<div dir="ltr"><div><div><div>For i386-softmmu + latest debian stable osi_linux should work out of the box. (This is the setup I used to develop it, so you shouldn't even have to extract new offsets.)<br><br></div>Can you try using osi_test plugin instead of your plugin?<br><br></div>Also, where does your LD_LIBRARY_PATH points to? Make sure it loads the PANDA plugins from i386-softmmu directory.<br><br></div>M.<br><div><div><div><br><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-17 11:14 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Nope that time, I used x86_64-softmmu (for windows worked fine), but I tried again with i386-softmmu and it is the same thing.<br>There must be a problem of offset as you said. I extracted the offsets for osi_linux using the kernelinfo module, so I don't know what can be wrong.<br><br>The Guest OS I am working on is a Debian 7.8.0 32bit.<div><br></div><div>I don't know how to solve.<br><br>P.S: I am not using records but live execution (./qemu-system-i386 -m 1G -monitor stdio -hda debian.iso -panda 'osi;osi_linux;my_plugin')</div></div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote">Il giorno ven 17 apr 2015 alle ore 20:01 Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Junk -> reading from the wrong location -> the offsets you are using do not match your setup.<br><br>Did you recapture your traces on i386-softmmu?<br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-17 10:38 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:</div></div><div class="gmail_extra"><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">OK, I tried just now to retrieve the name of the current process when in kernel mode (after a sysenter instruction OF35) but if I print the name or the pid of the process, I get strange values. (Notice that I deleted the rows where the process name is N/A)<div>Here an example of the output:</div><div><img style="max-width:100%" src="cid:14cc872bb4e5376ce271"><br><div>I do the same this in windows and work just fine, but in linux seems not to work. Any idea about the reason?</div><div><br></div><div>Thanks.</div><span><font color="#888888"><div><br></div><div>- Simone</div></font></span><div><div><div><br></div><div><div class="gmail_quote">Il giorno ven 17 apr 2015 alle ore 17:56 Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>You need to call get_current_process() when your process runs in kernel mode. Since you are interested in syscalls, injecting the call in instrumentation after SYSENTER instruction would work.<br><br></div>This is a known limitation of the current implementation. The problem is that calculating the task struct address of the running process while in user mode is complicated.<br>It should be doable (debianwheezyx86intro does it), but requires to extract additional kernel version specific offsets. If you have time to investigate and fix this, it would be great.<br><br></div>Working around this limitation isn't hard. Retrieve the process info when in kernel mode. Map the info to the physical address of the PGD (do a virt->phys conversion of the address in the OsiProc struct). Retrieve the info when you need it in user mode (PGD is stored in CR3 register).<br></div><div><div><br>There was another discussion on the subject in a previous thread involving Igor, Brendan and myself.<br><br></div><div>Cheers,<br></div><div>M.<br></div><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-17 0:53 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:</div></div></div></div></div></div></div></div><div dir="ltr"><div><div><div><div><div><div class="gmail_extra"><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<br><br>I am a little confused at the moment.<br>Let me try to explain what is my purpose.<div><br></div><div>I implemented a plugin that retrieve the syscall parameters from the syscalls called by a specific process in windows. To do that I used the Osi Plugin to intercept the current process in execution using the method "<span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">OsiProc</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent"> </span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;font-weight:bold;background-color:transparent">*</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">current</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent"> </span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;font-weight:bold;background-color:transparent">=</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent"> </span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">get_current_process</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">(</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">env</span><span style="color:inherit;font-family:Menlo,"Liberation Mono",Consolas,"DejaVu Sans Mono","Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:inherit;line-height:1.5;background-color:transparent">);</span><span style="line-height:1.5;font-size:13.2px">" from the osi plugin, and it works well.<br><br>I need now to do the same thing for in a Linux x86 SO (Debian or Ubuntu), so I tried to use the Osi plugin as well but I noticed that that function return null at every execution. I thought that the problem is that the way a process is represented in linux is different from the one in windows, so I tried to use the osi_linux plugin together with the osi one but up to now I wasn't able to run the osi plugin.<br><br>Is this reasonable?</span></div><div><span style="line-height:1.5;font-size:13.2px"><br></span></div><div><span style="line-height:1.5;font-size:13.2px">Thanks.</span></div><span><font color="#888888"><div><span style="line-height:1.5;font-size:13.2px"><br></span></div><div><span style="line-height:1.5;font-size:13.2px">- Simone</span></div></font></span></div><div><div><br><div class="gmail_quote">Il giorno gio 16 apr 2015 alle ore 21:04 Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2015-04-16 11:06 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:</div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p dir="ltr">64bit? <br>
