[panda-users] memdump plugin and instrumentation

gilles B gillusg75 at gmail.com
Sat Dec 19 14:22:39 EST 2015 

Yes, DBI and emulation can be very convenient but ultimately a
hardware-based method using JTAG has to be considered.if other methods are
not viable.
Interesting link, I'll have a look.

Gilles

2015-12-18 15:42 GMT+00:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:

> Yes; PANDA does not use DBI, but rather emulates the whole system
> using QEMU and instruments the code that implements memory accesses in
> QEMU. You can find that in softmmu_template.h.
>
> In theory one could also trace memory accesses in real hardware; some
> folks recently did that on an embedded platform:
>
>
> https://www.acsac.org/2015/openconf/modules/request.php?module=oc_program&action=summary.php&id=119
>
> -Brendan
>
> On Fri, Dec 18, 2015 at 6:43 AM, gilles B <gillusg75 at gmail.com> wrote:
> > I forgot the references:
> > [1]
> >
> https://software.intel.com/en-us/articles/pin-a-binary-instrumentation-tool-papers
> > [2] https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-606.pdf
> >
> > 2015-12-18 11:42 GMT+00:00 gilles B <gillusg75 at gmail.com>:
> >>
> >> Hello guys,
> >>
> >> I'm actually trying to understand if the plugin memdump associated with
> >> the plugin tapindex implements some kind of instrumentation.
> >> This is the case of the PIN tool [1] by example which implements what
> you
> >> call DBI (Dynamic Binary Instrumentation [2]).
> >> With PANDA, from a theoretical point of view, it seems that thanks to
> >> QEMU, you can just record all the memory activity (memory reads and
> writes)
> >> through emulation without using DBI, is it the case with the plugin
> memdump?
> >> As some programs implement some countermeasures against DBI, then only
> >> emulaton frameworks would allow to capture memory traces conveniently.
> Of
> >> course if the program implements some coutnermeasures against emulation
> in
> >> addition of DBI, then it gets difficult.
> >> I'm actually studying the code step by step to figure out, but if you
> can
> >> guide me, I would be happy.
> >>
> >> BR,
> >>
> >> Gilles
> >
> >
> >
> > _______________________________________________
> > panda-users mailing list
> > panda-users at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/panda-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20151219/028fef7a/attachment.html

More information about the panda-users mailing list