[panda-users] How to create patches from memory snapshot
Brendan Dolan-Gavitt
brendandg at nyu.edu
Mon Nov 6 08:33:58 EST 2017
The basic idea is very simple. The -rr-snp files differ from the
"reference" snapshots by only a few bytes, so you can just make a diff. I
wrote to small programs to diff and patch the snapshots, bdiff and
bpatch.py:
http://giantpanda.gtisc.gatech.edu/malrec/rr/tools/
There is also a script there that will create the diff and pack up a
recording automatically given a snapshot and a list of possible reference
snapshots:
http://giantpanda.gtisc.gatech.edu/malrec/rr/tools/pack_opt.sh
Hope this helps!
Best,
Brendan
On Mon, Nov 6, 2017 at 5:12 AM, <aicardi at eurecom.fr> wrote:
> Hello Brendan,
>
> I am writing a script to apply my panda plugin on a large number of
> recordings.
> To do so I need to take a lot of recordings starting from the same
> qemu snapshot.
> My problem is that I don't have enough space to save all the *-rr-snp
> files on disk. I saw on this article
> (https://irfanulhaq.info/2015/12/09/replay-panda-malware-recordings/)
> that it's possible to save just a "patch" file containing only the
> differences from the original snapshot and then generate the actual
> *-rr-snp file only when it's needed.
>
> How can I produce such "patch" file?
>
> Thank you in advance,
>
> Samuele
>
> ------------------------------------------------------------
> -------------------
> This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
>
>
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20171106/17e438ac/attachment.html
More information about the panda-users
mailing list