[panda-users] Panda Plugin development

Kenneth Adam Miller kennethadammiller at gmail.com
Wed Jan 28 09:52:05 EST 2015 

Did you ever get help on this?

On Mon, Jan 12, 2015 at 5:45 PM, Simone Mazzoni <simone.mazzoni13 at gmail.com>
wrote:

> Hello,
>
> I am developing a Panda plugin for doing VM introspection of a Windows VM
> (windows 7 for the moment). My goal is to track the flow of system calls of
> a given process, including their return values and their arguments.
> The final goal is to "automatically" retrieve the arguments of each system
> call, and see which arguments are passed from a system call to another, or
> if the return values of some system calls are used as input for other
> system calls.
>
> I have currently coded a plugin that uses the "osi" plugin and the
> "win7x86intro" plugin, but I'm not sure of the results that produces.
>
> I put the source code as attachment.
>
> Regarding the code of the file mysyscalls.c of the attachment, can someone
> give me an opinion about the correctness of what I write? My intention is
> to track only the system calls of a certain process with input arguments,
> and output values.
> My plugin currently tries to retrieve all the arguments of a syscall, and
> print them in order in a txt file. The output seems to have sense, but I am
> not completely sure that it retrieves the correct number of arguments.
>
> In the file mysyscalls.txt there is an example of the output and as you
> can see, for example for the system call 0xb3 (NtOpenFile) at line 1035, I
> found 8 arguments. Is it correct?The windows 7 system call NtOpenFile has 8
> input argumets?
>
> I know I wrote a lot of stuff, but I tried to be more clear that I can.
>
> Thanks in advance for the answers, and if someone has any advice, is truly
> appreciated.
>
> -Simone
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150128/7c4b6c14/attachment.htm

More information about the panda-users mailing list