[panda-users] How can I get the original assembly code(opcode)?
Igor R
boost.lists at gmail.com
Mon Aug 17 02:33:41 EDT 2015
> I trying to get the "mybin.exe'' 's original assembly code(opcode) in the PANDA plugin.
> (for tracing binary's opcode, registers, memory ..)
>
> Host OS : ubuntu x64
> Guest OS : windows xp x86
> Test binary : mybin.exe
>
> I got the opcode using panda_virtual_memory_rw function at PANDA_CB_INSN_TRANSLATE.
> ex) panda_virtual_memory_rw(env, env->eip, buf, 20, 0);
>
> but, It is not same as original assembly code('mybin.exe').
> It seems to be translated by the PANDA.
Quoting from the documentation:
<<
insn_translate: called before the translation of each instruction
Callback ID: PANDA_CB_INSN_TRANSLATE
Arguments:
CPUState *env: the current CPU state
target_ulong pc: the guest PC we are about to translate
>>
So, if you need the opcode of the instruction being translated, you
should read the memory from "pc" address (rather than env->ip).
More information about the panda-users
mailing list