>>>>>>>> >>>>> Yes, you need to record with -m 512. Just trying to replay
>>>>>>>>> the existing
>>>>>>>>> >>>>> recording with -m 512 will not work.
>>>>>>>>> >>>>>
>>>>>>>>> >>>>> -Brendan
>>>>>>>>> >>>>>
>>>>>>>>> >>>>> On Wed, Apr 15, 2015 at 10:08 PM, xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>> >>>>> wrote:
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>> the question is can begin_record with "-m 512" args?
>>>>>>>>> >>>>>> I just set the img's ram size is 512.and if i replay it
>>>>>>>>> with "-m
>>>>>>>>> >>>>>> 512",it just be aborted
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>> Thanks
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>> 2015-04-15 22:01 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>> The problem is that you are giving the system too much RAM
>>>>>>>>> – you need
>>>>>>>>> >>>>>>> to remake the recording with -m 512. Currently the taint
>>>>>>>>> system tries to
>>>>>>>>> >>>>>>> reserve 16x as much RAM as the guest system for taint, so
>>>>>>>>> for 2GB of guest
>>>>>>>>> >>>>>>> RAM it's trying to reserve 32GB.
>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>> -Brendan
>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>> On Wed, Apr 15, 2015 at 9:08 PM, xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>> wrote:
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>> Hi,Brendan,
>>>>>>>>> >>>>>>>> I have done it from the begin(convert img to qcow2),then
>>>>>>>>> i replay it
>>>>>>>>> >>>>>>>> with taint2 plugin,
>>>>>>>>> >>>>>>>> when it tstringsearch the maching, it just shows
>>>>>>>>> "segmentation
>>>>>>>>> >>>>>>>> fault",but i notice that it also tstringsearch the
>>>>>>>>> unmatching and there is
>>>>>>>>> >>>>>>>> no segfault.
>>>>>>>>> >>>>>>>> here is, my test string is "passwordisqemua":
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>> Thanks!
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>> 2015-04-15 13:05 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>> Hi,
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>> It looks like the problem is that it's trying to
>>>>>>>>> allocate much more
>>>>>>>>> >>>>>>>>> RAM than you are likely to have available: 34359738368
>>>>>>>>> bytes, or 32 GiB.
>>>>>>>>> >>>>>>>>> This may be because you are using a fairly large amount
>>>>>>>>> of RAM for the
>>>>>>>>> >>>>>>>>> Android system; could you try reducing that to 512M and
>>>>>>>>> seeing if that fixes
>>>>>>>>> >>>>>>>>> the problem?
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>> On Wed, Apr 15, 2015 at 4:26 AM, xiaojuan Li
>>>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>> could you share any ways how do you do with it?even
>>>>>>>>> though now
>>>>>>>>> >>>>>>>>>> the bug is not fixed?
>>>>>>>>> >>>>>>>>>> Thanks a lot!
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>> 2015-04-13 22:05 GMT-04:00 Brendan Dolan-Gavitt
>>>>>>>>> >>>>>>>>>> <mooyix at gmail.com>:
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>> Yes, I downloaded the .rr and have reproduced your
>>>>>>>>> issue. I will
>>>>>>>>> >>>>>>>>>>> look into it and see if I can get the bug fixed!
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>> On Mon, Apr 13, 2015 at 10:04 PM, xiaojuan Li
>>>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>> could you download that .rr correctly?
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>> 2015-04-13 10:05 GMT-04:00 xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>> yeah,i did not get seg fault when i reproduce the
>>>>>>>>> tainted
>>>>>>>>> >>>>>>>>>>>>> instructions tutorial.
>>>>>>>>> >>>>>>>>>>>>> Thanks for your patience very much!
>>>>>>>>> >>>>>>>>>>>>> your guys' work is great! do not say sorry.
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>> my command line is:(in /qemu/arm-softmmu
>>>>>>>>> >>>>>>>>>>>>> directory)./qemu-system-arm -m 2G -replay ime4-13 -M
>>>>>>>>> android_arm -kernel
>>>>>>>>> >>>>>>>>>>>>> /dev/null -android -panda
>>>>>>>>> "stringsearch:name=1;tstringsearch;tainted_instr";
>>>>>>>>> >>>>>>>>>>>>> the content of 1_search_strings.txt is: "cipher";
>>>>>>>>> >>>>>>>>>>>>> here is my .rr file:
>>>>>>>>> >>>>>>>>>>>>> http://pan.baidu.com/s/1gdCfTSn
>>>>>>>>> >>>>>>>>>>>>> (sorry for taking so long time to upload .rr)
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>> Thanks again!
