<div dir="ltr">Hello again,<div><br></div><div>Thank you for your help. I was able to build PANDA with the prov_tracer plugin, but I have some more questions. </div><div><br></div><div>My first question is how I'm suppose to run it. You wrote:</div><div><i>"<span style="font-size:13px">So make sure you try prov_tracer (which depends on linux_osi) on 32 bit."</span></i></div><div>Does this mean that I should run it on i386-softmmu instead of x86_64-softmmu? I'm running a 32 bit Debian Squeeze (i386) as the guest system, and the host system is a 64 bit Ubuntu 14.04. </div><div><br></div><div>My second question is what the arguments to the plugins should be. I did 2 recordings; one on i386-softmmu and one on x86_64-softmmu, and I got these errors when I tried to run them with the prov_tracer plugin(without arguments):</div><div><i><span style="background-color:transparent"><b>i386-softmmu:</b></span></i></div><div><i><span style="background-color:transparent">"</span><span style="color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;background-color:transparent">i386-softmmu/qemu-system-i386 -replay echotestcrashi386 -panda osi -panda osi_linux:kconf_file=kernelinfo.conf,kconf_g -panda prov_tracer</span></i></div><div><span id="docs-internal-guid-e4b88c1c-1e00-8edb-e19d-21ff84f61a48"><i><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">.....</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">ERROR(osi_linux.cpp:init_plugin): Failed to read kernel info from group "debian-3.2.65-i686" of file "kernelinfo.conf".</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Fail. init_fn returned 0</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">FAIL: Unable to load plugin `/home/parallels/Documents/PANDA/panda-master/qemu/i386-softmmu/panda_plugins/panda_osi_linux.so'</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Aborted (core dumped)"</span></p></i></span></div><div><span style="color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;background-color:transparent"><br></span></div><div><span style="color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;background-color:transparent"><b>x86_64-softmmu:</b></span></div><div><span id="docs-internal-guid-e4b88c1c-1e01-8ad1-b07d-7d4283195cd3"><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">"x86_64-softmmu/qemu-system-x86_64 -m 256 -replay echotestcrash -panda osi -panda osi_linux:kconf_file=kernelinfo.conf,kconf_group=my_kernel_info -panda prov_tracer</span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap;background-color:transparent"> .....</span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">ERROR(prov_tracer.cpp:init_plugin): panda_prov_tracer_syscallents_linux-x86_64.so: cannot open shared object file: No such file or directory</span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Fail. init_fn returned 0</span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">FAIL: Unable to load plugin `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer.so'</span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span id="docs-internal-guid-e4b88c1c-1e03-0fb4-82cb-750fef9666d1"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Aborted (core dumped)</span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">"</span></span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font color="#000000" face="Arial"><span style="white-space:pre-wrap">Best Regards,</span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font color="#000000" face="Arial"><span style="white-space:pre-wrap">Julia</span></font></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="font-style:italic;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p></span></div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 11:31 GMT+01:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Also note that linux_osi has some issues on 64 bit (I can see you are using <i>x86_64-softmmu).<br></i></div>So make sure you try prov_tracer (which depends on linux_osi) on 32 bit.<br><br></div>Again, the syscall decoding code shouldn't have problems if it is moved outside the plugin.<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 11:26 GMT+01:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>The prov_tracer plugin depends on process events being enabled for the osi plugins.<br><br>You need to add a <span>-DOSI_PROC_EVENTS in your extra-cflags of build.sh. See:</span> <a href="https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh" target="_blank">https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh</a><br><br></div>Note that the syscall decoding functionality itself doesn't depend on process events. <br><br><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 11:11 GMT+01:00 Julia Gustafsson <span dir="ltr"><<a href="mailto:gustafssonjulia92@gmail.com" target="_blank">gustafssonjulia92@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks, it sounds really interesting! However, I have some problems with adding it to PANDA. I downloaded the branch and added it to the panda_plugins folder in the qemu directory, and then I added it to the list of plugins in config.panda. When I run make (in the qemu folder) I get this error:<div><div> </div><div><i>CXX /home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o</i></div><div><i>prov_tracer.cpp:344:2: error: #error "Process Event Callbacks not enabled!"</i></div><div><i> #error "Process Event Callbacks not enabled!"</i></div><div><i> ^</i></div><div><i>make[2]: *** [/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o] Error 1</i></div><div><i>make[1]: *** [plugin-prov_tracer] Error 2</i></div><div><i>make: *** [subdir-x86_64-softmmu] Error 2</i></div></div><div><i><br></i></div><div>What could be wrong? I have tried to uncomment the syscalls plugin in config.panda but then I get this when running make: </div><div><br></div><div><div><i>make[2]: *** No rule to make target `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls/gen_syscall_ppp_boilerplate.cpp', needed by `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls.o'. Stop.</i></div><div><i>make[1]: *** [plugin-syscalls] Error 2</i></div><div><i>make: *** [subdir-x86_64-softmmu] Error 2</i></div></div><div><br></div><div>Thanks in advance,</div><div>Julia</div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 1:17 GMT+01:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@nyu.edu" target="_blank">brendandg@nyu.edu</a>></span>:<br></span><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">This is the job of the syscalls2 plugin API, which lets you register<br>
callbacks for individual system calls. You can also use the<br>
on_all_sys_enter callback to intercept *every* system call.<br>
<br>
The syscalls2 USAGE page has more details:<br>
<br>
<a href="https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md" rel="noreferrer" target="_blank">https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md</a><br>
<br>
One thing that does not (yet) exist is something that registers every<br>
syscall callback and then prints the arguments (like strace in Linux<br>
does). I believe someone is currently working on doing this for Linux,<br>
but the plugin isn't finished yet and hasn't been committed.<br></blockquote><div><br></div></span><div><br>In case this helps, I have already implemented something like this, although it is not tied to syscalls2 plugin.<br><br><a href="https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls" target="_blank">https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls</a><br><a href="https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp" target="_blank">https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp</a><br><br></div><div>Essentially, a python script is used to extract the syscall signatures from the linux source and dump them in a static array, which is then compiled as a dynamic library. The entries of the array can then be used to correctly interpret syscall arguments at runtime.<span><font color="#888888"><br><br></font></span></div><span><font color="#888888"><div>M.<br></div></font></span><span><div><br><br></div><div><br></div><div><br><br><br><br><br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div><br>
On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson<br>
<<a href="mailto:gustafssonjulia92@gmail.com" target="_blank">gustafssonjulia92@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> I have been looking through all the existing plugins, but haven't found any<br>
> way to get a list of the system calls made by either the whole system or by<br>
> certain processes. Does any plugin like that exist?<br>
><br>
> Best Regards,<br>
> Julia<br>
><br>
</div></div>> _______________________________________________<br>
> panda-users mailing list<br>
> <a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
> <a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
><br>
<span><font color="#888888"><br>
<br>
<br>
--<br>
Brendan Dolan-Gavitt<br>
Assistant Professor, Department of Computer Science and Engineering<br>
NYU Tandon School of Engineering<br>
_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
</font></span></blockquote></span></div><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>