[panda-users] osi plugin
Brendan Dolan-Gavitt
brendandg at gatech.edu
Mon Dec 15 11:24:02 EST 2014
Yep, that sounds reasonable. And would be appreciated! I'll point you
in their direction off-list.
-Brendan
On Mon, Dec 15, 2014 at 10:13 AM, Manolis Stamatogiannakis
<mstamat at gmail.com> wrote:
> I'm primarily interested in support for Linux. I would like to have
> callbacks on process related events (process creation, file operations by a
> specific process etc).
>
> The code from linux_vmi plugin works in principle, but is too messy. So, I'm
> thinking of weeding it out and migrating it to the osi API. Does this sound
> like a reasonable goal?
>
> The folks at Stony Brook could have similar goals, so putting me in touch
> with them would be great.
>
> Thanks!
> Manolis
>
> 2014-12-15 15:51 GMT+01:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
>>
>> A prototype implementation for Windows 7 introspection is available that
>> implements most of the API (kernel module listing is missing right now). You
>> can have a look at
>>
>> https://github.com/moyix/panda/tree/master/qemu/panda_plugins/win7x86intro
>>
>> to see the code that implements Win7 introspection.
>>
>> Other OSes aren't implemented right now; I've been told there are some
>> people at Stony Brook that are working on Linux support, and I can put you
>> in touch with them if you're interested.
>>
>> Is there more you want from OSI that's not there yet?
>>
>> -Brendan
>>
>> On Mon, Dec 15, 2014 at 9:03 AM, Manolis Stamatogiannakis
>> <mstamat at gmail.com> wrote:
>> > Is there any ongoing work on the osi plugin? Or is it just in the "todo"
>> > list?
>> >
>> > Thanks,
>> > Manolis
>> >
>> > _______________________________________________
>> > panda-users mailing list
>> > panda-users at mit.edu
>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>> >
More information about the panda-users
mailing list