[panda-users] Ida-taint2 plugin
Julia Gustafsson
gustafssonjulia92 at gmail.com
Wed Feb 17 06:36:06 EST 2016
Hello,
I'm a bit confused on how to actually perform the taint analysing on the
data I get from the ida-taint2 plugin.
Do I need to be on a windows host? What the programs are needed to use the
taint analysis?
I want to analyse the data I got from this command:
86_64-softmmu/qemu-system-x86_64 -m 1024 -replay cve-2011-1255-exploit
-panda 'syscalls2:profile=windows7_x86;ida_taint2' -panda win7proc
-pandalog taintexploit.plog
Another question is who I can interpret the data in taintexploit.plog? I
have extracted the information to a txt file.
For example how can I interpret this:
instr=1352142909 pc=0x77864bcc : nt_create_user_process [ (process, cur,
728, iexplore.exe) ] [ (process, new, 772, calc.exe) ]
name=[C:\Windows\system32\calc.exe]
Is there any other good way to perform taint analysis on a windows 7 32 bit
guest?
Thank you very much in advance!
Julia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160217/09babace/attachment.html
More information about the panda-users
mailing list