[panda-users] Problem syscall plugin usage
Simone Mazzoni
simone.mazzoni13 at gmail.com
Wed Dec 3 12:50:19 EST 2014
Hello,
I have a problem in using the “syscall” plugin provided in PANDA.
I succesfully compiled PANDA following the compile.txt instruction.
I want now to use PANDA to scan all the system calls on a Windows 7 VM.
I run the Windows 7 VM with this command: “./qemu-system-x86_64 -hda ../../../qemuwin7.img -enable-kvm -m 1024 -monitor stdio -loadvm booted -panda syscalls” and the system replies with this message
adding /home/parallels/Desktop/Tesi/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_syscalls.so to panda_plugin_files 0
loading /home/parallels/Desktop/Tesi/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_syscalls.so
warning: Plugin 'syscalls' uses argument: -panda-arg syscalls:file=<file>
using default log file syscalls.txt
Success
QEMU 1.0,1 monitor - type 'help' for more information
(qemu) SaveVM v3 format forces exact matches between devices on load and save, including on replay.
So it seems that the plugin is succesfully loaded.
The message says also that the default log file “syscalls.txt” will be used, so I expect to see some line in this file after running some programs in the Windows 7 VM, but the file remains blank, so it seems that the plugin is not working.
Where are my errors? How can I effectively trace all the system calls invocations of the guest Windows 7 system?
Thanks
Simone
More information about the panda-users
mailing list