[panda-users] taint segmentation fault
xiaojuan Li
xiaotan6666 at gmail.com
Fri Apr 17 20:46:12 EDT 2015
any suggestions?
Thanks!
2015-04-17 7:19 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> further, it stopped in case maddr:
> [image: 内嵌图片 1]
> just this "shad->ram->label(a->val.ma+a->off, ls)" sentence.
> because it is not x86_64,so the ram is SdDir32 *ram
>
> [image: 内嵌图片 2]
>
> but there is no "label" in SdDir32:
>
> [image: 内嵌图片 4]
> so there is segfault,right?
>
> Please correct me!
> Thanks a lot!
>
> 2015-04-17 4:21 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>
> i try to locate the function where it stopped:
>>
>> and it stopped in this switch-case :
>>
>>
>> i do not know why?
>>
>> Thanks a lot!
>>
>> 2015-04-17 2:31 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>
>> the question is this:
>>>
>>> it will call this method:
>>> [image: 内嵌图片 1]
>>>
>>> the segfault occurs when it labels the phys addr in memory?
>>> does it have no access to operate that mem?
>>>
>>> Thanks a lot?
>>>
>>>
>>> 2015-04-16 21:04 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>
>>> i do not know which step is wrong:
>>>> i use the avd to create the img:
>>>> and the use pandaConvert.py to convert them to qcow2;
>>>> then i use runpandroid.py(-m 512) to record and -m 512 to replay.
>>>> the size of my host system is :
>>>>
>>>> why segfault while applying taint labels?it shouldn't.
>>>>
>>>>
>>>> 2015-04-16 20:12 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>
>>>> thanks first.
>>>>> the segfault again...
>>>>>
>>>>> 2015-04-16 17:10 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
>>>>>
>>>>> The message about Hugetlb can be ignored -- it is just an optimization
>>>>>> if HugeTLB is available on your system [1].
>>>>>>
>>>>>> In general, the taint system uses 16 times as much RAM as the guest
>>>>>> system has, because it is trying to store two 64-bit pointers per byte of
>>>>>> guest memory in order to keep track of the labels that a byte of memory
>>>>>> has. This tends to make the taint system a lot faster, since many taint
>>>>>> operations simply become copies from one place to another.
>>>>>>
>>>>>> Is the taint analysis working now?
>>>>>>
>>>>>> -Brendan
>>>>>>
>>>>>> [1] http://linuxgazette.net/155/krishnakumar.html
>>>>>>
>>>>>> On Thu, Apr 16, 2015 at 5:19 AM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> sorry about the repeat question of "record -m 512"..i am just in a
>>>>>>> short circuit...
>>>>>>> now the thing is:
>>>>>>> the guest mem size is 512 when i record,mu host mem is large enough.
>>>>>>>
>>>>>>>
>>>>>>> when replay,it just try to allocate so large size,but why?
>>>>>>>
>>>>>>>
>>>>>>> thanks a lot!
>>>>>>>
>>>>>>>
>>>>>>> 2015-04-15 23:25 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>>
>>>>>>> Hi,Brendan,
>>>>>>>> i have tried it and segfault again.
>>>>>>>> my host is 16G which is large enough.
>>>>>>>> I think maybe this is not caused by size of mem.
>>>>>>>> Please correct me!
>>>>>>>> Thanks a lot!
>>>>>>>>
>>>>>>>> 2015-04-15 22:54 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>>>
>>>>>>>> i see. i am going to try.
>>>>>>>>> Thanks very much for your great patience!
>>>>>>>>>
>>>>>>>>> 2015-04-15 22:49 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>
>>>>>>>>> :
>>>>>>>>>
>>>>>>>>> Find the place in runandroid.py where it sets the amount of RAM.
>>>>>>>>>> The
>>>>>>>>>> line looks like:
>>>>>>>>>>
>>>>>>>>>> panda_cli.extend(["-kernel", kernel, "-initrd", initrd,
>>>>>>>>>> '-global', 'goldfish_nand.system_path={0}'.format(system),
>>>>>>>>>> '-global', 'goldfish_nand.user_data_path={0}'.format(data),
>>>>>>>>>> '-global', 'goldfish_nand.cache_path={0}'.format(cache),
>>>>>>>>>> '-append', KERNEL_CL,
>>>>>>>>>> '-m', '2G', '-no-reboot', '-monitor',
>>>>>>>>>> 'telnet:localhost:4321,server,nowait',
>>>>>>>>>> '-show-cursor', '-serial', 'stdio', '-serial',
>>>>>>>>>> 'telnet:localhost:4421,server,nowait',
>>>>>>>>>> '-display', 'sdl', '-global',
>>>>>>>>>> 'goldfish_mmc.sd_path={0}'.format(sdcard), '-android', '-S'])
>>>>>>>>>>
>>>>>>>>>> And change the 2G to 512. Then recreate the recording using
>>>>>>>>>> "begin_record recordingname", and run the replay with -m 512 on
>>>>>>>>>> the
>>>>>>>>>> command line.
