panda-re 0.26.0

panda-rs is a set of Rust bindings for PANDA.

The following are provided:

• Callbacks to various PANDA events in the form of attribute macros
• Callbacks for when guest syscalls happen
• Bindings to various core PANDA plugins (hooks2, osi, etc)
• Safe bindings to the core PANDA API
• An API for driving PANDA via libpanda
• Access to raw PANDA and QEMU API bindings via panda_sys

Feature flags:

• libpanda - enable libpanda mode. This is used to allow for compiling as a binary that links against libpanda, for pypanda-style use.

Architecture-specific features

PANDA supports multiple architectures, but requires plugins to be compiled for each architecture. In order to target a specific guest arch, use exactly one of the following: x86_64, i386, arm, aarch64, mips, mipsel, mips64, ppc

Typically PANDA plugins forward each of these features in their Cargo.toml:

[features]
x86_64 = ["panda/x86_64"]
i386 = ["panda/i386"]
# ...

Callbacks

panda-rs makes extensive use of callbacks for handling analyses on various events. To use callbacks, you simply apply the callback's attribute to any functions which should be called for the given callback. In order to use a callback in a PANDA plugin (not to be confused with an application that uses libpanda), one function must be marked #[panda::init], otherwise the plugin will not work in PANDA.

Callbacks come in two forms: free form functions (which use the attribute macros) mentioned above) and closure callbacks, which use the [Callback] API.

libpanda Mode

PANDA also offers a dynamic library (libpanda). panda-rs allows linking against libpanda instead of linking as a PANDA plugin. This creates a executable that requires libpanda to run. To compile in libpanda mode, make sure the PANDA_PATH environment variable is set to your PANDA build folder.

Helpful Links