[panda-users] Memory callbacks and x86_64

Vincent Lee vincent_lee at utexas.edu
Mon Feb 26 15:32:02 EST 2018 

Hi,

I just tried running the plugin on a live CD boot up of Arch Linux 32 with
qemu-system-i386, with my plugin tracking writes in all of physical memory
(start=0,end=-1). However, there still are not any writes being recorded.
The plugin prints its messages when loading and unloading, but sees 0 reads
and writes.

Perhaps I am building or invoking the plugin incorrectly? Though, since my
load and unload messages appear, I don't know where my mistake might be.

Thanks,
Vincent



On Sat, Feb 24, 2018 at 6:17 AM, Bridgey theGeek <bridgeythegeek at gmail.com>
wrote:

> Hi Vincent,
>
> Out of interest, did you try your code with an i386 environment? Did that
> work?
>
> I don't have an x86_64 guest to hand, but your plugin code, copied
> straight from your gist worked as I'd expect it to for i386:
> testplugin loading
> tracking range [40000000, 80000000)
> loading snapshot
> ... done.
> opening nondet log for read :   /slw/notepad01-rr-nondet.log
> got a write at 2968c8c
> got a write at 2968c88
> got a write at 2968c84
> got a write at 2968c80
> got a write at 2968c7c
> got a write at 2968c6c
> got a write at 2968c68
> got a write at 2968c64
> got a read at 2968c98
> got a read at 2968c94
> got a read at 296bc00
>
> Adam
>
> On Fri, 23 Feb 2018 at 22:43 Vincent Lee <vincent_lee at utexas.edu> wrote:
>
>> Hello,
>>
>> I am trying to setup PANDA for monitoring the physical memory accesses of
>> a x86_64 guest.
>> I've written a toy test plugin [0], and have also tried running the
>> stringsearch plugin looking for the hostname of the machine, as well as
>> generic phrases likely to show up in logs, such as "Arch Linux" or "memory".
>>
>> However, no results are returned from stringsearch, and my test plugin
>> records no accesses on any part of memory. PANDA is built from 8730ffb on
>> Ubuntu 16.04 with the install_ubuntu script.
>>
>> Have I set up my environment incorrectly, or are memory callbacks not
>> supported on x86_64?
>> If they are not supported, is there a similar tool I can use to trace
>> guest physical memory accesses on x86_64?
>>
>> Thanks in advance,
>> Vincent
>>
>>
>> [0] https://gist.github.com/williewillus/f0c96d8652e0f8b538da0c162c82069c
>>
>> _______________________________________________
>> panda-users mailing list
>> panda-users at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180226/b867e9b0/attachment.html

More information about the panda-users mailing list