>>>>>>>>>>
>>>>>>>>>> For a recording where the guest OS uses 512M RAM, you will need
>>>>>>>>>> 8GB on
>>>>>>>>>> the host to replay with taint. If that is too much, you can try
>>>>>>>>>> changing from 512 to 256 or lower, but you may run into trouble
>>>>>>>>>> getting Android apps to run correctly.
>>>>>>>>>>
>>>>>>>>>> Hope this helps,
>>>>>>>>>> Brendan
>>>>>>>>>>
>>>>>>>>>> On Wed, Apr 15, 2015 at 10:45 PM, xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> > i have a question that:i set the mem of img created by avd is
>>>>>>>>>> 8G?and then
>>>>>>>>>> > when i boot the emulator i modify the runpandroid.py with -m
>>>>>>>>>> 512 to
>>>>>>>>>> > begin_record?
>>>>>>>>>> > (i tried to use "begin_record name -m 512", it seems not right.)
>>>>>>>>>> > i do not clear enough that "record with -m 512"
>>>>>>>>>> > Thanks a lot
>>>>>>>>>> >
>>>>>>>>>> > 2015-04-15 22:39 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>>>>>>> >
>>>>>>>>>> >> i use the runpandroid.py to create, and the mem is 2G.
>>>>>>>>>> >> I am going to set the required mem to do and thanks a lot.
>>>>>>>>>> >>
>>>>>>>>>> >> 2015-04-15 22:28 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>>> >>
>>>>>>>>>> >>> How much RAM is installed on the system you're trying to use
>>>>>>>>>> to replay? A
>>>>>>>>>> >>> recording with 512M will need at least 8GB of RAM to replay
>>>>>>>>>> with taint.
>>>>>>>>>> >>>
>>>>>>>>>> >>> -Brendan
>>>>>>>>>> >>>
>>>>>>>>>> >>> On Wed, Apr 15, 2015 at 10:27 PM, xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>>> >>> wrote:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> it seems does not work.
>>>>>>>>>> >>>> i set the -m 512 before record,when replay it still shows
>>>>>>>>>> segmentation
>>>>>>>>>> >>>> fault.
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> 2015-04-15 22:09 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>> Yes, you need to record with -m 512. Just trying to replay
>>>>>>>>>> the existing
>>>>>>>>>> >>>>> recording with -m 512 will not work.
>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>> -Brendan
>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>> On Wed, Apr 15, 2015 at 10:08 PM, xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>> wrote:
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>> the question is can begin_record with "-m 512" args?
>>>>>>>>>> >>>>>> I just set the img's ram size is 512.and if i replay it
>>>>>>>>>> with "-m
>>>>>>>>>> >>>>>> 512",it just be aborted
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>> Thanks
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>> 2015-04-15 22:01 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>> The problem is that you are giving the system too much
>>>>>>>>>> RAM – you need
>>>>>>>>>> >>>>>>> to remake the recording with -m 512. Currently the taint
>>>>>>>>>> system tries to
>>>>>>>>>> >>>>>>> reserve 16x as much RAM as the guest system for taint, so
>>>>>>>>>> for 2GB of guest
>>>>>>>>>> >>>>>>> RAM it's trying to reserve 32GB.
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>> -Brendan
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>> On Wed, Apr 15, 2015 at 9:08 PM, xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>> wrote:
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>> Hi,Brendan,
>>>>>>>>>> >>>>>>>> I have done it from the begin(convert img to qcow2),then
>>>>>>>>>> i replay it
>>>>>>>>>> >>>>>>>> with taint2 plugin,
>>>>>>>>>> >>>>>>>> when it tstringsearch the maching, it just shows
>>>>>>>>>> "segmentation
>>>>>>>>>> >>>>>>>> fault",but i notice that it also tstringsearch the
>>>>>>>>>> unmatching and there is
>>>>>>>>>> >>>>>>>> no segfault.
