moyix / panda Goto Github PK
View Code? Open in Web Editor NEWDeprecated repo for PANDA 1.0 – see PANDA 2.0 repository
Home Page: http://github.com/panda-re/panda
Deprecated repo for PANDA 1.0 – see PANDA 2.0 repository
Home Page: http://github.com/panda-re/panda
I apologize if I put my question here in PANDA v1.0, as I was hesitant to put it in the new PANDA v2.0.
I am experimenting with your pmemaccess plugin, it is super interesting, since it exposes the physical memory of a guest VM through a linux socket.
According to what I read, once the connection is made through the socket, you can use the socket in whatever you want, I want to see the life memory of a guest VM. I used the plugin pmemaccess, in the command line of qemu-systemx86_64 ... -panda pmemaccess:path=/tmp/socket1,mode=0 (or I change it to mode 1), as through the console of it. What I did was occupy the volatility (example: volatility sockets -f socket1), I did not specify any profile, I just want it to be able to "open communication" with the socket, once I did it, both in volatility and In the QEMU-PANDA console it sends me the message that it is connected. Once I verify that the console tells me that the communication is already done, I open another terminal and use the socat to see how the data flows, through the socket (example: socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original).
And according to, you should see the data flow, but, nothing happens, it does not send me any message. Literally, it does not send me anything, only the cursor blinks, I did the test with an Arch ISO image, then I used an image with windows 7 64 bits. And again nothing.
I also comment, that in addition, I put that same complement in the QEMU v5.1.0 and the result is the same, I create the socket in the qemu console, I link it with the volatility and nothing.
I occupy a sony vaio i5, 8 gigs of memory
Kali 2020.3 64 bits.
I hope you can help me to see if it is possible to see the guest's memory live.
Thanks for your time and advice in advance.
I have an exe file that makes encrypted SSL connection to its server. I would like to be able to intercept it and capture the key. Should I run this inside Docker on Windows or a virtual machine or is there a better way?
I am experiencing the following problem with PANDA recording. We use PANDA 1.0.
I record back-to-back record files that each last 2 minutes. Each record file has a certain amount of size in bits. It seems that when the record size is more than 2GB, there is a casting overflow problem. And the linux (host) cannot handle it, PANDA record crashes, and of course the guest stops. Specifically, I think that the guest or the host "translates" the record (filesize) 2GB into some thousands of terrabytes (due to the potential casting error), and I get the error:
Glib-ERROR **: build/buildd/gliz2.40.2/./glib/gmem.c:103: failed to allocate 18446744071595337090 bytes.
Overall, it seems that PANDA cannot handle more than 2GB record filesize (more precisely, PANDA cannot handle a workload (in the guest) that corresponds to a record size higher than 2GB ). Has anyone got this issue before?
It's really annoying to not be able to record a heavy workload because the record filesize might exceed 2GB and PANDA crash.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.