<div dir="ltr"><div><div><div>Hi,<br><br></div>I just tried running the plugin on a live CD boot up of Arch Linux 32 with qemu-system-i386, with my plugin tracking writes in all of physical memory (start=0,end=-1). However, there still are not any writes being recorded. The plugin prints its messages when loading and unloading, but sees 0 reads and writes.<br><br></div>Perhaps I am building or invoking the plugin incorrectly? Though, since my load and unload messages appear, I don't know where my mistake might be.<br><br></div><div>Thanks,<br></div><div>Vincent<br></div><div><br><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 24, 2018 at 6:17 AM, Bridgey theGeek <span dir="ltr"><<a href="mailto:bridgeythegeek@gmail.com" target="_blank">bridgeythegeek@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Vincent,<br><br></div>Out of interest, did you try your code with an i386 environment? Did that work?<br><br></div>I don't have an x86_64 guest to hand, but your plugin code, copied straight from your gist worked as I'd expect it to for i386:<br>testplugin loading<br>tracking range [40000000, 80000000)<br>loading snapshot<br>... done.<br>opening nondet log for read : /slw/notepad01-rr-nondet.log<br>got a write at 2968c8c<br>got a write at 2968c88<br>got a write at 2968c84<br>got a write at 2968c80<br>got a write at 2968c7c<br>got a write at 2968c6c<br>got a write at 2968c68<br>got a write at 2968c64<br>got a read at 2968c98<br>got a read at 2968c94<br>got a read at 296bc00<br><br></div>Adam<br></div><br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">On Fri, 23 Feb 2018 at 22:43 Vincent Lee <<a href="mailto:vincent_lee@utexas.edu" target="_blank">vincent_lee@utexas.edu</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div><div><div>Hello,<br><br></div>I am trying to setup PANDA for monitoring the physical memory accesses of a x86_64 guest.<br>I've
written a toy test plugin [0], and have also tried running the
stringsearch plugin looking for the hostname of the machine, as well as
generic phrases likely to show up in logs, such as "Arch Linux" or
"memory".<br><br>However, no results are returned from stringsearch, and
my test plugin records no accesses on any part of memory. PANDA is
built from 8730ffb on Ubuntu 16.04 with the install_ubuntu script.<br></div><div><br></div>Have I set up my environment incorrectly, or are memory callbacks not supported on x86_64?<br></div>If they are not supported, is there a similar tool I can use to trace guest physical memory accesses on x86_64?<br><br></div>Thanks in advance,<br></div>Vincent<br><div><div><div><div><br><br>[0] <a href="https://gist.github.com/williewillus/f0c96d8652e0f8b538da0c162c82069c" target="_blank">https://gist.github.com/<wbr>williewillus/<wbr>f0c96d8652e0f8b538da0c162c8206<wbr>9c</a></div></div></div></div><br></div></div></div>
______________________________<wbr>_________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/<wbr>mailman/listinfo/panda-users</a><br>
</blockquote></div>
</blockquote></div><br></div></div>