panda-re / panda

Platform for Architecture-Neutral Dynamic Analysis
https://panda.re
Other
2.48k stars 479 forks source link

loaded pluging not supported for x86-64 #1547

Open AndrewQuijano opened 16 hours ago

AndrewQuijano commented 16 hours ago

It seems Dwarf2 requires the loaded plugin. However, the loaded library works only with 32-bit not 64-bit. Based on Git, it seems @LauraLMann added the check to explicitly exclude 64-bit 5 years ago.

Would you know if loaded now works with 64-bit? Would this just involve using 64-bit counters instead of 32-bit counters on the current plugin? If so, could you please update loaded to support 64-bit? This would greatly help on the final steps to revive LAVA, which I hope to finalize in the next 2 weeks.

https://github.com/panda-re/panda/blob/dev/panda/plugins/loaded/loaded.cpp

LauraLMann commented 14 hours ago

The loaded plugin was modified to explicitly reject 64-bit recordings because back when 64-bit support was added to PANDA's syscalls2 plugin, the loaded plugin required the use of a system call that does not exist in the 64-bit system calls. As the people paying my salary have no interest in using that particular plugin, we took the easy way out and disabled it for 64-bit recordings. It seemed nicer than having it just do crazy stuff if someone tried to use it on a 64-bit recording. It appears there has been a little work done on the loaded plugin since then, but it doesn't appear to have changed what system calls are used, so I doubt it's as simple as removing the 64-bit check. Maybe one of the people who have made actual functional changes to loaded can help you out.