[panda-users] System calls

Manolis Stamatogiannakis mstamat at gmail.com
Fri Feb 26 05:26:47 EST 2016 

The prov_tracer plugin depends on process events being enabled for the osi
plugins.

You need to add a -DOSI_PROC_EVENTS in your extra-cflags of build.sh. See:
https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh

Note that the syscall decoding functionality itself doesn't depend on
process events.



2016-02-26 11:11 GMT+01:00 Julia Gustafsson <gustafssonjulia92 at gmail.com>:

> Thanks, it sounds really interesting! However, I have some problems with
> adding it to PANDA. I downloaded the branch and added it to the
> panda_plugins folder in the qemu directory, and then I added it to the list
> of plugins in config.panda. When I run make (in the qemu folder) I get this
> error:
>
> *CXX
> /home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o*
> *prov_tracer.cpp:344:2: error: #error "Process Event Callbacks not
> enabled!"*
> * #error "Process Event Callbacks not enabled!"*
> *  ^*
> *make[2]: ***
> [/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o]
> Error 1*
> *make[1]: *** [plugin-prov_tracer] Error 2*
> *make: *** [subdir-x86_64-softmmu] Error 2*
>
> What could be wrong? I have tried to uncomment the syscalls plugin in
> config.panda but then I get this when running make:
>
> *make[2]: *** No rule to make target
> `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls/gen_syscall_ppp_boilerplate.cpp',
> needed by
> `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls.o'.
> Stop.*
> *make[1]: *** [plugin-syscalls] Error 2*
> *make: *** [subdir-x86_64-softmmu] Error 2*
>
> Thanks in advance,
> Julia
>
>
> 2016-02-26 1:17 GMT+01:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>
>>
>>
>> 2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <brendandg at nyu.edu>:
>>
>>> This is the job of the syscalls2 plugin API, which lets you register
>>> callbacks for individual system calls. You can also use the
>>> on_all_sys_enter callback to intercept *every* system call.
>>>
>>> The syscalls2 USAGE page has more details:
>>>
>>>
>>> https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md
>>>
>>> One thing that does not (yet) exist is something that registers every
>>> syscall callback and then prints the arguments (like strace in Linux
>>> does). I believe someone is currently working on doing this for Linux,
>>> but the plugin isn't finished yet and hasn't been committed.
>>>
>>
>>
>> In case this helps, I have already implemented something like this,
>> although it is not tied to syscalls2 plugin.
>>
>>
>> https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls
>>
>> https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp
>>
>> Essentially, a python script is used to extract the syscall signatures
>> from the linux source and dump them in a static array, which is then
>> compiled as a dynamic library. The entries of the array can then be used to
>> correctly interpret syscall arguments at runtime.
>>
>> M.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>>
>>> On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson
>>> <gustafssonjulia92 at gmail.com> wrote:
>>> > Hello,
>>> >
>>> > I have been looking through all the existing plugins, but haven't
>>> found any
>>> > way to get a list of the system calls made by either the whole system
>>> or by
>>> > certain processes. Does any plugin like that exist?
>>> >
>>> > Best Regards,
>>> > Julia
>>> >
>>> > _______________________________________________
>>> > panda-users mailing list
>>> > panda-users at mit.edu
>>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>>> >
>>>
>>>
>>>
>>> --
>>> Brendan Dolan-Gavitt
>>> Assistant Professor, Department of Computer Science and Engineering
>>> NYU Tandon School of Engineering
>>> _______________________________________________
>>> panda-users mailing list
>>> panda-users at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160226/f8908274/attachment.html

More information about the panda-users mailing list