[panda-users] memory activity/traces isolation
gilles B
gillusg75 at gmail.com
Tue Nov 24 12:53:38 EST 2015
Hello,
I'm Software Security Engineer working in Mobile Security among other stuff.
I've just discovered this nice and wild animal that is Panda, I'm not yet
doing Kung Fu with it but I'm more in the learning steps to make it walk :)
I've successfully read and replayed some records of my target program that
I execute on a Debian 6 (x86).
Basically I want to get some memory traces of the execution of my entire
program (all the memory reads/writes + addresses), so I have used the
plugins 'memdump' and 'tapindex' to create those traces and it looks
correct.
I have now 4 logs: tap_writes.idx, tap_reads.idx, tap_writes.bin and
tap_reads.bin.
By having a look into the code of the plugins I've been able to understand
their content, basically the .bin files contain the memory content that is
read/written, and the .idx files contain the associated addresses,PC and
other infos on those read/writes.
I have manually inspected those logs and it seems to work fine as the
memory accesses match the behavior of my program.
However if I understand correctly, the logs contain all the memory accesses
recorded, including some noise from the OS.
In fact I would like to log only the memory activity of my program, not the
memory activity of the OS that executes in parallel.
Basically I execute my program in command line on Linux environment:
./myProgram.sh
Can someone help me to achieve this?
Best Regards,
Gilles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20151124/10a4500f/attachment.html
More information about the panda-users
mailing list