[panda-users] Memory callbacks and x86_64

Mon Feb 26 16:32:40 EST 2018

Running about right now, but see if you can get the replay to run through
without applying any plugins.

Based on the command line from your gist, try:
qemu-system-i386 -m 2G -replay TEST

You shouldn't need any of the other parameters.

It should count through the replay up to 100%.

Adam

On Mon, 26 Feb 2018, 21:23 Vincent Lee, <vincent_lee at utexas.edu> wrote:

> Hi,
>
> Ah, I was not running on a recording, but was running the system live with
> -panda. If I try to make a recording and play it back with -replay and
> -panda, I get the following assertion failure when the replay loads:
> https://gist.github.com/williewillus/951c17eeac1da94efe48bdaacc7d009f
> How would I use the logs listed on that website? They don't seem to come
> with a snapshot to use.
>
> Thanks!
> Vincent
>
>
> On Mon, Feb 26, 2018 at 3:08 PM, Bridgey theGeek <bridgeythegeek at gmail.com
> > wrote:
>
>> Hey Vincent,
>>
>> Hmm, that is odd. Like you say, seeing the load/unload messages suggests
>> all is fine.
>>
>> My gut feeling is that maybe your recording is corrupt? Maybe grab one of
>> the replay's Moyix makes available and test with that?
>> http://panda.gtisc.gatech.edu/malrec/
>>
>> Let us know how you get on,
>> Adam
>>
>> On Mon, 26 Feb 2018 at 20:32 Vincent Lee <vincent_lee at utexas.edu> wrote:
>>
>>> Hi,
>>>
>>> I just tried running the plugin on a live CD boot up of Arch Linux 32
>>> with qemu-system-i386, with my plugin tracking writes in all of physical
>>> memory (start=0,end=-1). However, there still are not any writes being
>>> recorded. The plugin prints its messages when loading and unloading, but
>>> sees 0 reads and writes.
>>>
>>> Perhaps I am building or invoking the plugin incorrectly? Though, since
>>> my load and unload messages appear, I don't know where my mistake might be.
>>>
>>> Thanks,
>>> Vincent
>>>
>>>
>>>
>>> On Sat, Feb 24, 2018 at 6:17 AM, Bridgey theGeek <
>>> bridgeythegeek at gmail.com> wrote:
>>>
>>>> Hi Vincent,
>>>>
>>>> Out of interest, did you try your code with an i386 environment? Did
>>>> that work?
>>>>
>>>> I don't have an x86_64 guest to hand, but your plugin code, copied
>>>> straight from your gist worked as I'd expect it to for i386:
>>>> testplugin loading
>>>> tracking range [40000000, 80000000)
>>>> loading snapshot
>>>> ... done.
>>>> opening nondet log for read :   /slw/notepad01-rr-nondet.log
>>>> got a write at 2968c8c
>>>> got a write at 2968c88
>>>> got a write at 2968c84
>>>> got a write at 2968c80
>>>> got a write at 2968c7c
>>>> got a write at 2968c6c
>>>> got a write at 2968c68
>>>> got a write at 2968c64
>>>> got a read at 2968c98
>>>> got a read at 2968c94
>>>> got a read at 296bc00
>>>>
>>>> Adam
>>>>
>>>> On Fri, 23 Feb 2018 at 22:43 Vincent Lee <vincent_lee at utexas.edu>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I am trying to setup PANDA for monitoring the physical memory accesses
>>>>> of a x86_64 guest.
>>>>> I've written a toy test plugin [0], and have also tried running the
>>>>> stringsearch plugin looking for the hostname of the machine, as well as
>>>>> generic phrases likely to show up in logs, such as "Arch Linux" or "memory".
>>>>>
>>>>> However, no results are returned from stringsearch, and my test plugin
>>>>> records no accesses on any part of memory. PANDA is built from 8730ffb on
>>>>> Ubuntu 16.04 with the install_ubuntu script.
>>>>>
>>>>> Have I set up my environment incorrectly, or are memory callbacks not
>>>>> supported on x86_64?
>>>>> If they are not supported, is there a similar tool I can use to trace
>>>>> guest physical memory accesses on x86_64?
>>>>>
>>>>> Thanks in advance,
>>>>> Vincent
>>>>>
>>>>>
>>>>> [0]
>>>>> https://gist.github.com/williewillus/f0c96d8652e0f8b538da0c162c82069c
>>>>>
>>>>> _______________________________________________
>>>>> panda-users mailing list
>>>>> panda-users at mit.edu
>>>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>>>
>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180226/b6d07a8c/attachment.html