[panda-users] linux vmi plugin
Manolis Stamatogiannakis
mstamat at gmail.com
Tue Oct 28 17:27:04 EDT 2014
Hi all & thanks for creating this list!
I'd like to query about the status of the linux_vmi plugin. I have managed
to get the basic functionality working using the functions from
DECAF_linux_vmi.h.
However, the ps-like functionality, does not seem to work. This snippet
from linux_vmi/DroidScope/linuxAPI/Context.c seems to be preventing any
information to being recorded in the shadow process list of the plugin.
if (env->regs[15] < 0xC0000000)
{
return;
}
This looks like ARM-specific code that checks if currently we execute user
code. But even when replacing this with the x86 equivalent of (env->hflags &
HF_CPL_MASK) != 0, I just get a segfault during reading guest memory.
Any hints/pointers are welcome!
Thanks,
Manolis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20141028/608f6362/attachment.htm
More information about the panda-users
mailing list