[panda-users] OSI plugin issues
Igor R
boost.lists at gmail.com
Sat Mar 21 15:12:54 EDT 2015
Hi Manolis,
I was trying to load just osi, didn't realize I had to load osi_linux as well.
But anyway, I need this info in the user mode. As for the fix proposed
by Brendan (using IA32_sysenter_esp) - further in this discussion it
looks like you tried it and it didn't work, did it?
Thanks!
2015-03-19 20:42 GMT+02:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
> Hi Igor,
>
> Which chain of plugins are you using?
>
> linux_vmi doesn't work. If I understand correctly it is kept around because
> it still is useful for Android analysis.
>
> debianwheezyx86intro will only work for 32bit debian wheezy. It needs to be
> loaded after the osi plugin.
>
> osi_linux must also be loaded after the osi plugin. It should work with any
> linux variant. However you need to extract some kernel struct offsets from
> the guest using the supplied kernel module. (These offsets are hardcoded in
> debianwheezyx86intro.)
> Its shortcoming is that getting the current process currently only works
> when the process is in kernel mode.
> Brendan has proposed a fix for this, which shouldn't be hard to implement.
> See discussion on
> https://github.com/moyix/panda/commit/c5c024c82dfcb730756f3584a06cb8b8c0373714#commitcomment-10143831
>
> Cheers,
> Manolis
>
> 2015-03-19 13:26 GMT+01:00 Igor R <boost.lists at gmail.com>:
>>
>> Hi,
>>
>> I try to run testdebintro plugin to test osi. However, get_current_process
>> and get_processes always return null (I encounter the same behavior when try
>> to use it in my own plugin).
>> My host OS is debian x86_64 bit, guest PANDA/QEMU debian x86.
>> Is there a way to get osi work?
>> Thanks.
>>
>>
>> _______________________________________________
>> panda-users mailing list
>> panda-users at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>
>
More information about the panda-users
mailing list