[panda-users] REG: Require Information regarding PANDA

Gupta,Rohan rohg26 at ufl.edu
Wed Nov 1 21:42:54 EDT 2017 

Hi Brendan,


I am trying to Migrate my plugin Faros from Panda 1 to Panda 2. I have made all the necessary changes in plugin (faros.cpp) and include in plugin list. While compiling, it is giving lot of error.  I believe that error is caused because file cannot find reference of method and data structure used in file. There seems to be linker issues. I am attaching error file and also attaching Makefile.


Can you please look at it.


Also, there is no legit sample plugin for Panda 2. The sample plugin in Panda 2 has lots of issues as it basically panda 1 plugin with some changes. It refers to file that doesn't exist in Panda 2 any more.


Rohan Gupta
UFID - 10141049
Graduate Student
University of Florida
Phone: 352-745-9447


________________________________
From: Brendan Dolan-Gavitt <brendandg at nyu.edu>
Sent: Friday, July 14, 2017 3:35:39 PM
To: Gupta,Rohan
Cc: panda-users at mit.edu
Subject: Re: [panda-users] REG: Require Information regarding PANDA

Correct, they only work with 32-bit windows. You would have to update them to support 64-bit (and hopefully send us a patch!)

Best,
Brendan

On Fri, Jul 14, 2017 at 12:33 PM Gupta,Rohan <rohg26 at ufl.edu<mailto:rohg26 at ufl.edu>> wrote:
I just want to ask one more question. Currently our system uses PANDA plugins like

Syscall2,
OSI,
win7x86intro

Do they support only 32 bit version of Windows? If yes, then is there any alternative to these plugins or do we patch them ourselves  ?

PS – Thanks a lot for your response.

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

From: Brendan Dolan-Gavitt<mailto:brendandg at nyu.edu>
Sent: Thursday, July 13, 2017 8:14 PM
To: Gupta,Rohan<mailto:rohg26 at ufl.edu>
Cc: panda-users at mit.edu<mailto:panda-users at mit.edu>
Subject: Re: [panda-users] REG: Require Information regarding PANDA

It should work fine with Windows 7 64-bit. There were problems several years ago related to Patchguard, but they should be fixed at this point.

On Thu, Jul 13, 2017 at 2:44 PM, Gupta,Rohan <rohg26 at ufl.edu<mailto:rohg26 at ufl.edu>> wrote:

Hi All,


My name is Rohan Gupta and I am new to PANDA. I want to analyze malware using PANDA's Record and Replay.


I want to know if PANDA 2 allows Record of Windows 7 64-bit system. I know it says that it supports whole-system record/replay execution of x86, x86_64, and ARM guests on documentation. But I have been told by someone that it doesn't support Windows 7 64-bit.


Thank you for any information


Rohan Gupta
UFID - 10141049
Graduate Student
University of Florida
Phone: 352-745-9447<tel:(352)%20745-9447>


_______________________________________________
panda-users mailing list
panda-users at mit.edu<mailto:panda-users at mit.edu>
http://mailman.mit.edu/mailman/listinfo/panda-users




--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20171101/b84b893b/attachment-0001.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: error.txt
Url: http://mailman.mit.edu/pipermail/panda-users/attachments/20171101/b84b893b/attachment-0001.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 688 bytes
Desc: Makefile
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20171101/b84b893b/attachment-0001.obj

More information about the panda-users mailing list