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>> 2015-04-13 8:58 GMT-04:00 Leek, Timothy - 0559 -
>>>>>>>>> MITLL
>>>>>>>>> >>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> Uninit taint plugin *should* display at the end of
>>>>>>>>> the run.
>>>>>>>>> >>>>>>>>>>>>>> That is not an error. It is just a message. You
>>>>>>>>> aren't getting a seg fault
>>>>>>>>> >>>>>>>>>>>>>> when you reproduce the tainted instructions
>>>>>>>>> tutorial, though. Right?
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> I don't know what's wrong with your android run.
>>>>>>>>> We could try
>>>>>>>>> >>>>>>>>>>>>>> to reproduce and debug. Can you give us your
>>>>>>>>> replay? Package it up with
>>>>>>>>> >>>>>>>>>>>>>> scripts/rrpack.py. Stick the .rr file somewhere we
>>>>>>>>> can get it. And give us
>>>>>>>>> >>>>>>>>>>>>>> your complete command line. And the string search
>>>>>>>>> file.
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> That said -- we are fairly swamped right now. So
>>>>>>>>> might take a
>>>>>>>>> >>>>>>>>>>>>>> bit. Sorry!
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> Cheers.
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> Tim
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> ________________________________
>>>>>>>>> >>>>>>>>>>>>>> From: xiaojuan Li [xiaotan6666 at gmail.com]
>>>>>>>>> >>>>>>>>>>>>>> Sent: Monday, April 13, 2015 8:27 AM
>>>>>>>>> >>>>>>>>>>>>>> To: Leek, Timothy - 0559 - MITLL;
>>>>>>>>> panda-users at mit.edu; Brendan
>>>>>>>>> >>>>>>>>>>>>>> Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> let me describe how can i get my test snp:
>>>>>>>>> >>>>>>>>>>>>>> first i boot android emulator,begin_record, do some
>>>>>>>>> operations
>>>>>>>>> >>>>>>>>>>>>>> in emulator,end_record. then i use it to replay to
>>>>>>>>> taint the data i input
>>>>>>>>> >>>>>>>>>>>>>> before.
>>>>>>>>> >>>>>>>>>>>>>> (by the way, though i can get the result of the
>>>>>>>>> tutorial,it
>>>>>>>>> >>>>>>>>>>>>>> shows "uninit taint plugin" end of the result).
>>>>>>>>> >>>>>>>>>>>>>> Thanks!
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> 2015-04-13 8:14 GMT-04:00 xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>> Thanks first.
>>>>>>>>> >>>>>>>>>>>>>>> I tried it before and can get the result described
>>>>>>>>> in the
>>>>>>>>> >>>>>>>>>>>>>>> tutorial,but when turn to my snp, it still shows
>>>>>>>>> "segfault".
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>> 2015-04-13 7:26 GMT-04:00 Leek, Timothy - 0559 -
>>>>>>>>> MITLL
>>>>>>>>> >>>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> Maybe try git pull. Then make distclean in qemu
>>>>>>>>> dir. Then
>>>>>>>>> >>>>>>>>>>>>>>>> make. Then try the tutorial. Should work.
>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>> Tim Leek
>>>>>>>>> >>>>>>>>>>>>>>>> Technical Staff
>>>>>>>>> >>>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>>>> >>>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>>>> >>>>>>>>>>>>>>>> 781-981-2975
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> From: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>> Date: Sunday, April 12, 2015 at 11:41 PM
>>>>>>>>> >>>>>>>>>>>>>>>> To: Brendan Dolan-Gavitt <brendandg at gatech.edu>,
>>>>>>>>> >>>>>>>>>>>>>>>> "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation
>>>>>>>>> fault
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> yeah.i fail to taint both in using sshkeygen and
>>>>>>>>> my test
>>>>>>>>> >>>>>>>>>>>>>>>> snp.
>>>>>>>>> >>>>>>>>>>>>>>>> here is the result of following the steps in the
>>>>>>>>> tutorial:
>>>>>>>>> >>>>>>>>>>>>>>>> Thanks!
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> 2015-04-13 11:34 GMT+08:00 Brendan Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> Are you able to follow the steps in the tutorial
>>>>>>>>> (using the
>>>>>>>>> >>>>>>>>>>>>>>>>> sshkeygen
>>>>>>>>> >>>>>>>>>>>>>>>>> replay)? Or does that fail as well?
>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> On Sun, Apr 12, 2015 at 11:27 PM, xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> > thanks first. i cannot either.
>>>>>>>>> >>>>>>>>>>>>>>>>> > just segfault while tainting.
