[panda-users] a bunch of questions for taint2
Manolis Stamatogiannakis
mstamat at gmail.com
Thu Feb 1 10:49:03 EST 2018
Would it be technically possible to temporarily disable taint propagation
for the taint2 plugin? What would it take to do so?
For other plugins unregistering the callbacks would be enough to
temporarily disable the plugin. But I'm not sure if this is the case for
taint2, which also uses the LLVM backend.
What would clearing all the taint shadow memory involve? Is "delete shadow;
shadow = new ShadowState();" enough?
If directly disabling taint propagation is not directly possible, would it
be an option to emulate this by dumping the shadow state and loading it
later?
Is there a way to give access to the CPUState object to the on_branch2()
callback? Currently, I only need this to determine if user or kernel code
is executed. As a workaround to get this information, I use global which is
set by a PANDA_CB_BEFORE_BLOCK_EXEC callback.
Thanks in advance,
Manolis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180201/4f99beed/attachment.html
More information about the panda-users
mailing list