[panda-users] Inspecting and modifying recordings

[Brendan Dolan-Gavitt]

The snapshots are in QEMU's snapshot format. The nondet logs aren't
officially documented, but there's a utility, rr_print, which prints
them out and is useful for understanding the file format.

However, note that memory writes are not actually stored in the log –
the log only stores *nondeterministic* information (i.e., information
coming in from the outside world). The content of all memory writes is
deterministic given the starting snapshot, the log file, and the
deterministic nature of the CPU, so there's no point in storing them
in the log.

To modify a memory write, you could change its value during the
replay, e.g. inside a virtual memory read/write callback.

But all of this is, unfortunately probably not going to accomplish
what you want – PANDA's replays really can't be modified without
causing a *divergence* where the state of the system no longer matches
what was seen at record time. So you can't "go live" from a replay.
This is inherent to the design of PANDA's record/replay system; see
the manual for details:

https://github.com/panda-re/panda/blob/master/panda/docs/manual.md#recordreplay-details

Best,
Brendan

On Tue, Apr 17, 2018 at 4:03 PM, Vincent Lee <vincent_lee at utexas.edu> wrote:
> Hi panda-users,
>
> This is a bit of a general question, but is there any documentation on the
> format of the snapshots/logs produced by begin_record?
>
> Specifically, I'd like to, from a given recording, produce a second
> recording with some of the writes to memory shuffled around.
>
> Also, is there a way after finishing a replay, to not exit but instead keep
> the VM open and running in the state it was after finishing replay?
>
> Thanks,
> Vincent
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>



-- 
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering