[panda-users] System calls
Julia Gustafsson
gustafssonjulia92 at gmail.com
Fri Feb 26 05:11:25 EST 2016
Thanks, it sounds really interesting! However, I have some problems with
adding it to PANDA. I downloaded the branch and added it to the
panda_plugins folder in the qemu directory, and then I added it to the list
of plugins in config.panda. When I run make (in the qemu folder) I get this
error:
*CXX
/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o*
*prov_tracer.cpp:344:2: error: #error "Process Event Callbacks not
enabled!"*
* #error "Process Event Callbacks not enabled!"*
* ^*
*make[2]: ***
[/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o]
Error 1*
*make[1]: *** [plugin-prov_tracer] Error 2*
*make: *** [subdir-x86_64-softmmu] Error 2*
What could be wrong? I have tried to uncomment the syscalls plugin in
config.panda but then I get this when running make:
*make[2]: *** No rule to make target
`/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls/gen_syscall_ppp_boilerplate.cpp',
needed by
`/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls.o'.
Stop.*
*make[1]: *** [plugin-syscalls] Error 2*
*make: *** [subdir-x86_64-softmmu] Error 2*
Thanks in advance,
Julia
2016-02-26 1:17 GMT+01:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>
>
> 2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <brendandg at nyu.edu>:
>
>> This is the job of the syscalls2 plugin API, which lets you register
>> callbacks for individual system calls. You can also use the
>> on_all_sys_enter callback to intercept *every* system call.
>>
>> The syscalls2 USAGE page has more details:
>>
>>
>> https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md
>>
>> One thing that does not (yet) exist is something that registers every
>> syscall callback and then prints the arguments (like strace in Linux
>> does). I believe someone is currently working on doing this for Linux,
>> but the plugin isn't finished yet and hasn't been committed.
>>
>
>
> In case this helps, I have already implemented something like this,
> although it is not tied to syscalls2 plugin.
>
>
> https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls
>
> https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp
>
> Essentially, a python script is used to extract the syscall signatures
> from the linux source and dump them in a static array, which is then
> compiled as a dynamic library. The entries of the array can then be used to
> correctly interpret syscall arguments at runtime.
>
> M.
>
>
>
>
>
>
>
>
>
>
>
>>
>> On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson
>> <gustafssonjulia92 at gmail.com> wrote:
>> > Hello,
>> >
>> > I have been looking through all the existing plugins, but haven't found
>> any
>> > way to get a list of the system calls made by either the whole system
>> or by
>> > certain processes. Does any plugin like that exist?
>> >
>> > Best Regards,
>> > Julia
>> >
>> > _______________________________________________
>> > panda-users mailing list
>> > panda-users at mit.edu
>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>> >
>>
>>
>>
>> --
>> Brendan Dolan-Gavitt
>> Assistant Professor, Department of Computer Science and Engineering
>> NYU Tandon School of Engineering
>> _______________________________________________
>> panda-users mailing list
>> panda-users at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160226/37227341/attachment.html
More information about the panda-users
mailing list