>>>>>>>>>> >>>>>>>> here is, my test string is "passwordisqemua":
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>> Thanks!
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>> 2015-04-15 13:05 GMT-04:00 Brendan Dolan-Gavitt <
>>>>>>>>>> mooyix at gmail.com>:
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>> Hi,
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>> It looks like the problem is that it's trying to
>>>>>>>>>> allocate much more
>>>>>>>>>> >>>>>>>>> RAM than you are likely to have available: 34359738368
>>>>>>>>>> bytes, or 32 GiB.
>>>>>>>>>> >>>>>>>>> This may be because you are using a fairly large amount
>>>>>>>>>> of RAM for the
>>>>>>>>>> >>>>>>>>> Android system; could you try reducing that to 512M and
>>>>>>>>>> seeing if that fixes
>>>>>>>>>> >>>>>>>>> the problem?
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>> On Wed, Apr 15, 2015 at 4:26 AM, xiaojuan Li
>>>>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>> could you share any ways how do you do with it?even
>>>>>>>>>> though now
>>>>>>>>>> >>>>>>>>>> the bug is not fixed?
>>>>>>>>>> >>>>>>>>>> Thanks a lot!
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>> 2015-04-13 22:05 GMT-04:00 Brendan Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>> <mooyix at gmail.com>:
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>> Yes, I downloaded the .rr and have reproduced your
>>>>>>>>>> issue. I will
>>>>>>>>>> >>>>>>>>>>> look into it and see if I can get the bug fixed!
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>> On Mon, Apr 13, 2015 at 10:04 PM, xiaojuan Li
>>>>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>> could you download that .rr correctly?
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>> 2015-04-13 10:05 GMT-04:00 xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>> yeah,i did not get seg fault when i reproduce the
>>>>>>>>>> tainted
>>>>>>>>>> >>>>>>>>>>>>> instructions tutorial.
>>>>>>>>>> >>>>>>>>>>>>> Thanks for your patience very much!
>>>>>>>>>> >>>>>>>>>>>>> your guys' work is great! do not say sorry.
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>> my command line is:(in /qemu/arm-softmmu
>>>>>>>>>> >>>>>>>>>>>>> directory)./qemu-system-arm -m 2G -replay ime4-13
>>>>>>>>>> -M android_arm -kernel
>>>>>>>>>> >>>>>>>>>>>>> /dev/null -android -panda
>>>>>>>>>> "stringsearch:name=1;tstringsearch;tainted_instr";
>>>>>>>>>> >>>>>>>>>>>>> the content of 1_search_strings.txt is: "cipher";
>>>>>>>>>> >>>>>>>>>>>>> here is my .rr file:
>>>>>>>>>> >>>>>>>>>>>>> http://pan.baidu.com/s/1gdCfTSn
>>>>>>>>>> >>>>>>>>>>>>> (sorry for taking so long time to upload .rr)
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>> Thanks again!
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>> 2015-04-13 8:58 GMT-04:00 Leek, Timothy - 0559 -
>>>>>>>>>> MITLL
>>>>>>>>>> >>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> Uninit taint plugin *should* display at the end of
>>>>>>>>>> the run.
>>>>>>>>>> >>>>>>>>>>>>>> That is not an error. It is just a message. You
>>>>>>>>>> aren't getting a seg fault
>>>>>>>>>> >>>>>>>>>>>>>> when you reproduce the tainted instructions
>>>>>>>>>> tutorial, though. Right?
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> I don't know what's wrong with your android run.
>>>>>>>>>> We could try
>>>>>>>>>> >>>>>>>>>>>>>> to reproduce and debug. Can you give us your
>>>>>>>>>> replay? Package it up with
>>>>>>>>>> >>>>>>>>>>>>>> scripts/rrpack.py. Stick the .rr file somewhere
>>>>>>>>>> we can get it. And give us
>>>>>>>>>> >>>>>>>>>>>>>> your complete command line. And the string search
>>>>>>>>>> file.
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> That said -- we are fairly swamped right now. So
>>>>>>>>>> might take a
>>>>>>>>>> >>>>>>>>>>>>>> bit. Sorry!
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> Cheers.
