[panda-users] Syscall Plugin

Downing, Evan P edowning3 at gatech.edu
Wed Feb 4 13:53:30 EST 2015 

Cool deal.

I was trying to use it on an image of Windows XP sp3 using x86_64 but it (syscalls2) was never giving me an error (i.e., "Unrecognized profile" or "The syscalls plugin is not currently supported on this platform.") so I was a bit confused when reading through syscall2's code as Windows XP and x86 seem to not be supported by the plugin.

Is it because of this line or am I interpreting the code incorrectly? (you seem to be defaulting to linux x86 instead of retrieving the actual OS and architecture) https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/syscalls2.cpp#L400

Thanks for your responses!

~Evan
________________________________________
From: mooyix at gmail.com <mooyix at gmail.com> on behalf of Brendan Dolan-Gavitt <brendandg at gatech.edu>
Sent: Tuesday, February 3, 2015 5:07 PM
To: Leek, Timothy - 0559 - MITLL
Cc: Downing, Evan P; panda-users at mit.edu
Subject: Re: [panda-users] Syscall Plugin

As Tim says, syscalls2 should be usable right now. The caveat I would
add is that it is currently set up to allow one to instrument specific
syscalls, rather than printing out every system call that occurs and
its arguments (ala strace).

It would be perfectly reasonable to create a plugin that does do this
printing (probably with some autogenerated code that feeds off the
same syscall prototypes text file), we just haven't done it yet.

-Brendan

On Tue, Feb 3, 2015 at 5:05 PM, Leek, Timothy - 0559 - MITLL
<tleek at ll.mit.edu> wrote:
> Oh and yes, we need to write a doc.  Soon!
>
> From: <Downing>, Evan P <edowning3 at gatech.edu>
> Date: Tuesday, February 3, 2015 at 5:01 PM
> To: "panda-users at mit.edu" <panda-users at mit.edu>
> Subject: [panda-users] Syscall Plugin
>
> Hey guys,
>
>
> Is the 'syscalls2' plugin still being developed?
>
>
> I noticed that the 'syscalls' plugin is being discontinued (and currently
> does not work) and was wondering the ETA on when 'syscalls2' was going to be
> finished.
>
>
> I wanted to replay the syscalls used in a recording session of PANDA.
>
>
> Thanks,
>
> Evan
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>

More information about the panda-users mailing list