search

panda-re / panda

Platform for Architecture-Neutral Dynamic Analysis
https://panda.re
Other
2.45k stars 475 forks source link

Can the default qcow2 provided by Panda for x86_64 be replaced? If so, what issues might there be with my operation steps? #1493

Open CorneliaStreet1 opened 4 months ago

CorneliaStreet1 commented 4 months ago

Here are my steps:

  1. Convert bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 (which is the default qcow2 file provided for x86_64) to VMDK format: qemu-img convert -f qcow2 -O vmdk bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 bionic-server-cloudimg-amd64-noaslr-nokaslr.vmdk
  2. Import the VMDK file into VMWare WorkStation Pro 16 and successfully start it. 3.Log in, enable networking, and then install the software I need. image
  3. Convert the VMDK back to QCOW2 format using qemu-img: qemu-img convert -f vmdk -O qcow2 bionic-server-cloudimg-am d64-noaslr-nokaslr.vmdk bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
  4. Replace the origin bionic-server-cloudimg-amd64-noaslr-nokaslr.qocw2 file
  5. Create a snapshot named "root" at the login screen : 1./panda-system-x86_64 -hda ~/.panda/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 -monitor hda -m 1G 2.(qemu) savevm root

However, it does NOT work for me. Is there an issue with the timing of creating the "root" snapshot at the login screen? Should I create the snapshot after entering the login username "root" or before?

Here is the trace: File "/usr/local/lib/python3.10/dist-packages/pandare/utils.py", line 106, in wrapper return func(*args, *kwargs) File "/home/test/PycharmProjects/graduationProject/check/main_copy_20240407.py", line 77, in my_runcmd print(panda.run_serial_cmd("ls -a /")) File "/usr/local/lib/python3.10/dist-packages/pandare/utils.py", line 106, in wrapper return func(args, **kwargs) File "/usr/local/lib/python3.10/dist-packages/pandare/panda.py", line 2416, in run_serial_cmd result = self.serial_console.expect(timeout=timeout) File "/usr/local/lib/python3.10/dist-packages/pandare/panda_expect.py", line 435, in expect raise TimeoutExpired(f"{self.name} Read message \n{full_buffer}\n") pandare.panda_expect.TimeoutExpired: serial Read message [bytearray(b'l')]

AndrewFasano commented 4 months ago

Why are you using workstation? Just use panda/qemu/kvm with the original qcow. You can install software into the qcow filesystem as needed. You can't take a snapshot with qemu/kvm that can then be loaded into panda, but after modifying the filesystem with qemu/kvm you can boot it under panda and then take a new snapshot.

Also try interacting with your guest instead of using the python interface, it's likely printing something other than a PS1 style prompt via the serial console which is causing your exception. You can run python3 -m pandare.qcows x86_64 to get a command that you can use to launch the generic x86_64 images interactively.

CorneliaStreet1 commented 4 months ago

Why are you using workstation? Just use panda/qemu/kvm with the original qcow. You can install software into the qcow filesystem as needed. You can't take a snapshot with qemu/kvm that can then be loaded into panda, but after modifying the filesystem with qemu/kvm you can boot it under panda and then take a new snapshot.

Also try interacting with your guest instead of using the python interface, it's likely printing something other than a PS1 style prompt via the serial console which is causing your exception. You can run python3 -m pandare.qcows x86_64 to get a command that you can use to launch the generic x86_64 images interactively.

I'm just an undergraduate student majoring in Computer Science and Technology who use Panda for my undergraduate project. I'm not very familiar with this field. That's why I was using workstation(It's very stupid).

I followed your guidance to boot the original image using Panda (specifically, ./panda/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2), then enabled networking, and installed software (i.e., modified the file system). After that, I rebooted this qcow2 under Panda and took a new snapshot named "root." However, it seems that this snapshot cannot be used with PyPanda.

What issues might there be with my steps?

Here are my steps:

  1. Boot the original qcow2 using Panda: ./panda-system-x86_64 -hda ~/.panda/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 -nographic -m 1G
  2. Enable networking and installe software (i.e., modify the file system).
  3. Reboot the system and take a new snapshot at the login page using the QEMU monitor: (qemu) savevm root

Then, I wrote a short Python code to test if the new snapshot is usable, and PyPanda threw a timeout exception. I think my code is correct, it's very simple:

from pandare import Panda

panda = Panda(generic="x86_64")

@panda.queue_blocking def run_cmd():

First revert to root snapshot, then type a command via serial

panda.revert_sync("root")
print(panda.run_serial_cmd("ls"))
panda.end_analysis()

panda.run()

but I got the exception: PANDA[core]:os_familyno=2 bits=64 os_details=ubuntu:4.15.0-72-generic-noaslr-nokaslr [PYPANDA] Panda args: [/usr/local/build/x86_64-softmmu/libpanda-x86_64.so -L /usr/local/build/pc-bios /home/jyq/.panda/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 -display none -m 1024 -serial unix:/tmp/pypanda_s3loy_jeb,server,nowait -monitor unix:/tmp/pypanda_m93csxqt4,server,nowait] Traceback (most recent call last): File "/home/jyq/PyPandaCode/run_cmd.py", line 25, in panda.run() File "/usr/local/lib/python3.10/dist-packages/pandare/panda.py", line 555, in run raise saved_exception File "/usr/local/lib/python3.10/dist-packages/pandare/panda.py", line 972, in wrapper f() File "/usr/local/lib/python3.10/dist-packages/pandare/utils.py", line 106, in wrapper return func(*args, *kwargs) File "/home/jyq/PyPandaCode/run_cmd.py", line 22, in run_cmd print(panda.run_serial_cmd("ls")) File "/usr/local/lib/python3.10/dist-packages/pandare/utils.py", line 106, in wrapper return func(args, **kwargs) File "/usr/local/lib/python3.10/dist-packages/pandare/panda.py", line 2416, in run_serial_cmd result = self.serial_console.expect(timeout=timeout) File "/usr/local/lib/python3.10/dist-packages/pandare/panda_expect.py", line 435, in expect raise TimeoutExpired(f"{self.name} Read message \n{full_buffer}\n") pandare.panda_expect.TimeoutExpired: serial Read message ['ls', bytearray(b'Password: \r')]

Does Panda have any special requirements for newly created snapshots? Is the timing of when I save the snapshot incorrect? What is the correct timing to save the snapshot? Should I save the snapshot before entering the username 'root,' or after entering the username but before entering the password, or after successfully logging in? Or is there a problem with the way I took the snapshot? Please help me, I would greatly appreciate it.

AndrewFasano commented 4 months ago

If you want to use a new snapshot with run_serial_command the snapshot will need to be taken after you log in and there's a command prompt for it to type commands into.

AndrewFasano commented 4 months ago

I don't think there's much documentation around this (sorry!) it's not a feature that gets much use. If you want to help fix that PRs are always welcome :)