[panda-users] memory activity/traces isolation
Federico "fox" Scrinzi
fox91 at anche.no
Mon Nov 30 17:19:19 EST 2015
On 24/11/2015 17:53, gilles B wrote:
> In fact I would like to log only the memory activity of my program, not
> the memory activity of the OS that executes in parallel.
I did a similar thing using panda in a sort of hackish way that was good
enough for my purpose. I needed the following assumptions:
- Single thread process
- Know the ASID (CR3 register on x86) of the target process (I used to
look for unique strings in memory using the stringsearch plugin and get
the ASID from that log)
Then you can do the following:
- record an execution
- use the stringsearch plugin to get the ASID of the process
- run a custom plugin that records all accesses to memory filtering by
ASID and removing kernel stuff. To do this filtering you can use the
following code at the beginning of each PANDA_CB_VIRT_MEM_{READ,WRITE}
callback:
if (panda_in_kernel(env) || panda_current_asid(env) != target_asid) {
return;
}
I know it's not a very clean or nice approach but it's simple and it was
good enough for me. Hope this helps ;)
--
f.
https://github.com/volpino
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20151130/2132af5c/attachment.bin
More information about the panda-users
mailing list