<div dir="ltr"><div>I'm not sure I understand your question.<br><br>In VM terminology, Linux is the only *host* operating system supported by PANDA*. I.e. you can only run PANDA on Linux. <br><br></div><div>On the other hand, PANDA supports several *guest* operating systems. The guest operating system is the one which is analyzed by PANDA. Win 7 is one of the supported guests.<br><br>The authors of ida_taint apparently had interest in analyzing Win 7, so they built their plugin specifically for that. Making the plugin working on both Win 7 and Linux would require a lot more effort on their part.<br><br>Hope the above (although somewhat simplified) help to clear things up for you.<br><br></div><div>Cheers,<br></div><div>Manolis<br><br></div><br><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-26 21:16 GMT-07:00 xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>maybe, you misunderstood me.<br></div>i know ida_taint is designed for win7, but i have no idea why designed for win7?since panda is complied and running in linux.<br></div>Thanks!<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-26 23:08 GMT-04:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<div><div class="h5"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>ida_taint is designed for windows 7 guests. <br></div>See lines 25-27 of ida_taint.cpp where some windows 7 specific offsets are defined as macros.<br><br></div>M.<br><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-26 19:22 GMT-07:00 xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>excuse me, i have a question about this:now that panda is used in linux, why ida_taint is designed for windows?.<br></div>Thanks!</div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-20 23:40 GMT-04:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Ok, good for starters.<br><br>From a quick look, ida_taint.cpp contains some windows-specific offsets in the code. So the plugin has to be rewritten for linux.<br>This shouldn't be too hard, provided you understand how the windows version of the plugin works. I have no experience with windows internals, so I can't help you here.<br></div>But if you can add some documentation on how the plugin works, I could help you with the linux side.<br></div><br></div>Cheers,<br></div>Manolis<br><div><div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-20 18:54 GMT-07:00 xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span>:<div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">en. i use the wineconsole to run .bat,which is supported in linux.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-20 14:17 GMT-04:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Although I haven't tested osi_linux on arm, it should either be working or *almost* working. Of course you'll have to extract the kernel offsets to get it running.<br><br>Otherwise, I have included the arm equivalents of x86-specific code where I could. In any places where arm-specific code may be missing, I have added #warn directives. So the plugin will compile, but the preprocessor will emit warnings about the missing platform-specific code. <br><div><div><br></div><div>Regarding Xiaojuan's problem, it could be something more trivial. E.g. .bat files won't run on Linux. So if only the path was fixed in the script, it won't work.<br></div><div><br></div><div>Cheers,<br></div><div>Manolis<br><br></div><div><br>2015-04-20 8:55 GMT-07:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><div><div dir="ltr"> It
currently does not support anything except Windows 7, as the
documentation says. It uses the OSI module, so it should be extensible
fairly easily to the other operating systems OSI supports, which (thanks
to Manolis) includes Linux on x86, but which I think does not include
Linux on ARM.<div><br></div><div>In the future, also please create a new thread for new questions, rather than using the old one!</div><span><font color="#888888"><div><br></div><div>-Brendan</div></font></span></div></div></blockquote><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">On Mon, Apr 20, 2015 at 5:51 AM, xiaojuan Li <span dir="ltr"><<a href="mailto:xiaotan6666@gmail.com" target="_blank">xiaotan6666@gmail.com</a>></span> wrote:<br><div><div>excuse me, i have noticed that the ida_taint plugin:"win7 only but othre os could be easily added". <br></div>i
have installed ida pro in my system(debian),modified the ida_taint.bat
with my ida path,when i use it :./ida_taint.bat name.json
qemu-system-arm <br></div>it failed. it seems not available in linux, is it?<br>Thanks a lot!</blockquote></blockquote></div></div></div></div>
<br></div></div>_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><br>-- <br><div><div dir="ltr">wait and hope~~</div></div>
</font></span></div>
</blockquote></div></div></div><br></div>
</blockquote></div></div></div><span><font color="#888888"><br><br clear="all"><br>-- <br><div><div dir="ltr">wait and hope~~</div></div>
</font></span></div>
</blockquote></div></div></div><br></div></div></div></div></div></div>
</blockquote></div></div></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div><div dir="ltr">wait and hope~~</div></div>
</font></span></div>
</blockquote></div><br></div>