[panda-users] Hook function by name
Brendan Dolan-Gavitt
brendandg at nyu.edu
Fri Mar 16 19:19:34 EDT 2018
In the version of QEMU used by PANDA 1.0, the fields from CPUArchState
should be in the main CPUState (usually named "env").
-Brendan
On Fri, Mar 16, 2018 at 7:11 PM, Giuseppe Laurenza
<laurenza at diag.uniroma1.it> wrote:
> Thanks for the reply.
> I am trying to back port this plugin (and the pri plugin related) but I have the problem of CPUArchState object that is missing into panda v1.0. Is there any easy way to substitute it? I ask this question in order to avoid to do to many un useful things, sorry if it can appear as a stupid question.
> Regards
>
>> On Mar 14, 2018, at 17:45, Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>>
>> Have a look at libfi. Unfortunately it is currently only available in
>> PANDA 2.0, but it should be not to hard to backport it.
>>
>> https://github.com/panda-re/panda/blob/master/panda/plugins/libfi/libfi.cpp
>>
>> I believe that implementation requires DWARF symbols, though. If you
>> want to do it with just (for example) the export table symbols, you
>> would have to write your own.
>>
>> On Wed, Mar 14, 2018 at 5:39 PM, Giuseppe Laurenza
>> <laurenza at diag.uniroma1.it> wrote:
>>> Dear panda user,
>>> Is it available any function or plugin to directly hook a function knowing function and process names?
>>> Thanks in advance
>>> _______________________________________________
>>> panda-users mailing list
>>> panda-users at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/panda-users
>>
>>
>>
>> --
>> Brendan Dolan-Gavitt
>> Assistant Professor, Department of Computer Science and Engineering
>> NYU Tandon School of Engineering
>
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
More information about the panda-users
mailing list