[panda-users] OSI plugin issues
Manolis Stamatogiannakis
mstamat at gmail.com
Thu Mar 19 14:42:54 EDT 2015
Hi Igor,
Which chain of plugins are you using?
linux_vmi doesn't work. If I understand correctly it is kept around because
it still is useful for Android analysis.
debianwheezyx86intro will only work for 32bit debian wheezy. It needs to be
loaded after the osi plugin.
osi_linux must also be loaded after the osi plugin. It should work with any
linux variant. However you need to extract some kernel struct offsets from
the guest using the supplied kernel module. (These offsets are hardcoded in
debianwheezyx86intro.)
Its shortcoming is that getting the current process currently only works
when the process is in kernel mode.
Brendan has proposed a fix for this, which shouldn't be hard to implement.
See discussion on
https://github.com/moyix/panda/commit/c5c024c82dfcb730756f3584a06cb8b8c0373714#commitcomment-10143831
Cheers,
Manolis
2015-03-19 13:26 GMT+01:00 Igor R <boost.lists at gmail.com>:
> Hi,
>
> I try to run testdebintro plugin to test osi. However, get_current_process
> and get_processes always return null (I encounter the same behavior when
> try to use it in my own plugin).
> My host OS is debian x86_64 bit, guest PANDA/QEMU debian x86.
> Is there a way to get osi work?
> Thanks.
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150319/9906f171/attachment.htm
More information about the panda-users
mailing list