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> Tim
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> ________________________________
>>>>>>>>>> >>>>>>>>>>>>>> From: xiaojuan Li [xiaotan6666 at gmail.com]
>>>>>>>>>> >>>>>>>>>>>>>> Sent: Monday, April 13, 2015 8:27 AM
>>>>>>>>>> >>>>>>>>>>>>>> To: Leek, Timothy - 0559 - MITLL;
>>>>>>>>>> panda-users at mit.edu; Brendan
>>>>>>>>>> >>>>>>>>>>>>>> Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation fault
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> let me describe how can i get my test snp:
>>>>>>>>>> >>>>>>>>>>>>>> first i boot android emulator,begin_record, do
>>>>>>>>>> some operations
>>>>>>>>>> >>>>>>>>>>>>>> in emulator,end_record. then i use it to replay to
>>>>>>>>>> taint the data i input
>>>>>>>>>> >>>>>>>>>>>>>> before.
>>>>>>>>>> >>>>>>>>>>>>>> (by the way, though i can get the result of the
>>>>>>>>>> tutorial,it
>>>>>>>>>> >>>>>>>>>>>>>> shows "uninit taint plugin" end of the result).
>>>>>>>>>> >>>>>>>>>>>>>> Thanks!
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> 2015-04-13 8:14 GMT-04:00 xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>> Thanks first.
>>>>>>>>>> >>>>>>>>>>>>>>> I tried it before and can get the result
>>>>>>>>>> described in the
>>>>>>>>>> >>>>>>>>>>>>>>> tutorial,but when turn to my snp, it still shows
>>>>>>>>>> "segfault".
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>> 2015-04-13 7:26 GMT-04:00 Leek, Timothy - 0559 -
>>>>>>>>>> MITLL
>>>>>>>>>> >>>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> Maybe try git pull. Then make distclean in qemu
>>>>>>>>>> dir. Then
>>>>>>>>>> >>>>>>>>>>>>>>>> make. Then try the tutorial. Should work.
>>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>> Tim Leek
>>>>>>>>>> >>>>>>>>>>>>>>>> Technical Staff
>>>>>>>>>> >>>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>>>>> >>>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>>>>> >>>>>>>>>>>>>>>> 781-981-2975
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> From: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>> Date: Sunday, April 12, 2015 at 11:41 PM
>>>>>>>>>> >>>>>>>>>>>>>>>> To: Brendan Dolan-Gavitt <brendandg at gatech.edu>,
>>>>>>>>>> >>>>>>>>>>>>>>>> "panda-users at mit.edu" <panda-users at mit.edu>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> Subject: Re: [panda-users] taint segmentation
>>>>>>>>>> fault
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> yeah.i fail to taint both in using sshkeygen and
>>>>>>>>>> my test
>>>>>>>>>> >>>>>>>>>>>>>>>> snp.
>>>>>>>>>> >>>>>>>>>>>>>>>> here is the result of following the steps in the
>>>>>>>>>> tutorial:
>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> 2015-04-13 11:34 GMT+08:00 Brendan Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> Are you able to follow the steps in the
>>>>>>>>>> tutorial (using the
>>>>>>>>>> >>>>>>>>>>>>>>>>> sshkeygen
>>>>>>>>>> >>>>>>>>>>>>>>>>> replay)? Or does that fail as well?
>>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> On Sun, Apr 12, 2015 at 11:27 PM, xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> > thanks first. i cannot either.
>>>>>>>>>> >>>>>>>>>>>>>>>>> > just segfault while tainting.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>>> >>>>>>>>>>>>>>>>> > 2015-04-13 4:52 GMT+08:00 Leek, Timothy -
>>>>>>>>>> 0559 - MITLL
>>>>>>>>>> >>>>>>>>>>>>>>>>> > <tleek at ll.mit.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Also, just a check. Are you able to
>>>>>>>>>> reproduce the
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> results here?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> https://github.com/moyix/panda/blob/master/docs/tainted_instructions.md
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Tim Leek
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Technical Staff
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Cyber System Assessments
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> MIT Lincoln Laboratory
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> 781-981-2975
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> From: Brendan Dolan-Gavitt <
>>>>>>>>>> brendandg at gatech.edu>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Date: Sunday, April 12, 2015 at 4:04 PM
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> To: xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Cc: "panda-users at mit.edu" <
>>>>>>>>>> panda-users at mit.edu>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> Subject: Re: [panda-users] taint
>>>>>>>>>> segmentation fault
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> A few things:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> 1. Did you make sure to do a make clean and
>>>>>>>>>> then re-run
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> build.sh after
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> updating? I got a segfault just after taint
>>>>>>>>>> was turned
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> on as well until I
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> did a make clean and re-ran build.sh.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> 2. Are you running this on a 64-bit system?
