[panda-users] file_taint question
Manolis Stamatogiannakis
mstamat at gmail.com
Sun Jul 17 13:20:04 EDT 2016
Hello,
I was going through the file_taint plugin code and was wondering about the
osi_foo() callback.
https://github.com/moyix/panda/blob/master/qemu/panda_plugins/file_taint/file_taint.cpp#L386
Is there any reason that the function is hooked as
a PANDA_CB_BEFORE_BLOCK_EXEC callback rather than PANDA_CB_VMI_PGD_CHANGED
callback?
For linux it seems to me that PANDA_CB_VMI_PGD_CHANGED would yield
equivalent results at only a tiny fraction of the invocations.
Same should be true for windows as far as I can tell.
Thanks,
M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160717/cb4f1f7b/attachment.html
More information about the panda-users
mailing list