Hi all,
I'm bumping this question because after much digging I really can't find
what I'm doing wrong.
It's very easy to reproduce this problem: just add a new function to
"all_windows_prototypes.txt".
I simply added: NTSTATUS NtUserCreateWindowEx ();
(and then ran createWindowsPrototypes.py, recreate_all_os_arch.sh, and make)
The symbol, ppp_on_NtUserCreateWindowEx_enter_num_cb, seems to come from
panda_plugin_plugin.h:
--SNIP-LINE-68--
#define PPP_CB_BOILERPLATE(cb_name) \
cb_name##_t ppp_##cb_name##_cb[PPP_MAX_CB]; \
int ppp_##cb_name##_num_cb = 0; \
--SNIP--
PPP_CB_BOILERPLATE is indeed called from:
panda_plugins/syscalls2/gen_syscall_ppp_boilerplate_return.cpp:
--SNIP--
PPP_CB_BOILERPLATE(on_NtUserCreateWindowEx_return)
--SNIP--
and:
panda_plugins/syscalls2/gen_syscall_ppp_boilerplate_enter.cpp:
--SNIP--
PPP_CB_BOILERPLATE(on_NtUserCreateWindowEx_enter)
--SNIP--
I'm just not sure how to debug this any further.
Any comments very welcome!
On 20 July 2016 at 16:13, Bridgey theGeek <bridgeythegeek at gmail.com> wrote:
> All,
>
> I'm trying to resolve the following when adding NtUserCreateWindowEx.
>
> I duplicated the final line of all_windows_prototypes.txt, renaming the
> function, so the final two lines become:
> NTSTATUS NtQueryLicenseValue (PUNICODE_STRING Name, PULONG Type, PVOID
> Buffer, ULONG Length, PULONG ReturnedLength);
> NTSTATUS NtUserCreateWindowEx (PUNICODE_STRING Name, PULONG Type, PVOID
> Buffer, ULONG Length, PULONG ReturnedLength);
>
> Obviously the prototype is wrong, but I just wanted to be able to add the
> entry and still have syscalls2 compile and run.
>
> So I then run:
> $ python createWindowsPrototypes.py all_windows_prototypes.txt
> $ ./recreate_all_os_arch.sh
>
> then:
> $ make
>
> and everything is fine.
>
> When I try to run syscalls2 against a Win7SP1x86 replay, PANDA reports:
> Failed to load /path/to/panda_syscalls2.so: /path/to/panda_syscalls2.so:
> undefined symbol: ppp_on_NtUserCreateWindowEx_enter_num_cb
>
> The "_num_cb" seems wrong..?
>
> Thank you,
> Adam
>
>
> On 20 July 2016 at 11:06, Bridgey theGeek <bridgeythegeek at gmail.com>
> wrote:
>
>> Thanks Brendan. I'm sure you're right: I need to add the prototype.
>> However, this specific issue was the error I was seeing was when it was
>> trying to compile for ARM.
>> I needed to add the: #ifdef TARGET_I386 to my code.
>>
>> If/when I can prove my prototype I'll definitely make a pull request.
>>
>> Thanks again,
>> Adam
>>
>> On 19 July 2016 at 22:39, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>>
>>> I think the issue is that we don't have a prototype for
>>> NtUserCreateWindowEx, which means syscalls2 doesn't have a callback
>>> for it. If you know the prototype, you can add it to
>>> panda_plugins/syscalls2/all_windows_prototypes.txt, run
>>> createWindowsPrototypes.py, and then run recreate_all_os_arch.sh and
>>> it will add the appropriate callback.
>>>
>>> At that point (assuming everything works), it would be great if you
>>> created a pull request so that others can benefit as well!
>>>
>>> -Brendan
>>>
>>> On Tue, Jul 19, 2016 at 5:33 PM, Bridgey theGeek
>>> <bridgeythegeek at gmail.com> wrote:
>>> > Hi PANDAs,
>>> >
>>> > I'm trying to write a plugin to use alongside syscalls2 to handle
>>> > NtUserCreateWindowEx.
>>> >
>>> > In the panda_plugins folder I've created a folder called
>>> 'usercreatewin'.
>>> > In that folder I have usercreatewin.cpp and Makefile.
>>> > I've added 'usercreatewin' to config.panda.
>>> >
>>> > My init function looks like this:
>>> > bool init_plugin(void *self) {
>>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>>> > my_NtUserCreateWindowEx_enter);
>>> > return true;
>>> > }
>>> >
>>> > The corresponding 'my_NtUserCreateWindowEx_enter' function is in my
>>> cpp file
>>> > as well.
>>> >
>>> > When I issue 'make' I get:
>>> > --SNIP--
>>> > make[2]: Nothing to be done for 'all'.
>>> > CXX
>>> > /home/btg/src/panda/qemu/x86_64-softmmu/panda_plugins/usercreatewin.o
>>> > In file included from usercreatewin.cpp:5:0:
>>> > usercreatewin.cpp: In function ‘bool init_plugin(void*)’:
>>> > usercreatewin.cpp:29:29: error: ‘on_NtUserCreateWindowEx_enter_t’ was
>>> not
>>> > declared in this scope
>>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>>> > my_NtUserCreateWindowEx_enter);
>>> > ^
>>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:120:20: note: in
>>> definition
>>> > of macro ‘PPP_REG_CB’
>>> > void (*add_cb)(cb_name##_t fptr) = (void (*)(cb_name##_t))
>>> dlsym(op,
>>> > "ppp_add_cb_" #cb_name); \
>>> > ^
>>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:120:38: error:
>>> expected ‘,’
>>> > or ‘;’ before ‘=’ token
>>> > void (*add_cb)(cb_name##_t fptr) = (void (*)(cb_name##_t))
>>> dlsym(op,
>>> > "ppp_add_cb_" #cb_name); \
>>> > ^
>>> > usercreatewin.cpp:29:5: note: in expansion of macro ‘PPP_REG_CB’
>>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>>> > my_NtUserCreateWindowEx_enter);
>>> > ^
>>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:122:20: error: ‘add_cb’
>>> > cannot be used as a function
>>> > add_cb (cb_func); \
>>> > ^
>>> > usercreatewin.cpp:29:5: note: in expansion of macro ‘PPP_REG_CB’
>>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>>> > my_NtUserCreateWindowEx_enter);
>>> > ^
>>> > ../panda.mak:42: recipe for target
>>> > '/home/btg/src/panda/qemu/x86_64-softmmu/panda_plugins/
>>> usercreatewin.o'
>>> > failed
>>> > --SNIP--
>>> >
>>> > It feels like I've forgotten something. Any help gratefully received!
>>> >
>>> > Thanks,
>>> > Adam
>>> >
>>> > _______________________________________________
>>> > panda-users mailing list
>>> > panda-users at mit.edu
>>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>>> >
>>>
>>>
>>>
>>> --
>>> Brendan Dolan-Gavitt
>>> Assistant Professor, Department of Computer Science and Engineering
>>> NYU Tandon School of Engineering
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160809/905b2fa9/attachment.html