[panda-users] about asidstory plugin

xiaojuan Li xiaotan6666 at gmail.com
Sun Apr 26 01:43:59 EDT 2015 

Thanks! I will try it after this stage or using another way.

2015-04-23 11:32 GMT-04:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:

> Asidstory requires the OSI plugin to get information about the guest OS.
> Since you're running this on Android, which is Linux-based, you would want
> to use a command line like:
>
> -panda 'osi_linux;osi;asidstory'
>
> The osi_linux plugin needs a configuration file that specifies the offsets
> of various kernel data structure members. You can see an example here:
>
>
> https://github.com/moyix/panda/blob/master/qemu/panda_plugins/osi_linux/kernelinfo.conf
>
> Unfortunately getting this information for Android is tricky – the usual
> way is to load a kernel module that prints out the offsets for you. It is
> possible you can use some of the steps from Volatility's Android code to
> help out here, but there will be some extra work involved in getting the
> information in a form usable by osi_linux.
>
>
> https://github.com/volatilityfoundation/volatility/wiki/Android#build-a-volatility-profile
>
> Hope this helps,
> Brendan
>
> On Thu, Apr 23, 2015 at 3:33 AM, xiaojuan Li <xiaotan6666 at gmail.com>
> wrote:
>
>> Thanks.
>> i noticed the note in asidstory.cpp:"collect the set of asids (cr3 on
>> x86)..."
>> but now that PANDA uses qemu and do something to extend,  it seems can
>> translate micro ops to llvm, why replay android failed?
>>
>> 2015-04-23 3:24 GMT-04:00 Aleksandar Nikolich <anikolich at sourcefire.com>:
>>
>> Ah, I missed that you were trying to replay android . AFAIK asidstory
>>> requires a suitable os introspection plugin.
>>>
>>>
>>> On Thursday, April 23, 2015, Aleksandar Nikolich <
>>> anikolich at sourcefire.com> wrote:
>>>
>>>> Ah, I missed that you were trying to replay absurd. AFAIK asidstory
>>>> requires a suitable os introspection plugin.
>>>>
>>>> On Thursday, April 23, 2015, xiaojuan Li <xiaotan6666 at gmail.com> wrote:
>>>>
>>>>> Thanks first!
>>>>> the thing is i use the qemu-system-arm to replay,and i add the
>>>>> "win7x86intro" plugin, it does not work.(still segfault)
>>>>>
>>>>> 2015-04-23 3:12 GMT-04:00 Aleksandar Nikolich <
>>>>> anikolich at sourcefire.com>:
>>>>>
>>>>>> You need to add "win7x86intro" plug-in too and it should work.
>>>>>>
>>>>>>
>>>>>> On Thursday, April 23, 2015, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>> I tried the asidstory plugin: -replay ******* -panda 'asidstory'
>>>>>>> and then segfault:
>>>>>>>
>>>>>>> ************************************************************************************
>>>>>>> adding
>>>>>>> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_asidstory.so
>>>>>>> to panda_plugin_files 0
>>>>>>> emulator: registered 'boot-properties' qemud service
>>>>>>> emulator: Adding boot property: 'dalvik.vm.heapsize' = '48m'
>>>>>>> emulator: Adding boot property: 'qemu.sf.fake_camera' = 'both'
>>>>>>> emulator: Adding boot property: 'qemu.hw.mainkeys' = '0'
>>>>>>> loading
>>>>>>> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_asidstory.so
>>>>>>> Initializing plugin asidstory
>>>>>>> panda_require: osi
>>>>>>> loading
>>>>>>> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_osi.so
>>>>>>> Success
>>>>>>> Success
>>>>>>> goldfish_add_device: goldfish_device_bus, base ff001000 1000, irq 1 1
>>>>>>> goldfish_device_bus: ff001000     30
>>>>>>> goldfish_add_device: goldfish_int, base ff000000 1000, irq 0 0
>>>>>>> goldfish_int: ff000000     38
>>>>>>> goldfish_add_device: goldfish_timer, base ff003000 1000, irq 3 1
>>>>>>> goldfish_timer: ff003000     40
>>>>>>> goldfish_add_device: goldfish_rtc, base ff010000 1000, irq 10 1
>>>>>>> goldfish_rtc: ff010000     48
>>>>>>> goldfish_add_device: goldfish_tty, base ff002000 1000, irq 4 1
>>>>>>> goldfish_tty: ff002000     50
>>>>>>> android_arm_init serial 1 0
>>>>>>> android_arm_init serial 2 0
>>>>>>> android_arm_init serial 3 0
>>>>>>> goldfish_add_device: smc91x, base ff011000 1000, irq 11 1
>>>>>>> goldfish_add_device: goldfish_fb, base ff012000 1000, irq 12 1
