<div dir="ltr"><div><div><div><div>excuse me, i want to make me more clear:<br></div>i want to use panda to analysis an app's malicious act.<br>the step i take is this: use avd to install app;use qemu-img to convert img;run runpandroid.py to boot android emulator; operate app input some data in emulator and take a record;then replay it with tained_instr, tstringsearch etc. plugins and then i get stuck. because i expect to use panda to get some results(the tainted processes) that i can use to analysis the app's actions but failed.<br><br></div>Maybe some of you wonder that why i do not use other tools instead, like IDA Pro, or just read the smail code or dex, i want to say that now i find panda is an interesting tool and i just want to try to make full use of it.<br><br></div>Anyone who is interested in dynamic analysis of android, please let me know and i would appreciate your comments!<br><br></div>Thanks!<br><div><div><div><br><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-24 21:20 GMT-04:00 xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>thanks first!<br></div>sorry, i made a mistake: the low-level code i mean before is the log file produced by qemu's -d command when replay, and it is the assembly code(i mean it is the qemu's log about replay,how can i get the tainted_instr ops?).the .plog file produced by pandalog is just the result of tainted_instr.(asid and pc value)<br></div>as for linux_vmi plugin and DroidScope i should learn further.<br><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-24 16:23 GMT-04:00 Joshua Hodosh <span dir="ltr"><<a href="mailto:josh.hodosh@ll.mit.edu" target="_blank">josh.hodosh@ll.mit.edu</a>></span>:<div><div class="h5"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
That's correct. The last time I looked at DroidScope, it could
introspect on Dalvik in Android 2.3, running on a 32-bit host.<br>
The DroidScope code we included as the linux_vmi plugin doesn't have
Dalvik-layer introspection enabled, since it's 1) obsolete, and 2)
requires a 32-bit executable. The process, thread, module, and
symbol tracking are still enabled, but won't help with Java/Dalvik
code. <br>
<br>
Android 2.x's interpreter had a function that was run on each
opcode, so DroidScope's symbol-parsing was enough to bootstrap a
Dalvik-instruction callback point. The interpreter in 4.0 was
rewritten for performance, and doesn't have an analogous function,
as far as I know.<br>
<br>
I know DroidScope has documentation about Android 4.3, but there
doesn't seem to be any code for it. There haven't been any commits
to it for over two years.<span><font color="#888888"><br>
<br>
-- <br>
Josh</font></span><div><div><br>
<br>
<div>On 04/24/2015 12:37 AM, Brendan
Dolan-Gavitt wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">The low-level code you see in Android is generally
the result of just in time compilation. The DroidScope paper [1]
discusses some ways to determine what the high-level code
corresponds to the low-level code, but I don't know if that has
made it into PANDA – Josh may know more.
<div><br>
</div>
<div>-Brendan</div>
<div><br>
</div>
<div>[1] <a href="https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final107.pdf" target="_blank">https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final107.pdf</a></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Apr 23, 2015 at 9:19 PM,
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>the thing is:after taint we can get the tainted
data flow,assuming it wrote in the name.plog, then
extract the .plog using tainted_instr, how can i get
useful information from the flowing(such as which
high-level func handle it)?<br>
</div>
like IL in .NET, we can decompile to get c# source code.<br>
</div>
Thanks <br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-04-23 19:49 GMT-04:00
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:
<div>
<div><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">thanks first, <br>
the code i want to get is the java functions(the
higher-level information) that handle special
data or something that related with these
functions.(like asm,but can be used to locate
related functions).<br>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-04-23 12:45
GMT-04:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:
<div>
<div><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I'm not sure I understand
your question. The assembly
instructions being executed are the
code.
