<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@nyu.edu" target="_blank">brendandg@nyu.edu</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">This is the job of the syscalls2 plugin API, which lets you register<br>
callbacks for individual system calls. You can also use the<br>
on_all_sys_enter callback to intercept *every* system call.<br>
<br>
The syscalls2 USAGE page has more details:<br>
<br>
<a href="https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md" rel="noreferrer" target="_blank">https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md</a><br>
<br>
One thing that does not (yet) exist is something that registers every<br>
syscall callback and then prints the arguments (like strace in Linux<br>
does). I believe someone is currently working on doing this for Linux,<br>
but the plugin isn't finished yet and hasn't been committed.<br></blockquote><div><br></div><div><br>In case this helps, I have already implemented something like this, although it is not tied to syscalls2 plugin.<br><br><a href="https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls">https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls</a><br><a href="https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp">https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp</a><br><br></div><div>Essentially, a python script is used to extract the syscall signatures from the linux source and dump them in a static array, which is then compiled as a dynamic library. The entries of the array can then be used to correctly interpret syscall arguments at runtime.<br><br></div><div>M.<br></div><div><br><br></div><div><br></div><div><br><br><br><br><br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div class="h5"><br>
On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson<br>
<<a href="mailto:gustafssonjulia92@gmail.com">gustafssonjulia92@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> I have been looking through all the existing plugins, but haven't found any<br>
> way to get a list of the system calls made by either the whole system or by<br>
> certain processes. Does any plugin like that exist?<br>
><br>
> Best Regards,<br>
> Julia<br>
><br>
</div></div>> _______________________________________________<br>
> panda-users mailing list<br>
> <a href="mailto:panda-users@mit.edu">panda-users@mit.edu</a><br>
> <a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
><br>
<span class=""><font color="#888888"><br>
<br>
<br>
--<br>
Brendan Dolan-Gavitt<br>
Assistant Professor, Department of Computer Science and Engineering<br>
NYU Tandon School of Engineering<br>
_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
</font></span></blockquote></div><br></div></div>