[panda-users] Hook function by name
Giuseppe Laurenza
laurenza at diag.uniroma1.it
Mon Apr 9 13:42:18 EDT 2018
Dear Panda users,
I back ported libfi into panda 1.0 and wrote a basic pri provider for windows 7 x86, in order to make the functionality of "hooking function by by name". The problem is that I can’t understand how to use libfi to register the callback; I known that I have to invoke the API call “libfi_add_callback”, but I can not discover how to work with it and how to set the “libfi_cb_t” structure. Can you provide a basic example of how to use this plugin?
Thanks in advance
> On Mar 16, 2018, at 19:36, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>
> Yes, the PANDA 1.0 version of that function should just be something like:
>
> getReg (CPUState *env, int index) {
> return env->regs[index];
> }
>
>
> On Fri, Mar 16, 2018 at 7:30 PM, Giuseppe Laurenza
> <laurenza at diag.uniroma1.it> wrote:
>> I thought the same things, but looking to the code I see, for example:
>> getReg (CPUState *cpu, int index)
>> {
>> CPUArchState *env = (CPUArchState*)cpu->env_ptr;
>> …..
>>
>> So I think they were different structures. I modify the code to use directly the CPUState object
>> Thanks
>>
>>
>>> On Mar 16, 2018, at 19:19, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>>>
>>> In the version of QEMU used by PANDA 1.0, the fields from CPUArchState
>>> should be in the main CPUState (usually named "env").
>>>
>>> -Brendan
>>>
>>> On Fri, Mar 16, 2018 at 7:11 PM, Giuseppe Laurenza
>>> <laurenza at diag.uniroma1.it> wrote:
>>>> Thanks for the reply.
>>>> I am trying to back port this plugin (and the pri plugin related) but I have the problem of CPUArchState object that is missing into panda v1.0. Is there any easy way to substitute it? I ask this question in order to avoid to do to many un useful things, sorry if it can appear as a stupid question.
>>>> Regards
>>>>
>>>>> On Mar 14, 2018, at 17:45, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>>>>>
>>>>> Have a look at libfi. Unfortunately it is currently only available in
>>>>> PANDA 2.0, but it should be not to hard to backport it.
>>>>>
>>>>> https://github.com/panda-re/panda/blob/master/panda/plugins/libfi/libfi.cpp
>>>>>
>>>>> I believe that implementation requires DWARF symbols, though. If you
>>>>> want to do it with just (for example) the export table symbols, you
>>>>> would have to write your own.
>>>>>
>>>>> On Wed, Mar 14, 2018 at 5:39 PM, Giuseppe Laurenza
>>>>> <laurenza at diag.uniroma1.it> wrote:
>>>>>> Dear panda user,
>>>>>> Is it available any function or plugin to directly hook a function knowing function and process names?
>>>>>> Thanks in advance
>>>>>> _______________________________________________
>>>>>> panda-users mailing list
>>>>>> panda-users at mit.edu
>>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Brendan Dolan-Gavitt
>>>>> Assistant Professor, Department of Computer Science and Engineering
>>>>> NYU Tandon School of Engineering
>>>>
>>>
>>>
>>>
>>> --
>>> Brendan Dolan-Gavitt
>>> Assistant Professor, Department of Computer Science and Engineering
>>> NYU Tandon School of Engineering
>>
>
>
>
> --
> Brendan Dolan-Gavitt
> Assistant Professor, Department of Computer Science and Engineering
> NYU Tandon School of Engineering
More information about the panda-users
mailing list