[panda-users] Get memory & instruction trace using Panda
Brendan Dolan-Gavitt
brendandg at nyu.edu
Wed Feb 15 23:36:31 EST 2017
Sure. Have a look at PANDA_CB_INSN_TRANSLATE and PANDA_CB_INSN_EXEC.
You can see a sample plugin for panda1 that collects opcode statistics
here using capstone to disassemble each block of code here:
http://reverseengineering.stackexchange.com/questions/12313/getting-list-of-opcodes-from-panda-trace
You will have to modify it slightly to work under panda2.
-Brendan
On Wed, Feb 15, 2017 at 10:03 PM, Lele Ma <lelema.zh at gmail.com> wrote:
> Hi all,
>
> I have installed panda and it's running excellent. But I am wondering
> whether it could be used to get all the memory and instruction traces in
> Linux kernel threads using Panda during the replay.
>
> For memory trace, I need every memory access of processors (for each kernel
> threads or all kernel threads together). I found the string search plugin
> will insert a callback function upon every memory write/read operation. So,
> it seems Panda could support the memory trace very well. So I plan to write
> a simpler plugin based on string search to get the full memory trace of
> kernel threads. Am I on the right track?
>
> For the instruction trace, I haven't found a plugin that could insert a
> callback function upon every guest instruction. Could anyone give some hints
> about this?
>
> Thank you in advance!
>
> Best,
> Lele Ma
>
>
>
>
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
More information about the panda-users
mailing list