[panda-users] Strange PCs in 64 bit Linux guest
Igor R
boost.lists at gmail.com
Tue Jun 2 13:04:32 EDT 2015
Hello,
My plugin logs basic-blocks' and some instructions' addresses, which
belong to the main executable only. I test it with a simple C program
that runs in Debian x86 guest, and the plugin logs the addresses that
I'd expect to see.
Now I tried to test it with the very same 32-bit program that runs in
Fedora x86_64 guest (with glibc.i686 installed), and I was surprised
to discover that the instruction addresses that my plugin sees are
quite different from the ones I see in gdb (or when reversing
statically).
I re-compiled the program for 64 bit, but the addresses are still weird.
OTOH, if I run the program under gdb, while plugin is active, the
addresses are reasonable again.
That's said, the program seems to be loaded to the expected base
address, because my plugin identifies the target process by
identifying a pre-set "cookie" in its data segment - and it *is*
there.
What could be the reason for such a behavior?
Thanks.
More information about the panda-users
mailing list