>>>>>>>>>> What kernel
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> version?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> On Sun, Apr 12, 2015 at 9:16 AM, xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> <xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> any suggestions? about segmentation fault?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> and after my test,I make sure it is not
>>>>>>>>>> caused by
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> insufficient memory.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> Thanks a lot!
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> 2015-04-11 11:59 GMT+08:00 xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> <xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> excuse me:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> I try to fix the segmentation error:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> and find this piece of code:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> do you mean that it doesn't support so
>>>>>>>>>> large byte?or
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> it doesn't support
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> for android arm?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> in the doc I noticed that network tainting
>>>>>>>>>> is not
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> supported for arm
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> architecture,and the string I tainted was
>>>>>>>>>> something
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> may go through the
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> network.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> Thanks!
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> 2015-04-09 21:30 GMT+08:00 xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> <xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Now that the panda taint.md is not
>>>>>>>>>> fresh,can you guys
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> give me some
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> help?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I use the replay plugin,here is my
>>>>>>>>>> command and the
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> the content of pk_search_strings.txt is
>>>>>>>>>> :"sdt"
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> I am confused here:in the paper—
>>>>>>>>>> Repeatable reverse
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> with panda:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> :
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> it is clear that:if I use the
>>>>>>>>>> stringsearch and taint
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> plugin,when it
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> matches, the taint label will be put and
>>>>>>>>>> then taint
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> action will start.but
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> when I use it, it seems wrong(the picture
>>>>>>>>>> showed
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> before):no taint action
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> execute,and i am confused about the
>>>>>>>>>> tstringsearch's
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> result.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> how can i use it to analysis?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> Thanks a lot!
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> 2015-04-08 10:14 GMT+08:00 xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I get the replay file by running
>>>>>>>>>> runandroid script.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> and i use
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> qemu-system-arm command just to do some
>>>>>>>>>> replay work.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> I may not understand you at all in this
>>>>>>>>>> emal.do you
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> mean that i should
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> gdb the original program rather than the
>>>>>>>>>> record
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> file?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> Thansk
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> 2015-04-08 9:52 GMT+08:00 Brendan
>>>>>>>>>> Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> <brendandg at gatech.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Hmm. gdb should normally stop when you
>>>>>>>>>> get a
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> segfault.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> Are you by any chance running PANDA
>>>>>>>>>> using the
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> runandroid script? If
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> so, you will need to instead invoke
>>>>>>>>>> PANDA manually,
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> i.e.:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> gdb --args arm-softmmu/qemu-system-arm
>>>>>>>>>> [...]
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> And then once it crashes, type "bt" at
>>>>>>>>>> the gdb
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> prompt to get a
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> backtrace.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> On Tue, Apr 7, 2015 at 9:47 PM,
>>>>>>>>>> xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> <xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> when gdb,it shows:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> and then i see the log:it shows
>>>>>>>>>> segfault:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> 2015-04-08 9:03 GMT+08:00 xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> maybe i am wrong.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> i use the command
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> line:"taint2:label_mode=binary,query_outgoing_network=1"and I found that
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> when i use taint2, after it loads
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> panda_taint2.so,it
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> shows:"taint2:instructed not to
>>>>>>>>>> inline taint ops
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> .success".
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> 2015-04-08 8:54 GMT+08:00 xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> <xiaotan6666 at gmail.com>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> ok.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 1.I want to use taint plugin to get
>>>>>>>>>> information
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> about some
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> functions(of course, it is
>>>>>>>>>> closed-source),so I
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> think I can stringsearch
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> potential data and then taint them
>>>>>>>>>> and next I
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> can locate the functions which
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> solves these data.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2.the command line I used is :
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> stringsearch:name=***;taint2:tainted_instructions=1.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> thanks
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> 2015-04-08 8:40 GMT+08:00 Brendan
>>>>>>>>>> Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Could you provide:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 1. What information you're trying
>>>>>>>>>> to get
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> 2. The command line you're using to
>>>>>>>>>> run PANDA
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> with the taint2
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> plugin
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> ?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> Right now I believe taint2 does not
>>>>>>>>>> produce
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> very much output by
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> default. Instead you use the
>>>>>>>>>> -pandalog
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <filename> command line option, and
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> taint2 will write its results there
>>>>>>>>>> in pandalog
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> format; you can then read
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> them using pandalog_reader (see
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> panda/pandalog_reader.c for details
>>>>>>>>>> on that
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> tool).
