def __init__(self, panda, cpu, fd, cmd, guest_ptr, use_osi_linux=False): do_ioctl_init(panda.arch) self.cmd = ffi.new("union IoctlCmdUnion*") self.cmd.asUnsigned32 = cmd self.original_ret_code = None self.osi = use_osi_linux # Optional syscall argument: pointer to buffer if (self.cmd.bits.arg_size > 0): try: self.has_buf = True self.guest_ptr = guest_ptr self.guest_buf = panda.virtual_memory_read( cpu, self.guest_ptr, self.cmd.bits.arg_size) except ValueError: raise RuntimeError( "Failed to read guest buffer: ioctl({})".format( str(self.cmd))) else: self.has_buf = False self.guest_ptr = None self.guest_buf = None # Optional OSI usage: process and file name if self.osi: proc = panda.plugins['osi'].get_current_process(cpu) proc_name_ptr = proc.name file_name_ptr = panda.plugins[ 'osi_linux'].osi_linux_fd_to_filename(cpu, proc, fd) self.proc_name = ffi.string(proc_name_ptr).decode() self.file_name = ffi.string(file_name_ptr).decode() else: self.proc_name = None self.file_name = None
def generate_insns(env, tb): # Disassemble each basic block and store in insn_cache if tb.pc in insn_cache: return code_buf = ffi.new("char[]", tb.size) code = panda.virtual_memory_read(env, tb.pc, tb.size) insn_cache[tb.pc] = "" for i in md.disasm(code, tb.pc): insn_cache[tb.pc] += ("0x%x:\t%s\t%s\n" % (i.address, i.mnemonic, i.op_str))
def bbe(env, tb): global blocks if blocks >= 10000 and not panda.in_kernel(env): cr3 = env.env_ptr.cr[3] eip = env.env_ptr.eip information = location(cr3, eip) if information: print(information) callers = ffi.new("target_ulong[10]") num = panda.plugins["callstack_instr"].get_callers(callers, 10, env) for i in range(num): information = location(cr3, callers[i]) if information: if i == 0: print("Callers:") print(f"Stack #{i}: {information}") blocks = 0 blocks += 1