idx, chr(buf_read[idx]), taint_vaddr, taint_paddr, idx))
panda.taint_label_ram(taint_paddr, idx)
tainted = True
@panda.ppp("syscalls2", "on_sys_open_return")
def on_sys_open_return(cpustate, pc, filename, flags, mode):
global file_info
fname = panda.virtual_memory_read(cpustate, filename, 100)
fname_total = fname[:fname.find(b'\x00')]
print(f"on_sys_open_enter: {fname_total}")
if b"panda" in fname_total:
global info
file_info = cpustate.env_ptr.cr[3], cpustate.env_ptr.regs[R_EAX]
finished = False
@panda.ppp("syscalls2", "on_sys_sendto_return")
def on_sys_sendto_return(cpustate, a, fd, buff, length, sockaddr, z, flags):
global tainted, finished
if tainted and not finished:
buff_physaddr = panda.virt_to_phys(cpustate,buff)
for i in range(length):
if panda.taint_check_ram(buff_physaddr + i):
tq = panda.taint_get_ram(buff_physaddr + i)
print("Result is tainted. " + str(tq) +" at "+hex(buff_physaddr + i) +" at offset "+str(i) +" in the packet")
finished = True
panda.end_analysis()
panda.disable_tb_chaining()
panda.run_replay("taint_taint")
