[panda-users] System calls

Manolis Stamatogiannakis mstamat at gmail.com
Fri Feb 26 16:04:02 EST 2016 

2016-02-26 16:01 GMT+01:00 Julia Gustafsson <gustafssonjulia92 at gmail.com>:

> Hello again,
>
> Thank you for your help. I was able to build PANDA with the prov_tracer
> plugin, but I have some more questions.
>
> My first question is how I'm suppose to run it. You wrote:
> *"So make sure you try prov_tracer (which depends on linux_osi) on 32
> bit."*
> Does this mean that I should run it on i386-softmmu instead of
> x86_64-softmmu? I'm running a 32 bit Debian Squeeze (i386) as the guest
> system, and the host system is a 64 bit Ubuntu 14.04.
>

Yes, you should use i386-softmmu.
For introspection to work, you need to know the pointer/integer size for
the running OS. Those are defined at compile-time based on the underlying
architecture. Dynamically setting them based on the running OS would
unecessarily complicate the code. It would probably also make the code run
a bit less efficiently (less room for compiler optimizations).



>
> My second question is what the arguments to the plugins should be. I did 2
> recordings; one on i386-softmmu and one on x86_64-softmmu, and I got these
> errors when I tried to run them with the prov_tracer plugin(without
> arguments):
> *i386-softmmu:*
> *"i386-softmmu/qemu-system-i386 -replay echotestcrashi386 -panda osi
> -panda osi_linux:kconf_file=kernelinfo.conf,kconf_g -panda prov_tracer*
>
> *.....ERROR(osi_linux.cpp:init_plugin): Failed to read kernel info from
> group "debian-3.2.65-i686" of file "kernelinfo.conf".Fail. init_fn returned
> 0FAIL: Unable to load plugin
> `/home/parallels/Documents/PANDA/panda-master/qemu/i386-softmmu/panda_plugins/panda_osi_linux.so'Aborted
> (core dumped)"*
>
>
kernelinfo.conf contains "kernel offset profiles" which are used by the
introspection code. You should specify which profile from kernelifno.conf
should be used. E.g. *-panda
osi_linux:kconf_file=kernelinfo.conf,kconf_group=debian-3.2.63-i686*. The
"closer" it is to the kernel version you run, the better chances for it to
work.

If nothing seems to work, you will have to extract a profile specific to
your kernel. (see
https://github.com/m000/panda/tree/prov_tracer/qemu/panda_plugins/osi_linux/utils/kernelinfo
)



> *x86_64-softmmu:*
>
> "x86_64-softmmu/qemu-system-x86_64 -m 256 -replay echotestcrash -panda osi
> -panda osi_linux:kconf_file=kernelinfo.conf,kconf_group=my_kernel_info
> -panda prov_tracer
>
> .....
>
> ERROR(prov_tracer.cpp:init_plugin):
> panda_prov_tracer_syscallents_linux-x86_64.so: cannot open shared object
> file: No such file or directory
>
> Fail. init_fn returned 0
>
> FAIL: Unable to load plugin
> `/home/parallels/Documents/PANDA/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_prov_tracer.so'
>
> Aborted (core dumped)"
>
>
>
My guess is that this is related to your LD_LIBRARY_PATH. Make sure that
the panda_prov_tracer_syscallents_linux-* libraries are compiled and their
location is included in your LD_LIBRARY_PATH.

Cheers,
M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160226/28447130/attachment.html

More information about the panda-users mailing list