<div><br>
</div>
<div>If you want higher-level
information, like what library that
code is in, or what the process name
is, this is typically done using
memory analysis (for example, tools
like Volatility). If you can get the
configuration right for the
osi_linux plugin, you can also get
information about what libraries are
loaded and where they are from that
interface.</div>
<div><br>
</div>
<div>What information are you trying
to get?</div>
<span><font color="#888888">
<div><br>
</div>
<div>-Brendan </div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed,
Apr 22, 2015 at 11:23 PM,
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>excuse me, one more
question:<br>
</div>
<div>taint(use pandalog to
write in name.plog which
can be extract by
tainted_instr) can get
the asid-pc record,i
want to find operating
code further and replay
with "-d in_asm -D
asmlog.txt" and get the
log like this:<br>
</div>
************************************************************************<br>
IN: <br>
0xb52dbbee: 4605
mov r5, r0<br>
0xb52dbbf0: 2800
cmp r0, #0<br>
0xb52dbbf2: f040 8172
bne.w 0xb52dbeda<br>
<br>
----------------<br>
IN: <br>
0xb52dbbf6: 462b
mov r3, r5<br>
0xb52dbbf8: 4620
mov r0, r4<br>
0xb52dbbfa: 2101
movs r1, #1<br>
0xb52dbbfc: aa06
add r2, sp, #24<br>
0xb52dbbfe: f7fa f898
bl 0xffffffffb52d5d32<br>
<br>
----------------<br>
IN: <br>
0xb52d5d32: b5f7
push {r0, r1, r2, r4,
r5, r6, r7, lr}<br>
0xb52d5d34: 4606
mov r6, r0<br>
0xb52d5d36: 4617
mov r7, r2<br>
0xb52d5d38: 6800
ldr r0, [r0, #0]<br>
0xb52d5d3a: aa01
add r2, sp, #4<br>
0xb52d5d3c: 460d
mov r5, r1<br>
0xb52d5d3e: f7ff fecf
bl 0xffffffffb52d5ae0<br>
*******************************************************************<br>
</div>
<div>it just the
instructions underlying,
but how can i use these to
locate the code that what
i want?<br>
<br>
</div>
<div>sorry to be a askhole,
i just a new learner... <br>
</div>
<div>And thanks for your
patience!!<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>2015-04-10
21:24 GMT-04:00 Brendan
Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">Once
you have used
PANDA's taint system
to identify the
portions of the code
that process the
data you're
interested in, you
will still have to
analyze that code do
understand how it
works. One way to do
that might be to use
the scissors plugin
to extract out the
portion of the trace
that contains the
code you're
interested in, and
then replay it with
QEMU's "-d in_asm -D
asmlog.txt" options
to get the
disassembly for that
code.
<div><br>
</div>
<div>Alternatively,
you could take a
memory snapshot at
some point when
the code you want
to analyze is in
memory (using
something like the
pmemsave plugin in
PANDA), then use
Volatility to
analyze that
memory image to
extract out the
binary, which you
could look at in
IDA or something
similar.</div>
<div><br>
</div>
<div>Basically –
disassemble the
code that handles
the data you're
interested in and
find out how it
works. Exactly
what that means
will depend on
what you're hoping
to accomplish.</div>
<span><font color="#888888">
<div><br>
</div>
<div>-Brendan</div>
</font></span></div>
</span>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>On
Fri, Apr 10,
2015 at 9:07
PM, xiaojuan
Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">Hi,
<div>Thanks
for your job
first.</div>
<div>I am a
little
confused about
the result of
the
tainted.how
can I get
enough
information
about the
processing
code from the
binary? use
the gdb?</div>
<div>Thanks!</div>
</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-10
12:05
GMT+08:00
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">Thanks
for your guys
great work!<br>
<div>and I
will try.</div>
</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-10
11:42
GMT+08:00
Brendan
Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">Hi,
<div><br>
</div>
<div>Tim has
just updated
the
tainted_instructions
tutorial so
that it
reflects how
things work
now. Could you
look through
that tutorial
and see if it
helps with
your problem?</div>
<div><br>
</div>
<div><a href="https://github.com/moyix/panda/blob/master/docs/tainted_instructions.md" target="_blank">https://github.com/moyix/panda/blob/master/docs/tainted_instructions.md</a><br>
</div>
<div><br>
</div>
<div>Note that
you will
probably need
to do a "git
pull" and
rebuild (make
clean ;
./build.sh) in
order to make
sure
everything
works as it
says in the
tutorial.</div>
<span><font color="#888888">
<div><br>
</div>
<div>-Brendan</div>
</font></span></div>
</span>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>On
Thu, Apr 9,
2015 at 9:30
AM, xiaojuan
Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><span>Now
that the panda
<a href="http://taint.md" target="_blank">taint.md</a> is not fresh,can you
guys give me
some help?
