[panda-users] Syscall Plugin

Downing, Evan P edowning3 at gatech.edu
Wed Feb 4 14:10:19 EST 2015


Understood.

Thanks for the clarification and all of your help,
Evan
________________________________________
From: mooyix at gmail.com <mooyix at gmail.com> on behalf of Brendan Dolan-Gavitt <brendandg at gatech.edu>
Sent: Wednesday, February 4, 2015 1:57 PM
To: Downing, Evan P
Cc: Leek, Timothy - 0559 - MITLL; panda-users at mit.edu
Subject: Re: [panda-users] Syscall Plugin

The default right now if you don't specify a particular OS is Linux
x86. You can pick which profile you want using the command line
argument:

-panda syscalls2:profile=windows7_x86

Right now the supported profiles are linux_x86, linux_x86, and
windows7_x86. We haven't added Windows XP yet, but it should not take
too much work – mostly just renumbering the syscall prototypes file so
that the system call numbers match the ones for XP; the prototypes
haven't actually changed.

-Brendan

On Wed, Feb 4, 2015 at 1:53 PM, Downing, Evan P <edowning3 at gatech.edu> wrote:
> Cool deal.
>
> I was trying to use it on an image of Windows XP sp3 using x86_64 but it (syscalls2) was never giving me an error (i.e., "Unrecognized profile" or "The syscalls plugin is not currently supported on this platform.") so I was a bit confused when reading through syscall2's code as Windows XP and x86 seem to not be supported by the plugin.
>
> Is it because of this line or am I interpreting the code incorrectly? (you seem to be defaulting to linux x86 instead of retrieving the actual OS and architecture) https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/syscalls2.cpp#L400
>
> Thanks for your responses!
>
> ~Evan
> ________________________________________
> From: mooyix at gmail.com <mooyix at gmail.com> on behalf of Brendan Dolan-Gavitt <brendandg at gatech.edu>
> Sent: Tuesday, February 3, 2015 5:07 PM
> To: Leek, Timothy - 0559 - MITLL
> Cc: Downing, Evan P; panda-users at mit.edu
> Subject: Re: [panda-users] Syscall Plugin
>
> As Tim says, syscalls2 should be usable right now. The caveat I would
> add is that it is currently set up to allow one to instrument specific
> syscalls, rather than printing out every system call that occurs and
> its arguments (ala strace).
>
> It would be perfectly reasonable to create a plugin that does do this
> printing (probably with some autogenerated code that feeds off the
> same syscall prototypes text file), we just haven't done it yet.
>
> -Brendan
>
> On Tue, Feb 3, 2015 at 5:05 PM, Leek, Timothy - 0559 - MITLL
> <tleek at ll.mit.edu> wrote:
>> Oh and yes, we need to write a doc.  Soon!
>>
>> From: <Downing>, Evan P <edowning3 at gatech.edu>
>> Date: Tuesday, February 3, 2015 at 5:01 PM
>> To: "panda-users at mit.edu" <panda-users at mit.edu>
>> Subject: [panda-users] Syscall Plugin
>>
>> Hey guys,
>>
>>
>> Is the 'syscalls2' plugin still being developed?
>>
>>
>> I noticed that the 'syscalls' plugin is being discontinued (and currently
>> does not work) and was wondering the ETA on when 'syscalls2' was going to be
>> finished.
>>
>>
>> I wanted to replay the syscalls used in a recording session of PANDA.
>>
>>
>> Thanks,
>>
>> Evan
>>
>>
>> _______________________________________________
>> panda-users mailing list
>> panda-users at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>



More information about the panda-users mailing list