[panda-users] Gathering of specific data...
Kenneth Adam Miller
kennethadammiller at gmail.com
Sun Dec 7 19:11:16 EST 2014
Excellent!
That's most of what I need anyway, the function & image name isn't
absolutely necessary for my analysis framework, just some verbosity to help
in searches...
But now that you say that QEMU doesn't support true multi-threading, I
wonder about the data structure design write up that I'm doing-much of the
idea for acceleration comes in the ability to have a multi-multi threading
model between the background analysis threads that remove latency and the
foreground that is adding data to be processed into the taint data
structure; my question is now-while the QEMU framework doesn't support full
multi-threading, can analysis threads specifically be truly parallel,
provided they aren't part of the actual target VM?
On Sun, Dec 7, 2014 at 7:06 PM, Brendan Dolan-Gavitt <brendandg at gatech.edu>
wrote:
> On Sun, Dec 7, 2014 at 6:48 PM, Kenneth Adam Miller
> <kennethadammiller at gmail.com> wrote:
> > Does PANDA allow users to gather information similar to PIN? Such as the
> > following information:
> >
> > Image name
>
> For Windows 7, you can get this with the new OSI API. I will try to
> take some time to document it this week.
>
> > Function name
>
> This requires access to debug symbols and isn't natively supported in
> PANDA. You can pretty easily cobble something together using e.g.
> pdbparse for Windows binaries or objdump/readelf/dwarfdump for Linux
> binaries to create a symbol map and then use that in your
>
> > Address of execution
>
> Yes; by default you can get the current program counter with the
> accuracy of one QEMU basic block. If you need greater precision, you
> can call panda_enable_precise_pc(), at which point the program counter
> will be accurate to the instruction.
>
> > Address of memory write
> > Address of memory read
>
> Yes, these are available in the PANDA_CB_VIRT_MEM_READ/WRITE callbacks
> (and their PHYS counterparts, if you want physical addresses).
>
> > ect...
>
> > And is there any way to determine a full ordering via lamport clock of
> all
> > memory operations, via plugin or framework feature? Suppose threads 1 & 2
> > race for memory at 0xdeadbeef; I want to know, accurately as possible
> which
> > order the instructions of thread 1 & 2 run with.
>
> QEMU (at least as of 1.0.1, things may have changed since) doesn't
> support true multithreading – execution of each virtual CPU is
> serialized via a global lock. Our record/replay implementation also
> currently doesn't support SMP; only one virtual processor is
> supported.
>
> So when the memory callback executes, only one will be executing at
> once, meaning determining the exact order is trivial.
>
> Hope this helps,
> Brendan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20141207/84ced088/attachment.htm
More information about the panda-users
mailing list