<div dir="ltr">
<span id="gmail-tran_2_0" style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial">Thank</span><span style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial"><span> </span></span><span id="gmail-tran_2_1" class="gmail-" style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial">you</span><span style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial"><span> </span>for<span> </span></span><span id="gmail-tran_2_2" class="gmail-" style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial">answering</span><span style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial"><span> </span></span><span id="gmail-tran_2_3" class="gmail-" style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial">my</span><span style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial"><span> </span></span><span id="gmail-tran_2_4" class="gmail-" style="color:rgb(67,67,67);font-family:Arial,sans-serif;font-size:14px;text-align:left;background-color:rgb(252,252,254);text-decoration-style:initial;text-decoration-color:initial">question. You say that there is a way to
<span style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;text-align:start;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">enabling and </span><span style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;text-align:start;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">disabling the taint system s<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">o that it's only active when the process </span><span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">you want is running. So, is there some ways to know what the current process's name or pid when replaying logs. I need some information like that to decide the place where the taint analysis should be enabled or not. Can I get this information from panda2 or qemu APIs?</span></span></span></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jun 21, 2018 at 9:09 AM shuai xi <<a href="mailto:ahahanamea@gmail.com">ahahanamea@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Cool, thanks! <br></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Jun 20, 2018 at 11:22 PM Manolis Stamatogiannakis <<a href="mailto:mstamat@gmail.com" target="_blank">mstamat@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Given the opportunity, a small update on my work on turning taint analysis on/off.</div><div><br></div><div>Plan A was to switch between LLVM/TCG when taint analysis is on/off. There are some waning comments in PANDA code that this should not work because of a bug in the LLVM pass registration code. But before reaching that point, I believe I've hit a different bug. The bug seems to be allocation-related and I haven't been able to resolve it for some time now.<br></div><br><div>So I'll probably switch to plan B, which is to stay in LLVM mode after taint analysis has been enabled and only switch off taint propagation when it is not needed.</div><div><br></div><div>I'll try to send a PR with what I've done in the following days. In the meantime, my working branch is here: <a href="https://github.com/m000/panda/tree/taint2-wip" target="_blank">https://github.com/m000/panda/tree/taint2-wip</a><br></div><div><br></div><div>M.<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">Στις Τετ, 20 Ιουν 2018 στις 5:03 μ.μ., ο/η Brendan Dolan-Gavitt <<a href="mailto:brendandg@nyu.edu" target="_blank">brendandg@nyu.edu</a>> έγραψε:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There is no way to record just a single process. However, if the<br>
recording is too large you can use the "scissors" plugin to chop it<br>
down to just the part you care about. Also, I think Manolis<br>
Stamatogiannakis has done some work on selectively enabling and<br>
disabling the taint system so that it's only active when the process<br>
you want is running, but I don't know if that work is publicly<br>
available yet.<br>
<br>
-Brendan<br>
<br>
On Wed, Jun 20, 2018 at 3:39 AM, shuai xi <<a href="mailto:ahahanamea@gmail.com" target="_blank">ahahanamea@gmail.com</a>> wrote:<br>
> hello developer, i want to use panda2 plugins like 'taint2' to analysis a<br>
> program. But the 'record' function records whole system. i want to just<br>
> focus on this program's process and use the process's virtual address to<br>
> taint a buffer of memory. Dose panda2 provide this functionality?<br>
><br>
> _______________________________________________<br>
> panda-users mailing list<br>
> <a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
> <a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
><br>
<br>
<br>
<br>
-- <br>
Brendan Dolan-Gavitt<br>
Assistant Professor, Department of Computer Science and Engineering<br>
NYU Tandon School of Engineering<br>
_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu" target="_blank">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" rel="noreferrer" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>