<div>I use the
replay
plugin,here is
my command and
the result.</div>
</span>
<div><img src="cid:part13.05000508.08030008@ll.mit.edu" height="431" width="472"><br>
<img src="cid:part14.00060509.00000800@ll.mit.edu" height="363" width="472"><br>
<img src="cid:part15.06020604.08000400@ll.mit.edu" height="442" width="472"><br>
<img src="cid:part16.02050307.05050806@ll.mit.edu" height="429" width="472"><br>
<br>
</div>
<span>
<div>the
content of
pk_search_strings.txt
is :"sdt"</div>
<div><br>
</div>
<div>I am
confused
here:in the
paper—
Repeatable
reverse with
panda:</div>
</span>
<div>:<img src="cid:part17.05080300.08010808@ll.mit.edu" height="220" width="436"></div>
<span>
<div>it is
clear that:if
I use the
stringsearch
and taint
plugin,when it
matches, the
taint label
will be put
and then taint
action will
start.but when
I use it, it
seems
wrong(the
picture showed
before):no
taint action
execute,and i
am confused
about the
tstringsearch's
result.</div>
<div>how can i
use it to
analysis?</div>
<div>Thanks a
lot!</div>
<div> </div>
</span></div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
10:14
GMT+08:00
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">I
get the replay
file by
running
runandroid
script. and i
use
qemu-system-arm
command just
to do some
replay work.
<div>I may not
understand you
at all in this
emal.do you
mean that i
should gdb the
original
program rather
than the
record file?</div>
<div>Thansk</div>
</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
9:52 GMT+08:00
Brendan
Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">Hmm.
gdb should
normally stop
when you get a
segfault.
<div><br>
</div>
<div>Are you
by any chance
running PANDA
using the
runandroid
script? If so,
you will need
to instead
invoke PANDA
manually,
i.e.:</div>
<div><br>
</div>
<div>gdb
--args
arm-softmmu/qemu-system-arm
[...]</div>
<div><br>
</div>
<div>And then
once it
crashes, type
"bt" at the
gdb prompt to
get a
backtrace.</div>
<span><font color="#888888">
<div><br>
</div>
<div>-Brendan</div>
</font></span></div>
</span>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>On
Tue, Apr 7,
2015 at 9:47
PM, xiaojuan
Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">when
gdb,it shows:<br>
<img src="cid:part21.01040708.02080106@ll.mit.edu" height="93" width="472">
<div><span>and
then i see the
log:it shows
segfault:<br>
</span><img src="cid:part22.04080309.08040207@ll.mit.edu" height="305" width="472"></div>
<div><br>
<br>
</div>
</div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
9:03 GMT+08:00
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">maybe
i am wrong.
<div> i use
the command
line:"taint2:label_mode=binary,query_outgoing_network=1"and
I found that
when i use
taint2, after
it loads
panda_taint2.so,it
shows:"taint2:instructed
not to inline
taint ops
.success".</div>
</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
8:54 GMT+08:00
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><span>ok.
<div>1.I want
to use taint
plugin to get
information
about some
functions(of
course, it is
closed-source),so
I think I can
stringsearch
potential data
and then taint
them and next
I can locate
the functions
which solves
these data.</div>
<div><br>
</div>
<div>2.the
command line I
used is : <span style="font-size:14px">stringsearch:name=***;</span><span style="font-size:14px">taint2:tainted_instructions=1.</span></div>
<div><br>
</div>
</span>
<div>thanks</div>
<div><span style="font-size:14px"><br>
</span></div>
</div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
8:40 GMT+08:00
Brendan
Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><span>Could
you provide:
<div><br>
</div>
<div>1. What
information
you're trying
to get</div>
<div>2. The
command line
you're using
to run PANDA
with the
taint2 plugin</div>
<div><br>
</div>
<div>?</div>
<div><br>
</div>
</span><span>
<div>Right now
I believe
taint2 does
not produce
very much
output by
default.