>>>>>>> goldfish_fb: ff012000     68
>>>>>>> Using tmpfile for SD card: /tmp/android-shentanli/emulator-pQEpMo
>>>>>>> goldfish_add_device: goldfish_mmc, base ff005000 1000, irq 13 1
>>>>>>> goldfish_mmc: ff005000     70
>>>>>>> goldfish_add_device: goldfish_memlog, base ff006000 1000, irq 0 0
>>>>>>> goldfish_memlog: ff006000     78
>>>>>>> goldfish_add_device: goldfish-battery, base ff013000 1000, irq 14 1
>>>>>>> goldfish-battery: ff013000     80
>>>>>>> goldfish_add_device: goldfish_events, base ff014000 1000, irq 15 1
>>>>>>> goldfish_events: ff014000     88
>>>>>>> Using event IRQ
>>>>>>> Invalid system partition size for non-QCOW image: 0emulator:
>>>>>>> geometry says there are 0 blocks
>>>>>>>
>>>>>>> emulator: Dev size of /tmp/android-shentanli/emulator-U4lzIR is 0
>>>>>>>
>>>>>>> Invalid data partition size for non-QCOW image: 0emulator: Dev size
>>>>>>> 0x0 came from argument
>>>>>>>
>>>>>>> emulator: geometry says there are 0 blocks
>>>>>>>
>>>>>>> emulator: Dev size of /tmp/android-shentanli/emulator-DAYKEk is 0
>>>>>>>
>>>>>>> emulator: Dev size 0x0 came from argument
>>>>>>>
>>>>>>> emulator: geometry says there are 0 blocks
>>>>>>>
>>>>>>> emulator: Dev size of /tmp/android-shentanli/emulator-KUsYAN is 0
>>>>>>>
>>>>>>> goldfish_add_device: goldfish_nand, base ff015000 1000, irq 16 1
>>>>>>> goldfish_nand: ff015000     90
>>>>>>> goldfish_add_device: qemu_pipe, base ff016000 2000, irq 17 1
>>>>>>> qemu_pipe: ff016000     98
>>>>>>> emulator: control console listening on port 5554, ADB on port 5555
>>>>>>> emulator: can't connect to ADB server: Connection refused
>>>>>>> emulator: Realistic sensor emulation is not available, since the
>>>>>>> remote controller is not accessible:
>>>>>>>  Connection refused
>>>>>>> loading snapshot
>>>>>>> emulator: Adding boot property: 'dalvik.vm.heapsize' = '48m'
>>>>>>> emulator: Adding boot property: 'qemu.sf.fake_camera' = 'both'
>>>>>>> emulator: Adding boot property: 'qemu.hw.mainkeys' = '0'
>>>>>>> ... done.
>>>>>>>
>>>>>>> Logging all cpu states
>>>>>>> CPU #0:
>>>>>>> R00=0000002f R01=a7d24020 R02=b6ee030c R03=b5312114
>>>>>>> R04=a7bd4908 R05=a7d240a0 R06=a7bd4800 R07=000000c5
>>>>>>> R08=b6f13d94 R09=a7d240dc R10=00000000 R11=aefc7980
>>>>>>> R12=a7bd4818 R13=c1ba5ff8 R14=b6ee0318 R15=ffff0008
>>>>>>> PSR=40000093 -Z-- A svc32
>>>>>>> opening nondet log for read :    ./read-256-smaller-rr-nondet.log
>>>>>>> Segmentation fault (core dumped)
>>>>>>>
>>>>>>> *************************************************************************************
>>>>>>>
>>>>>>> and then gdb find this:
>>>>>>>
>>>>>>> ---------------------------------------------------------------------------------------------------------
>>>>>>> Using host libthread_db library
>>>>>>> "/lib/x86_64-linux-gnu/libthread_db.so.1".
>>>>>>> Core was generated by `./qemu-system-arm -m 256 -replay
>>>>>>> read-256-smaller -M android_arm -kernel /dev/n'.
>>>>>>> Program terminated with signal 11, Segmentation fault.
>>>>>>> #0  asidstory_before_block_exec (env=<optimized out>, tb=<optimized
>>>>>>> out>)
>>>>>>>     at asidstory.cpp:207
>>>>>>> 207        if (pid_ok(p->pid)) {
>>>>>>> (gdb) print p->pid
>>>>>>> $1 = 0
>>>>>>>
>>>>>>> ----------------------------------------------------------------------------------------------------------
>>>>>>> the func pid_ok just allows pid>=4 but why?
>>>>>>> [image: 内嵌图片 1]
>>>>>>>
>>>>>>> could you spare some time to check this plugin?
>>>>>>> Thanks!
>>>>>>>
>>>>>>> --
>>>>>>> wait and hope~~
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> wait and hope~~
>>>>>
>>>>
>>
>>
>> --
>> wait and hope~~
>>
>> _______________________________________________
>> panda-users mailing list
>> panda-users at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>
>>
>


-- 
wait and hope~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150426/5dc8d13f/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asidtory.png
Type: image/png
Size: 4134 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20150426/5dc8d13f/attachment.png

More information about the panda-users mailing list