The OSI plugin work only for x86 OSes, am I wrong?<br></p></blockquote><div><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>The osi plugin is just a skeleton. It should work with anything at all.<br><br></div><div>I think there was a mention in the list that the windows introspection would work only with 32bit windows - maybe this confused you. But this is mostly a limitation of qemu (IIRC it can't run 64bit windows in the version PANDA is based upon).<br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p dir="ltr">
Anyway my host system is a 64bit OS while the OS I want introspect is 32 bit. I hope it work.</p></blockquote><div><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>I don't think it will work. A lot of arithmetic in the plugin requires to know the width of the address of the guest. It is assumed that this matches the address width of the qemu target (8bytes for x86_64-softmmu). This is set by the PTR macro in osi_linux.h.<br><br></div><div>Maybe, you can make it work if you #define target_ulong as a 4byte long type when compiling osi_linux. If you have time to try this and it turns out it works, let us know.<br><br>But unless you have already amassed a trove of PANDA traces from 32bit linux running on x86_64-softmmu, it would be simpler to just use i386-softmmu.<br><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>M.<br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<p dir="ltr">Thanks for the help,</p>
<p dir="ltr">- Simone</p><div><div>
<br><div class="gmail_quote">Il giorno gio 16 apr 2015 17:55 Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div>There is a default kernel group hardwired in the source.<br><br>You should point to the proper kernel group of your kernelinfo using the kconf_group parameter. You can also point to the exact location of your kernelinfo with the kconf_file parameter (but usually a softlink is faster :) : "osi;osi_linux:kconf_file=...,kconf_group=...;osi_test"<br></div><br></div>Btw, you don't have to manually extract and parse the dmesg output. kernelinfo_parse.py script does this for you, so you only need to append its output to your kernelinfo file. Also, make sure that your guest OS is also 64 bit.<br></div><div><br></div>Cheers,<br></div>Manolis<br><div><div><div><div><br><div><div><br></div></div></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-16 7:51 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:</div></div><div class="gmail_extra"><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Manolis,<br><br><div>I created the kernelinfo.conf file, but I do not understand where I have to put it in order to make the osi_linux plugin work.<br>It gives me this error when I try to run panda with this command line --> ./qemu-system-x86_64 -m 1G -monitor stdio -hda ../../../challdeb.img -loadvm booted -panda 'osi;osi_linux;osi_test'</div><div><br></div><img style="max-width:100%" src="cid:14cc2b5a165384d07891"><div>What am I doing wrong?</div><div><br></div><div>Thanks</div><span><font color="#888888"><div><br></div><div>-Simone</div></font></span><div><div><br><div class="gmail_quote">Il giorno gio 16 apr 2015 alle ore 15:36 Simone Mazzoni <<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<br><br><div>I extracted the parameters from the OS kernel that I want introspect.<br><br>The parameters are these:</div><div><br></div><div><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.872169] --KERNELINFO-BEGIN--</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873067] name = #1 SMP Debian 3.2.65-1+deb7u2 i686</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873114] task.size = 1060</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873249] #task.init_addr = 0xC13E2FE0</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873279] task.init_addr = 3242078176</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873310] task.task_offset = 0</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873356] task.tasks_offset = 212</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873394] task.pid_offset = 292</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873420] task.tgid_offset = 296</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873447] task.group_leader_offset = 328</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873475] task.thread_group_offset = 384</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873504] task.real_parent_offset = 304</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873532] task.parent_offset = 308</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873559] task.mm_offset = 240</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873586] task.stack_offset = 4</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873615] task.real_cred_offset = 504</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873642] task.cred_offset = 