All,
I'm trying to resolve the following when adding NtUserCreateWindowEx.
I duplicated the final line of all_windows_prototypes.txt, renaming the
function, so the final two lines become:
NTSTATUS NtQueryLicenseValue (PUNICODE_STRING Name, PULONG Type, PVOID
Buffer, ULONG Length, PULONG ReturnedLength);
NTSTATUS NtUserCreateWindowEx (PUNICODE_STRING Name, PULONG Type, PVOID
Buffer, ULONG Length, PULONG ReturnedLength);
Obviously the prototype is wrong, but I just wanted to be able to add the
entry and still have syscalls2 compile and run.
So I then run:
$ python createWindowsPrototypes.py all_windows_prototypes.txt
$ ./recreate_all_os_arch.sh
then:
$ make
and everything is fine.
When I try to run syscalls2 against a Win7SP1x86 replay, PANDA reports:
Failed to load /path/to/panda_syscalls2.so: /path/to/panda_syscalls2.so:
undefined symbol: ppp_on_NtUserCreateWindowEx_enter_num_cb
The "_num_cb" seems wrong..?
Thank you,
Adam
On 20 July 2016 at 11:06, Bridgey theGeek <bridgeythegeek at gmail.com> wrote:
> Thanks Brendan. I'm sure you're right: I need to add the prototype.
> However, this specific issue was the error I was seeing was when it was
> trying to compile for ARM.
> I needed to add the: #ifdef TARGET_I386 to my code.
>
> If/when I can prove my prototype I'll definitely make a pull request.
>
> Thanks again,
> Adam
>
> On 19 July 2016 at 22:39, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>
>> I think the issue is that we don't have a prototype for
>> NtUserCreateWindowEx, which means syscalls2 doesn't have a callback
>> for it. If you know the prototype, you can add it to
>> panda_plugins/syscalls2/all_windows_prototypes.txt, run
>> createWindowsPrototypes.py, and then run recreate_all_os_arch.sh and
>> it will add the appropriate callback.
>>
>> At that point (assuming everything works), it would be great if you
>> created a pull request so that others can benefit as well!
>>
>> -Brendan
>>
>> On Tue, Jul 19, 2016 at 5:33 PM, Bridgey theGeek
>> <bridgeythegeek at gmail.com> wrote:
>> > Hi PANDAs,
>> >
>> > I'm trying to write a plugin to use alongside syscalls2 to handle
>> > NtUserCreateWindowEx.
>> >
>> > In the panda_plugins folder I've created a folder called
>> 'usercreatewin'.
>> > In that folder I have usercreatewin.cpp and Makefile.
>> > I've added 'usercreatewin' to config.panda.
>> >
>> > My init function looks like this:
>> > bool init_plugin(void *self) {
>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>> > my_NtUserCreateWindowEx_enter);
>> > return true;
>> > }
>> >
>> > The corresponding 'my_NtUserCreateWindowEx_enter' function is in my cpp
>> file
>> > as well.
>> >
>> > When I issue 'make' I get:
>> > --SNIP--
>> > make[2]: Nothing to be done for 'all'.
>> > CXX
>> > /home/btg/src/panda/qemu/x86_64-softmmu/panda_plugins/usercreatewin.o
>> > In file included from usercreatewin.cpp:5:0:
>> > usercreatewin.cpp: In function ‘bool init_plugin(void*)’:
>> > usercreatewin.cpp:29:29: error: ‘on_NtUserCreateWindowEx_enter_t’ was
>> not
>> > declared in this scope
>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>> > my_NtUserCreateWindowEx_enter);
>> > ^
>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:120:20: note: in
>> definition
>> > of macro ‘PPP_REG_CB’
>> > void (*add_cb)(cb_name##_t fptr) = (void (*)(cb_name##_t))
>> dlsym(op,
>> > "ppp_add_cb_" #cb_name); \
>> > ^
>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:120:38: error: expected
>> ‘,’
>> > or ‘;’ before ‘=’ token
>> > void (*add_cb)(cb_name##_t fptr) = (void (*)(cb_name##_t))
>> dlsym(op,
>> > "ppp_add_cb_" #cb_name); \
>> > ^
>> > usercreatewin.cpp:29:5: note: in expansion of macro ‘PPP_REG_CB’
>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>> > my_NtUserCreateWindowEx_enter);
>> > ^
>> > /home/btg/src/panda/qemu/panda_plugin_plugin.h:122:20: error: ‘add_cb’
>> > cannot be used as a function
>> > add_cb (cb_func); \
>> > ^
>> > usercreatewin.cpp:29:5: note: in expansion of macro ‘PPP_REG_CB’
>> > PPP_REG_CB("syscalls2", on_NtUserCreateWindowEx_enter,
>> > my_NtUserCreateWindowEx_enter);
>> > ^
>> > ../panda.mak:42: recipe for target
>> > '/home/btg/src/panda/qemu/x86_64-softmmu/panda_plugins/usercreatewin.o'
>> > failed
>> > --SNIP--
>> >
>> > It feels like I've forgotten something. Any help gratefully received!
>> >
>> > Thanks,
>> > Adam
>> >
>> > _______________________________________________
>> > panda-users mailing list
>> > panda-users at mit.edu
>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>> >
>>
>>
>>
>> --
>> Brendan Dolan-Gavitt
>> Assistant Professor, Department of Computer Science and Engineering
>> NYU Tandon School of Engineering
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160720/9ee7b1a5/attachment.html