[panda-users] Question:How to use panda2 to analysis just one process when replaying log

Wed Jun 20 22:04:47 EDT 2018

 Thank you for answering my question. You say that there is a way to  enabling
and disabling the taint system  so that it's only active when the process you
want is running. So, is there some ways to know what the current process's
name or pid when replaying logs. I need some information like that to
decide the place where the taint analysis should be enabled or not. Can I
get this information from panda2 or qemu APIs?

On Thu, Jun 21, 2018 at 9:09 AM shuai xi <ahahanamea at gmail.com> wrote:

> Cool, thanks!
>
> On Wed, Jun 20, 2018 at 11:22 PM Manolis Stamatogiannakis <
> mstamat at gmail.com> wrote:
>
>> Given the opportunity, a small update on my work on turning taint
>> analysis on/off.
>>
>> Plan A was to switch between LLVM/TCG when taint analysis is on/off.
>> There are some waning comments in PANDA code that this should not work
>> because of a bug in the LLVM pass registration code. But before reaching
>> that point, I believe I've hit a different bug. The bug seems to be
>> allocation-related and I haven't been able to resolve it for some time now.
>>
>> So I'll probably switch to plan B, which is to stay in LLVM mode after
>> taint analysis has been enabled and only switch off taint propagation when
>> it is not needed.
>>
>> I'll try to send a PR with what I've done in the following days. In the
>> meantime, my working branch is here:
>> https://github.com/m000/panda/tree/taint2-wip
>>
>> M.
>>
>>
>> Στις Τετ, 20 Ιουν 2018 στις 5:03 μ.μ., ο/η Brendan Dolan-Gavitt <
>> brendandg at nyu.edu> έγραψε:
>>
>>> There is no way to record just a single process. However, if the
>>> recording is too large you can use the "scissors" plugin to chop it
>>> down to just the part you care about. Also, I think Manolis
>>> Stamatogiannakis has done some work on selectively enabling and
>>> disabling the taint system so that it's only active when the process
>>> you want is running, but I don't know if that work is publicly
>>> available yet.
>>>
>>> -Brendan
>>>
>>> On Wed, Jun 20, 2018 at 3:39 AM, shuai xi <ahahanamea at gmail.com> wrote:
>>> > hello developer, i want to use panda2 plugins like 'taint2' to
>>> analysis a
>>> > program. But the 'record' function records whole system. i want to just
>>> > focus on this program's process and use the process's virtual address
>>> to
>>> > taint a buffer of memory. Dose panda2 provide this functionality?
>>> >
>>> > _______________________________________________
>>> > panda-users mailing list
>>> > panda-users at mit.edu
>>> > http://mailman.mit.edu/mailman/listinfo/panda-users
>>> >
>>>
>>>
>>>
>>> --
>>> Brendan Dolan-Gavitt
>>> Assistant Professor, Department of Computer Science and Engineering
>>> NYU Tandon School of Engineering
>>> _______________________________________________
>>> panda-users mailing list
>>> panda-users at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180620/1cdd6558/attachment.html