[panda-users] ARM support (was: taint segmentation fault)
Manolis Stamatogiannakis
mstamat at gmail.com
Mon Apr 27 01:04:54 EDT 2015
I'm not sure I understand your question.
In VM terminology, Linux is the only *host* operating system supported by
PANDA*. I.e. you can only run PANDA on Linux.
On the other hand, PANDA supports several *guest* operating systems. The
guest operating system is the one which is analyzed by PANDA. Win 7 is one
of the supported guests.
The authors of ida_taint apparently had interest in analyzing Win 7, so
they built their plugin specifically for that. Making the plugin working on
both Win 7 and Linux would require a lot more effort on their part.
Hope the above (although somewhat simplified) help to clear things up for
you.
Cheers,
Manolis
2015-04-26 21:16 GMT-07:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> maybe, you misunderstood me.
> i know ida_taint is designed for win7, but i have no idea why designed for
> win7?since panda is complied and running in linux.
> Thanks!
>
> 2015-04-26 23:08 GMT-04:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>
> ida_taint is designed for windows 7 guests.
>> See lines 25-27 of ida_taint.cpp where some windows 7 specific offsets
>> are defined as macros.
>>
>> M.
>>
>> 2015-04-26 19:22 GMT-07:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>
>> excuse me, i have a question about this:now that panda is used in linux,
>>> why ida_taint is designed for windows?.
>>> Thanks!
>>>
>>> 2015-04-20 23:40 GMT-04:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>>>
>>> Ok, good for starters.
>>>>
>>>> From a quick look, ida_taint.cpp contains some windows-specific offsets
>>>> in the code. So the plugin has to be rewritten for linux.
>>>> This shouldn't be too hard, provided you understand how the windows
>>>> version of the plugin works. I have no experience with windows internals,
>>>> so I can't help you here.
>>>> But if you can add some documentation on how the plugin works, I could
>>>> help you with the linux side.
>>>>
>>>> Cheers,
>>>> Manolis
>>>>
>>>>
>>>> 2015-04-20 18:54 GMT-07:00 xiaojuan Li <xiaotan6666 at gmail.com>:
>>>>
>>>> en. i use the wineconsole to run .bat,which is supported in linux.
>>>>>
>>>>> 2015-04-20 14:17 GMT-04:00 Manolis Stamatogiannakis <mstamat at gmail.com
>>>>> >:
>>>>>
>>>>>> Although I haven't tested osi_linux on arm, it should either be
>>>>>> working or *almost* working. Of course you'll have to extract the kernel
>>>>>> offsets to get it running.
>>>>>>
>>>>>> Otherwise, I have included the arm equivalents of x86-specific code
>>>>>> where I could. In any places where arm-specific code may be missing, I have
>>>>>> added #warn directives. So the plugin will compile, but the preprocessor
>>>>>> will emit warnings about the missing platform-specific code.
>>>>>>
>>>>>> Regarding Xiaojuan's problem, it could be something more trivial.
>>>>>> E.g. .bat files won't run on Linux. So if only the path was fixed in the
>>>>>> script, it won't work.
>>>>>>
>>>>>> Cheers,
>>>>>> Manolis
>>>>>>
>>>>>>
>>>>>> 2015-04-20 8:55 GMT-07:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>
>>>>>> :
>>>>>>
>>>>>>> It currently does not support anything except Windows 7, as the
>>>>>>> documentation says. It uses the OSI module, so it should be extensible
>>>>>>> fairly easily to the other operating systems OSI supports, which (thanks to
>>>>>>> Manolis) includes Linux on x86, but which I think does not include Linux on
>>>>>>> ARM.
>>>>>>>
>>>>>>> In the future, also please create a new thread for new questions,
>>>>>>> rather than using the old one!
>>>>>>>
>>>>>>> -Brendan
>>>>>>>
>>>>>>
>>>>>>> On Mon, Apr 20, 2015 at 5:51 AM, xiaojuan Li <xiaotan6666 at gmail.com>
>>>>>>>> wrote:
>>>>>>>> excuse me, i have noticed that the ida_taint plugin:"win7 only but
>>>>>>>> othre os could be easily added".
>>>>>>>> i have installed ida pro in my system(debian),modified the
>>>>>>>> ida_taint.bat with my ida path,when i use it :./ida_taint.bat name.json
>>>>>>>> qemu-system-arm
>>>>>>>> it failed. it seems not available in linux, is it?
>>>>>>>> Thanks a lot!
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> panda-users mailing list
>>>>>> panda-users at mit.edu
>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> wait and hope~~
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> wait and hope~~
>>>
>>
>>
>
>
> --
> wait and hope~~
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150426/cfeb72f6/attachment-0001.htm
More information about the panda-users
mailing list