[panda-users] Replaying "real'' session

Leek, Timothy - 0559 - MITLL tleek at ll.mit.edu
Tue Mar 10 19:47:28 EDT 2015 

Yes, that¹s what happens.  If you start a recording then launch some
process in the guest such as ls, then that same process will run in the
guest during replay.  In fact, all the same processes that run during
recording will run in the same way during replay as during recording.
They will interact with each other in the same sequence and pattern. The
exact same sequence of instructions will be executed by the CPU in record
and replay.  That is, all processes including the kernel.

We log all nondeterministic inputs to RAM & CPU (including interrupts and
DMA).  Then arrange to replay them at the right times to replay.  So,
during replay, the same processes get created and actually run in the same
order.  The same machine (guest) runs and its RAM and registers move
between the same states in replay as they did during record.

We have a paper that gives more details.  You can find it with Google.

Repeatable Reverse Engineering for the Greater Good with PANDA.
TR CUCS-023-14


On 3/10/15, 7:39 PM, "Igor R" <boost.lists at gmail.com> wrote:

>Then I'm afraid I misunderstand how it's done...
>Let's assume I start recording, then launch some process in the guest
>(eg. ls). During replay I'd like to see this process physically
>running again in a QEMU session. Is this possible?
>
>
>2015-03-11 1:27 GMT+02:00 Leek, Timothy - 0559 - MITLL <tleek at ll.mit.edu>:
>> Hi Igor.  Not sure if I follow you.  Panda does replay all the guest
>> instructions in the same order as they happened on the guest.  The guest
>> should march through precisely the same set of register and ram states.
>> Which instructions do you think are missing?
>>
>> Tim
>>
>> On 3/10/15, 6:17 PM, "Igor R" <boost.lists at gmail.com> wrote:
>>
>>>Is it possible to use the record/replay mechanism to replay a real
>>>QEMU session - i.e. to really execute all the instructions?
>>>_______________________________________________
>>>panda-users mailing list
>>>panda-users at mit.edu
>>>http://mailman.mit.edu/mailman/listinfo/panda-users
>_______________________________________________
>panda-users mailing list
>panda-users at mit.edu
>http://mailman.mit.edu/mailman/listinfo/panda-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3076 bytes
Desc: not available
Url : http://mailman.mit.edu/mailman/private/panda-users/attachments/20150310/0c8a27d7/attachment.bin

More information about the panda-users mailing list