>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>>>>>>>>>>>>> > 2015-04-13 4:52 GMT+08:00 Leek, Timothy - 0559
>>>>>>>>> - MITLL
>>>>>>>>> >>>>>>>>>>>>>>>>> > <tleek at ll.mit.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Also, just a check. Are you able to
>>>>>>>>> reproduce the
>>>>>>>>> >>>>>>>>>>>>>>>>> >> results here?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> https://github.com/moyix/panda/blob/master/docs/tainted_instructions.md
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Tim Leek
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Technical Staff
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Cyber System Assessments
>>>>>>>>> >>>>>>>>>>>>>>>>> >> MIT Lincoln Laboratory
>>>>>>>>> >>>>>>>>>>>>>>>>> >> 781-981-2975
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> From: Brendan Dolan-Gavitt <
>>>>>>>>> brendandg at gatech.edu>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Date: Sunday, April 12, 2015 at 4:04 PM
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> To: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Cc: "panda-users at mit.edu" <
>>>>>>>>> panda-users at mit.edu>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> Subject: Re: [panda-users] taint segmentation
>>>>>>>>> fault
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> A few things:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> 1. Did you make sure to do a make clean and
>>>>>>>>> then re-run
>>>>>>>>> >>>>>>>>>>>>>>>>> >> build.sh after
>>>>>>>>> >>>>>>>>>>>>>>>>> >> updating? I got a segfault just after taint
>>>>>>>>> was turned
>>>>>>>>> >>>>>>>>>>>>>>>>> >> on as well until I
>>>>>>>>> >>>>>>>>>>>>>>>>> >> did a make clean and re-ran build.sh.
>>>>>>>>> >>>>>>>>>>>>>>>>> >> 2. Are you running this on a 64-bit system?
>>>>>>>>> What kernel
>>>>>>>>> >>>>>>>>>>>>>>>>> >> version?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> On Sun, Apr 12, 2015 at 9:16 AM, xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >> <xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>>> >> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> any suggestions? about segmentation fault?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> and after my test,I make sure it is not
>>>>>>>>> caused by
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> insufficient memory.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> Thanks a lot!
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> 2015-04-11 11:59 GMT+08:00 xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> <xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> excuse me:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> I try to fix the segmentation error:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> and find this piece of code:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> do you mean that it doesn't support so
>>>>>>>>> large byte?or
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> it doesn't support
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> for android arm?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> in the doc I noticed that network tainting
>>>>>>>>> is not
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> supported for arm
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> architecture,and the string I tainted was
>>>>>>>>> something
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> may go through the
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> network.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> Thanks!
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> 2015-04-09 21:30 GMT+08:00 xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> <xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Now that the panda taint.md is not
>>>>>>>>> fresh,can you guys
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> give me some
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> help?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I use the replay plugin,here is my command
>>>>>>>>> and the
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> the content of pk_search_strings.txt is
>>>>>>>>> :"sdt"
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I am confused here:in the paper—
>>>>>>>>> Repeatable reverse
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> with panda:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> :
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> it is clear that:if I use the stringsearch
>>>>>>>>> and taint
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> plugin,when it
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> matches, the taint label will be put and
>>>>>>>>> then taint
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> action will start.but
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> when I use it, it seems wrong(the picture
>>>>>>>>> showed
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> before):no taint action
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> execute,and i am confused about the
>>>>>>>>> tstringsearch's
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> how can i use it to analysis?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Thanks a lot!
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> 2015-04-08 10:14 GMT+08:00 xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I get the replay file by running
>>>>>>>>> runandroid script.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> and i use
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> qemu-system-arm command just to do some
>>>>>>>>> replay work.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I may not understand you at all in this
>>>>>>>>> emal.do you
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> mean that i should
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> gdb the original program rather than the
>>>>>>>>> record
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> file?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> Thansk
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> 2015-04-08 9:52 GMT+08:00 Brendan
>>>>>>>>> Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> <brendandg at gatech.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Hmm. gdb should normally stop when you
>>>>>>>>> get a
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> segfault.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Are you by any chance running PANDA
>>>>>>>>> using the
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> runandroid script? If
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> so, you will need to instead invoke
>>>>>>>>> PANDA manually,
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> i.e.:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> gdb --args arm-softmmu/qemu-system-arm
>>>>>>>>> [...]
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> And then once it crashes, type "bt" at
>>>>>>>>> the gdb
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> prompt to get a
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> backtrace.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> On Tue, Apr 7, 2015 at 9:47 PM, xiaojuan
>>>>>>>>> Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> <xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> when gdb,it shows:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> and then i see the log:it shows
>>>>>>>>> segfault:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> 2015-04-08 9:03 GMT+08:00 xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> maybe i am wrong.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> i use the command
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> when i use taint2, after it loads
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> panda_taint2.so,it
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> shows:"taint2:instructed not to inline
>>>>>>>>> taint ops
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> .success".
