<div dir="ltr"><div>The prov_tracer plugin depends on process events being enabled for the osi plugins.<br><br>You need to add a <span class="">-DOSI_PROC_EVENTS in your extra-cflags of build.sh. See:</span> <a href="https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh">https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh</a><br><br></div>Note that the syscall decoding functionality itself doesn't depend on process events. <br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 11:11 GMT+01:00 Julia Gustafsson <span dir="ltr"><<a href="mailto:gustafssonjulia92@gmail.com" target="_blank">gustafssonjulia92@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks, it sounds really interesting! However, I have some problems with adding it to PANDA. I downloaded the branch and added it to the panda_plugins folder in the qemu directory, and then I added it to the list of plugins in config.panda. When I run make (in the qemu folder) I get this error:<div><div> </div><div><i>CXX /home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o</i></div><div><i>prov_tracer.cpp:344:2: error: #error "Process Event Callbacks not enabled!"</i></div><div><i> #error "Process Event Callbacks not enabled!"</i></div><div><i> ^</i></div><div><i>make[2]: *** [/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o] Error 1</i></div><div><i>make[1]: *** [plugin-prov_tracer] Error 2</i></div><div><i>make: *** [subdir-x86_64-softmmu] Error 2</i></div></div><div><i><br></i></div><div>What could be wrong? I have tried to uncomment the syscalls plugin in config.panda but then I get this when running make: </div><div><br></div><div><div><i>make[2]: *** No rule to make target `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls/gen_syscall_ppp_boilerplate.cpp', needed by `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls.o'. Stop.</i></div><div><i>make[1]: *** [plugin-syscalls] Error 2</i></div><div><i>make: *** [subdir-x86_64-softmmu] Error 2</i></div></div><div><br></div><div>Thanks in advance,</div><div>Julia</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-02-26 1:17 GMT+01:00 Manolis Stamatogiannakis <span dir="ltr"><<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@nyu.edu" target="_blank">brendandg@nyu.edu</a>></span>:<br></span><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">This is the job of the syscalls2 plugin API, which lets you register<br>
callbacks for individual system calls. You can also use the<br>
on_all_sys_enter callback to intercept *every* system call.<br>
<br>
The syscalls2 USAGE page has more details:<br>
<br>
<a href="https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md" rel="noreferrer" target="_blank">https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md</a><br>
<br>
One thing that does not (yet) exist is something that registers every<br>
syscall callback and then prints the arguments (like strace in Linux<br>
does). I believe someone is currently working on doing this for Linux,<br>
but the plugin isn't finished yet and hasn't been committed.<br></blockquote><div><br></div></span><div><br>In case this helps, I have already implemented something like this, although it is not tied to syscalls2 plugin.<br><br><a href="https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls" target="_blank">https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls</a><br><a href="https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp" target="_blank">https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp</a><br><br></div><div>Essentially, a python script is used to extract the syscall signatures from the linux source and dump them in a static array, which is then compiled as a dynamic library. The entries of the array can then be used to correctly interpret syscall arguments at runtime.<span><font color="#888888"><br><br></font></span></div><span><font color="#888888"><div>M.<br></div></font></span><span><div><br><br></div><div><br></div><div><br><br><br><br><br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div><br>
On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson<br>
<<a href="mailto:gustafssonjulia92@gmail.com" target="_blank">gustafssonjulia92@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> I have been looking through all the existing plugins, but haven't found any<br>
> way to get a list of the system calls made by either the whole system or by<br>
> certain processes. Does any plugin like that exist?<br>
><br>
> Best Regards,<br>
> Julia<br>
><br>
</div></div>> _______________________________________________<br>
> panda-users mailing list<br>
> <a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
> <a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
><br>
<span><font color="#888888"><br>
<br>
<br>
--<br>
Brendan Dolan-Gavitt<br>
Assistant Professor, Department of Computer Science and Engineering<br>
NYU Tandon School of Engineering<br>
_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
</font></span></blockquote></span></div><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>