[panda-users] System calls

Julia Gustafsson gustafssonjulia92 at gmail.com
Fri Feb 26 10:01:26 EST 2016 

Hello again,

Thank you for your help. I was able to build PANDA with the prov_tracer
plugin, but I have some more questions.

My first question is how I'm suppose to run it. You wrote:
*"So make sure you try prov_tracer (which depends on linux_osi) on 32 bit."*
Does this mean that I should run it on i386-softmmu instead of
x86_64-softmmu? I'm running a 32 bit Debian Squeeze (i386) as the guest
system, and the host system is a 64 bit Ubuntu 14.04.

My second question is what the arguments to the plugins should be. I did 2
recordings; one on i386-softmmu and one on x86_64-softmmu, and I got these
errors when I tried to run them with the prov_tracer plugin(without
arguments):
*i386-softmmu:*
*"i386-softmmu/qemu-system-i386 -replay echotestcrashi386 -panda osi -panda
osi_linux:kconf_file=kernelinfo.conf,kconf_g -panda prov_tracer*

*.....ERROR(osi_linux.cpp:init_plugin): Failed to read kernel info from
group "debian-3.2.65-i686" of file "kernelinfo.conf".Fail. init_fn returned
0FAIL: Unable to load plugin
`/home/parallels/Documents/PANDA/panda-master/qemu/i386-softmmu/panda_plugins/panda_osi_linux.so'Aborted
(core dumped)"*

*x86_64-softmmu:*

"x86_64-softmmu/qemu-system-x86_64 -m 256 -replay echotestcrash -panda osi
-panda osi_linux:kconf_file=kernelinfo.conf,kconf_group=my_kernel_info
-panda prov_tracer

.....

ERROR(prov_tracer.cpp:init_plugin):
panda_prov_tracer_syscallents_linux-x86_64.so: cannot open shared object
file: No such file or directory

Fail. init_fn returned 0

FAIL: Unable to load plugin
`/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer.so'

Aborted (core dumped)"


Best Regards,

Julia




2016-02-26 11:31 GMT+01:00 Manolis Stamatogiannakis <mstamat at gmail.com>:

> Also note that linux_osi has some issues on 64 bit (I can see you are
> using
> *x86_64-softmmu).*
> So make sure you try prov_tracer (which depends on linux_osi) on 32 bit.
>
> Again, the syscall decoding code shouldn't have problems if it is moved
> outside the plugin.
>
> 2016-02-26 11:26 GMT+01:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>
>> The prov_tracer plugin depends on process events being enabled for the
>> osi plugins.
>>
>> You need to add a -DOSI_PROC_EVENTS in your extra-cflags of build.sh.
>> See: https://github.com/m000/panda/blob/prov_tracer/qemu/build.sh
>>
>> Note that the syscall decoding functionality itself doesn't depend on
>> process events.
>>
>>
>>
>> 2016-02-26 11:11 GMT+01:00 Julia Gustafsson <gustafssonjulia92 at gmail.com>
>> :
>>
>>> Thanks, it sounds really interesting! However, I have some problems with
>>> adding it to PANDA. I downloaded the branch and added it to the
>>> panda_plugins folder in the qemu directory, and then I added it to the list
>>> of plugins in config.panda. When I run make (in the qemu folder) I get this
>>> error:
>>>
>>> *CXX
>>> /home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o*
>>> *prov_tracer.cpp:344:2: error: #error "Process Event Callbacks not
>>> enabled!"*
>>> * #error "Process Event Callbacks not enabled!"*
>>> *  ^*
>>> *make[2]: ***
>>> [/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer/prov_tracer.o]
>>> Error 1*
>>> *make[1]: *** [plugin-prov_tracer] Error 2*
>>> *make: *** [subdir-x86_64-softmmu] Error 2*
>>>
>>> What could be wrong? I have tried to uncomment the syscalls plugin in
>>> config.panda but then I get this when running make:
>>>
>>> *make[2]: *** No rule to make target
>>> `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls/gen_syscall_ppp_boilerplate.cpp',
>>> needed by
>>> `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/syscalls.o'.
>>> Stop.*
>>> *make[1]: *** [plugin-syscalls] Error 2*
>>> *make: *** [subdir-x86_64-softmmu] Error 2*
>>>
>>> Thanks in advance,
>>> Julia
>>>
>>>
>>> 2016-02-26 1:17 GMT+01:00 Manolis Stamatogiannakis <mstamat at gmail.com>:
>>>
>>>>
>>>>
>>>> 2016-02-25 20:08 GMT+01:00 Brendan Dolan-Gavitt <brendandg at nyu.edu>:
>>>>
>>>>> This is the job of the syscalls2 plugin API, which lets you register
>>>>> callbacks for individual system calls. You can also use the
>>>>> on_all_sys_enter callback to intercept *every* system call.
>>>>>
>>>>> The syscalls2 USAGE page has more details:
>>>>>
>>>>>
>>>>> https://github.com/moyix/panda/blob/master/qemu/panda_plugins/syscalls2/USAGE.md
>>>>>
>>>>> One thing that does not (yet) exist is something that registers every
>>>>> syscall callback and then prints the arguments (like strace in Linux
>>>>> does). I believe someone is currently working on doing this for Linux,
>>>>> but the plugin isn't finished yet and hasn't been committed.
>>>>>
>>>>
>>>>
>>>> In case this helps, I have already implemented something like this,
>>>> although it is not tied to syscalls2 plugin.
>>>>
>>>>
>>>> https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/prov_tracer/syscalls
>>>>
>>>> https://github.com/m000/panda/blob/prov_tracer/qemu/panda_plugins/prov_tracer/syscall_info.cpp
>>>>
>>>> Essentially, a python script is used to extract the syscall signatures
>>>> from the linux source and dump them in a static array, which is then
>>>> compiled as a dynamic library. The entries of the array can then be used to
>>>> correctly interpret syscall arguments at runtime.
>>>>
>>>> M.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> On Thu, Feb 25, 2016 at 1:18 PM, Julia Gustafsson
>>>>> <gustafssonjulia92 at gmail.com> wrote:
>>>>> > Hello,
>>>>> >
>>>>> > I have been looking through all the existing plugins, but haven't
>>>>> found any
>>>>> > way to get a list of the system calls made by either the whole
>>>>> system or by
>>>>> > certain processes. Does any plugin like that exist?
>>>>> >
>>>>> > Best Regards,
>>>>> > Julia
>>>>> >
>>>>> > _______________________________________________
>>>>> > panda-users mailing list
>>>>> > panda-users at mit.edu
>>>>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Brendan Dolan-Gavitt
>>>>> Assistant Professor, Department of Computer Science and Engineering
>>>>> NYU Tandon School of Engineering
>>>>> _______________________________________________
>>>>> panda-users mailing list
>>>>> panda-users at mit.edu
>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160226/0de38239/attachment-0001.html

More information about the panda-users mailing list