508</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873668] task.comm_offset = 516</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873693] task.comm_size = 16</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873722] cred.uid_offset = 4</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873749] cred.gid_offset = 8</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873774] cred.euid_offset = 20</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873813] cred.egid_offset = 24</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873842] mm.mmap_offset = 0</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873867] mm.pgd_offset = 36</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873901] mm.arg_start_offset = 152</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.873970] mm.start_brk_offset = 140</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874004] mm.brk_offset = 144</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874032] mm.start_stack_offset = 148</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874078] vma.vm_mm_offset = 0</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874104] vma.vm_start_offset = 4</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874133] vma.vm_end_offset = 8</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874161] vma.vm_next_offset = 12</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874187] vma.vm_flags_offset = 28</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874215] vma.vm_file_offset = 80</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874242] fs.f_dentry_offset = 12</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874268] fs.f_path_offset = 8</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874293] fs.d_name_offset = 20</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874320] fs.d_iname_offset = 36</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874347] fs.d_parent_offset = 16</span><br style="font-size:13.2px;line-height:19.8px"><span style="font-size:13.2px;line-height:19.8px">Apr 14 22:38:24 polictf kernel: [ 3533.874369] ---KERNELINFO-END---</span><br></div><div><span style="font-size:13.2px;line-height:19.8px"><br></span></div><div><span style="font-size:13.2px;line-height:19.8px">At this point, if I am not wrong, I have to edit the kernelinfo.conf file with the new parameters. It is right or there are other things to do?<br></span></div><div><span style="font-size:13.2px;line-height:19.8px"><br></span></div><div><span style="font-size:13.2px;line-height:19.8px">Thanks.</span></div></div><div dir="ltr"><div><span style="font-size:13.2px;line-height:19.8px"><br></span></div><div><span style="font-size:13.2px;line-height:19.8px">- Simone </span></div></div><div dir="ltr"><br><div class="gmail_quote">Il giorno mer 15 apr 2015 alle ore 20:41 Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> ha scritto:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>When you run the plugin, kernelinfo.conf must exist in your current directory. So just soft-link it from the source directory of the plugin.<br></div><br></div><div>In your case however, the stock kernelinfo.conf won't work because it currently contains only information for the 32bit kernel used by debian stable.<br></div><div>So you have to compile the kernelinfo module in a guest running (ideally) the same kernel you want to introspect.<br></div><div>Then insert it into the kernel (insertion always fails) and use the supplied python script to extract the offsets for that kernel.<br><br></div><div>The offsets should then be appended to kernelinfo.conf. Also make a pull request for the updated kernelinfo.conf when you do this.<br></div><div><br></div><div>IIRC, the kernelinfo module had some glitches which prevented it from compiling in recent kernels (e.g. 3.20). So if you encounter any problems, drop me an email so that I expedit making a pull request for the fixed version.<br><br></div><div>Cheers,<br></div><div>M.<br></div><div><br><br><br></div><div><br></div>M.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-15 8:26 GMT-07:00 Simone Mazzoni <span dir="ltr"><<a href="mailto:simone.mazzoni13@gmail.com" target="_blank">simone.mazzoni13@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I tried to use the osi_linux plugin to get the current process in execution but it seems not to work.</div><div>I tried to execute panda with -panda 'osi;osi_linux;osi_test' but it gives me the following error:</div><div><br></div><div><img style="max-width:100%" src="cid:14cbdadbeca65b51b781"><br></div><div>Any idea of the reason?<br><br>I noticed see that the plugin contain a "utils/kernelinfo" folder that should contain a script or something to extract the correct offset of the running kernel, but I do not understand how to use it.</div><div><br></div><div>I tried running the osi_test on an Debian SO and on a Ubuntu 14.04 SO.</div><div><br></div><div>Thanks for the help.</div><span><font color="#888888"><div><br></div><div>- Simone </div></font></span></div>
<br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
<br></blockquote></div><br></div>
</blockquote></div></div></blockquote></div></div></div></div>
</blockquote></div></div></blockquote></div>
</div></div></blockquote></div></div></div></blockquote></div>
</div></div></blockquote></div></div></div></div></div></div></div></div></blockquote></div></div></div></div></div></div>
</blockquote></div></div></blockquote></div>
</div></div></blockquote></div><br></div>