Instead you
use the
-pandalog
<filename>
command line
option, and
taint2 will
write its
results there
in pandalog
format; you
can then read
them using
pandalog_reader
(see
panda/pandalog_reader.c
for details on
that tool).</div>
</span><span><font color="#888888">
<div><br>
</div>
<div>-Brendan</div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>On
Tue, Apr 7,
2015 at 8:32
PM, xiaojuan
Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<div dir="ltr">when
I tried
taint2,it
showed the
same error
with taint1,
the olny
difference is
that taint2
has no
segfault
error,just
uninit taint
plugin.</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-08
8:28 GMT+08:00
Brendan
Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><span>Could
you be a
little more
descriptive
about how it
failed?
Segfault?
Error message?
Incorrect
output?
<div><br>
</div>
</span>
<div>-Brendan</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span>
<div>
<div>On Tue,
Apr 7, 2015 at
8:27 PM,
xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>
wrote:<br>
</div>
</div>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div><span>
<div dir="ltr">i
tried taint2
too,it failed.</div>
</span>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote"><span>2015-04-07
5:20 GMT+08:00
Leek, Timothy
- 0559 - MITLL
<span dir="ltr"><<a href="mailto:tleek@ll.mit.edu" target="_blank">tleek@ll.mit.edu</a>></span>:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><span>
<div>
<div>
<div>Also note
that the
“taint” plugin
is somewhat
defunct.
“taint2” is
the one we are
actively using
and
developing.</div>
<div>
<div>--</div>
<div>Tim Leek</div>
<div>Technical
Staff</div>
<div>Cyber
System
Assessments</div>
<div>MIT
Lincoln
Laboratory</div>
<div><a href="tel:781-981-2975" value="+17819812975" target="_blank">781-981-2975</a></div>
<div><br>
</div>
</div>
</div>
</div>
<div><br>
</div>
</span><span><span>
<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt"><span style="font-weight:bold">From: </span>
Brendan
Dolan-Gavitt
<<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>><br>
<span style="font-weight:bold">Date:
</span>
Monday, April
6, 2015 at
5:18 PM<br>
<span style="font-weight:bold">To:
</span>
xiaojuan Li
<<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>><br>
<span style="font-weight:bold">Cc:
</span> "<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a>"
<<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a>><br>
<span style="font-weight:bold">Subject:
</span> Re:
[panda-users]
taint
segmentation
fault<br>
</div>
</span>
<div>
<div>
<div><br>
</div>
<div>
<div><span>
Could you run
that under gdb
and provide us
with a
backtrace when
it crashes?
<div><br>
</div>
</span>
<div>-Brendan<span><br>
<br>
On Sunday,
April 5, 2015,
xiaojuan Li
<<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>>
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,
<span>
<div>excuse
me,i have a
question about
taint
plugin:(stringsearch:name=***;taint:tainted_instructions=1)</div>
<div>when I
started it
showed
success:</div>
<div><br>
</div>
</span>
<div><img src="cid:part36.00020903.07030807@ll.mit.edu" height="166" width="454"></div>
<div><br>
</div>
<div><span>but
when it
finished
search,it
showd "uninit
taint plugin
segementation
fault"<br>
</span><img src="cid:part37.01080608.07000601@ll.mit.edu" height="132" width="454"><span><br>
<br clear="all">
<div>how can I
fix it?</div>
<div>Thanks a
lot!</div>
</span>
-- <br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
<br>
</div>
</div>
<div>
<div>_______________________________________________<br>
panda-users
mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">--
<br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<span><font color="#888888">
<div><br>
</div>
</font></span></div>
</div>
<span><font color="#888888"><span><font color="#888888">-- <br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></font></span></div>
<span><font color="#888888">
</font></span></blockquote>
</div>
<span><font color="#888888"><br>
</font></span></div>
<span><font color="#888888">
</font></span></div>
</div>
</blockquote>
</div>
<span><font color="#888888"><br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">wait
and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<span><font color="#888888"><br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">wait and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
</div>
</div>
<span><font color="#888888"><br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">wait and hope~~</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
panda-users mailing list
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
<br></blockquote></div></div></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div><div dir="ltr">wait and hope~~</div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">wait and hope~~</div></div>
</div>