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> 2015-04-08 8:54 GMT+08:00 xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> ok.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 1.I want to use taint plugin to get
>>>>>>>>> information
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> about some
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> functions(of course, it is
>>>>>>>>> closed-source),so I
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> think I can stringsearch
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> potential data and then taint them
>>>>>>>>> and next I
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> can locate the functions which
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> solves these data.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2.the command line I used is :
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> stringsearch:name=***;taint2:tainted_instructions=1.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> thanks
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2015-04-08 8:40 GMT+08:00 Brendan
>>>>>>>>> Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Could you provide:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 1. What information you're trying to
>>>>>>>>> get
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 2. The command line you're using to
>>>>>>>>> run PANDA
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> with the taint2
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> plugin
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> ?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Right now I believe taint2 does not
>>>>>>>>> produce
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> very much output by
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> default. Instead you use the
>>>>>>>>> -pandalog
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <filename> command line option, and
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> taint2 will write its results there
>>>>>>>>> in pandalog
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> format; you can then read
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> them using pandalog_reader (see
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> panda/pandalog_reader.c for details
>>>>>>>>> on that
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> tool).
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> On Tue, Apr 7, 2015 at 8:32 PM,
>>>>>>>>> xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> when I tried taint2,it showed the
>>>>>>>>> same error
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> with taint1, the
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> olny difference is that taint2 has
>>>>>>>>> no segfault
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> error,just uninit taint
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> plugin.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> 2015-04-08 8:28 GMT+08:00 Brendan
>>>>>>>>> Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Could you be a little more
>>>>>>>>> descriptive about
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> how it failed?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Segfault? Error message? Incorrect
>>>>>>>>> output?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Apr 7, 2015 at 8:27 PM,
>>>>>>>>> xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> i tried taint2 too,it failed.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 2015-04-07 5:20 GMT+08:00 Leek,
>>>>>>>>> Timothy -
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 0559 - MITLL
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also note that the “taint”
>>>>>>>>> plugin is
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> somewhat defunct.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> “taint2” is the one we are
>>>>>>>>> actively using
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> and developing.
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Tim Leek
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Technical Staff
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 781-981-2975
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> From: Brendan Dolan-Gavitt
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <brendandg at gatech.edu>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Date: Monday, April 6, 2015 at
>>>>>>>>> 5:18 PM
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> To: xiaojuan Li <
>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cc: "panda-users at mit.edu"
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <panda-users at mit.edu>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Subject: Re: [panda-users] taint
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> segmentation fault
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Could you run that under gdb and
>>>>>>>>> provide us
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> with a backtrace
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> when it crashes?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -Brendan
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sunday, April 5, 2015,
>>>>>>>>> xiaojuan Li
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <xiaotan6666 at gmail.com>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi,
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> excuse me,i have a question
>>>>>>>>> about taint
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> when I started it showed
>>>>>>>>> success:
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> but when it finished search,it
>>>>>>>>> showd
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> "uninit taint plugin
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> segementation fault"
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> how can I fix it?
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks a lot!
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users mailing list
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users at mit.edu
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> --
>>>>>>>>> >>>>>>>>>>>>>>>>> >>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>>>>>>>>>>>>> > --
>>>>>>>>> >>>>>>>>>>>>>>>>> > wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>> --
>>>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>> --
>>>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>> --
>>>>>>>>> >>>>>>>> wait and hope~~
>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>> --
>>>>>>>>> >>>>>> wait and hope~~
>>>>>>>>> >>>>>
>>>>>>>>> >>>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> --
>>>>>>>>> >>>> wait and hope~~
>>>>>>>>> >>>
>>>>>>>>> >>>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >> --
>>>>>>>>> >> wait and hope~~
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > --
>>>>>>>>> > wait and hope~~
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> wait and hope~~
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> wait and hope~~
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> wait and hope~~
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> wait and hope~~
>>>>
>>>
>>>
>>>
>>> --
>>> wait and hope~~
>>>
>>
>>
>>
>> --
>> wait and hope~~
>>
>
>
>
> --
> wait and hope~~
>
--
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9991.png
Type: image/png
Size: 28871 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0011.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9997.png
Type: image/png
Size: 14652 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0012.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory.png
Type: image/png
Size: 17898 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0013.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step114.png
Type: image/png
Size: 3468 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0014.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9992.png
Type: image/png
Size: 7433 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0015.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step113.png
Type: image/png
Size: 11292 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0016.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9994.png
Type: image/png
Size: 75160 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0017.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9995.png
Type: image/png
Size: 36437 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0018.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory1.png
Type: image/png
Size: 10131 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0019.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9996.png
Type: image/png
Size: 28838 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0020.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9993.png
Type: image/png
Size: 18787 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/bbe38571/attachment-0021.png
More information about the panda-users
mailing list