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> On Tue, Apr 7, 2015 at 8:32 PM,
>>>>>>>>>> xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> when I tried taint2,it showed the
>>>>>>>>>> same error
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> with taint1, the
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> olny difference is that taint2 has
>>>>>>>>>> no segfault
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> error,just uninit taint
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> plugin.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> 2015-04-08 8:28 GMT+08:00 Brendan
>>>>>>>>>> Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> <brendandg at gatech.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Could you be a little more
>>>>>>>>>> descriptive about
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> how it failed?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> Segfault? Error message?
>>>>>>>>>> Incorrect output?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Apr 7, 2015 at 8:27 PM,
>>>>>>>>>> xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>> <xiaotan6666 at gmail.com> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> i tried taint2 too,it failed.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 2015-04-07 5:20 GMT+08:00 Leek,
>>>>>>>>>> Timothy -
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> 0559 - MITLL
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> <tleek at ll.mit.edu>:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also note that the “taint”
>>>>>>>>>> plugin is
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> somewhat defunct.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> “taint2” is the one we are
>>>>>>>>>> actively using
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> and developing.
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Tim Leek
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Technical Staff
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cyber System Assessments
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> MIT Lincoln Laboratory
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 781-981-2975
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> From: Brendan Dolan-Gavitt
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <brendandg at gatech.edu>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Date: Monday, April 6, 2015 at
>>>>>>>>>> 5:18 PM
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> To: xiaojuan Li <
>>>>>>>>>> xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cc: "panda-users at mit.edu"
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <panda-users at mit.edu>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Subject: Re: [panda-users] taint
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> segmentation fault
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Could you run that under gdb
>>>>>>>>>> and provide us
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> with a backtrace
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> when it crashes?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -Brendan
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sunday, April 5, 2015,
>>>>>>>>>> xiaojuan Li
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <xiaotan6666 at gmail.com>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi,
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> excuse me,i have a question
>>>>>>>>>> about taint
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> plugin:(stringsearch:name=***;taint:tainted_instructions=1)
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> when I started it showed
>>>>>>>>>> success:
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> but when it finished search,it
>>>>>>>>>> showd
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> "uninit taint plugin
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> segementation fault"
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> how can I fix it?
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks a lot!
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users mailing list
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> panda-users at mit.edu
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> --
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>>> >>>>>>>>>>>>>>>>> >
>>>>>>>>>> >>>>>>>>>>>>>>>>> > --
>>>>>>>>>> >>>>>>>>>>>>>>>>> > wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>> --
>>>>>>>>>> >>>>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >>>>>>>> --
>>>>>>>>>> >>>>>>>> wait and hope~~
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>>
>>>>>>>>>> >>>>>> --
>>>>>>>>>> >>>>>> wait and hope~~
>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> --
>>>>>>>>>> >>>> wait and hope~~
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >> --
>>>>>>>>>> >> wait and hope~~
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > --
>>>>>>>>>> > wait and hope~~
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> wait and hope~~
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> wait and hope~~
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> wait and hope~~
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> wait and hope~~
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> wait and hope~~
>>>>
>>>
>>>
>>>
>>> --
>>> wait and hope~~
>>>
>>
>>
>>
>> --
>> wait and hope~~
>>
>
>
>
> --
> wait and hope~~
>
--
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory1.png
Type: image/png
Size: 10131 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0011.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9996.png
Type: image/png
Size: 28838 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0012.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9991.png
Type: image/png
Size: 28871 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0013.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9994.png
Type: image/png
Size: 75160 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0014.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9992.png
Type: image/png
Size: 7433 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0015.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9993.png
Type: image/png
Size: 18787 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0016.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step113.png
Type: image/png
Size: 11292 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0017.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9995.png
Type: image/png
Size: 36437 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0018.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: step114.png
Type: image/png
Size: 3468 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0019.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tstring9997.png
Type: image/png
Size: 14652 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0020.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memory.png
Type: image/png
Size: 17898 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150417/48a28d87/attachment-0021.png
More information about the panda-users
mailing list