[panda-users] Tracking used memory pages
alessandro mantovani
alk13 at hotmail.it
Mon Oct 15 11:06:02 EDT 2018
Hi all,
I'm writing a plugin to get the memory pages which are executed by a process. My idea is to work at the level of the translation blocks. In particular , the struct TranslationBlock has a field named "page_addr" which stores the addresses of the memory pages that the current block refers to. By registering the callback "PANDA_CB_BEFORE_BLOCK_EXEC" it is possible to get the currently executed translation block. So, at the moment, my callback is something similar:
// Some global variables
std::list<target_ulong> page_list;
OsiProc *proc = NULL;
.... // Here we have init and uninit, etc.
int before_block_callback(CPUState *env, TranslationBlock *tb)
{
proc = get_current_process(env);
if (proc == NULL)
return false;
if (strcmp(proc->name, proc_to_track) == 0 && !panda_in_kernel(env))
{
target_ulong page1 = tb->page_addr[0];
target_ulong page2 = tb->page_addr[1];
bool found1 = (std::find(page_list.begin(), page_list.end(), page1) != page_list.end());
bool found2 = (std::find(page_list.begin(), page_list.end(), page2) != page_list.end());
if (!found1)
page_list.push_back(page1);
if (!found2)
page_list.push_back(page2);
}
free_osiproc(proc);
return 0;
}
My idea was adding a further filter to check if the executed memory page matches with a module or not. Is this approach the correct one?
Thank you
Best regards,
elmanto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181015/136dbfed/attachment.html
More information about the panda-users
mailing list