[−][src]Crate panda
panda-rs is a set of Rust bindings for PANDA.
The following are provided:
- Callbacks in the form of attribute macros
- Access to raw PANDA API bindings via panda_sys
Feature flags:
libpanda- enable libpanda mode. This is used to allow for compiling as a binary that links against libpanda, for pypanda-style use.
Callbacks
panda-rs makes extensive use of callbacks for handling analyses on various events. To use
callbacks, you simply apply the callback's attribute to any functions which should be called
for the given callback. In order to use a callback in a PANDA plugin (not to be confused with
an application that uses libpanda), one plugin must be marked #[panda::init], otherwise the
plugin will not work in PANDA.
libpanda Mode
PANDA also offers a dynamic library (libpanda). panda-rs allows linking against libpanda
instead of linking as a PANDA plugin. This creates a executable that requires libpanda to run.
To compile in libpanda mode, make sure the PANDA_PATH environment variable is set to your
PANDA build folder.
Re-exports
pub use panda_sys as sys; |
pub use panda_macros as base_callbacks; |
pub use inventory; |
pub use panda_arg::PandaArgs; |
Modules
| enums | |
| panda_arg | Helpers for getting plugin arguments from panda |
| plugins | |
| prelude |
Macros
| generate_hooks2_callbacks | For internal use only |
| generate_syscalls_callbacks | For internal use only |
| plugin_import |
Structs
| Callback | A typeless PANDA callback used internally by callback attributes. Not recommended for direct use. |
| PPPCallbackSetup | |
| Panda | Builder for creating PANDA instances. Only for use in libpanda mode. |
| PluginHandle | An opaque type used to register/unregister callbacks with PANDA. Passed into init/unit callbacks |
| UninitCallback | A callback set to run on plugin uninit. To add an uninit callback use |
Enums
| Arch | Architecture of the guest system |
Functions
| current_asid | Get current architecture independent Address-Space ID (ASID) |
| current_ksp | Get current guest kernelspace stack pointer |
| current_pc | Get current guest program counter |
| current_sp | Get current guest userspace stack pointer |
| current_sp_masked_pagesize | Get current guest userspace stack pointer, masking of page size MSBs |
| disable_llvm | Disable LLVM translation and execution |
| disable_llvm_helpers | Disable LLVM helpers |
| enable_llvm | Enable translating TCG -> LLVM and executing LLVM |
| enable_llvm_helpers | Enable LLVM helpers |
| enable_llvm_no_exec | Enable translating TCG -> LLVM, but still execute TCG |
| enter_priv | If required for the target architecture, enter into a high-privilege mode in order to conduct some memory access. Returns true if a switch into high-privilege mode has been made. A NO-OP on systems where such changes are unnecessary. |
| exit_priv | Revert the guest to the privilege mode it was in prior to the last call to enter_priv(). A NO-OP for architectures where enter_priv() is a NO-OP. |
| get_ret_val | Get current guest function return value |
| in_kernel | Determine if guest is currently in kernelspace |
| physical_memory_read | Read from guest physical memory |
| physical_memory_write | Write to guest physical memory |
| virt_to_phys | Translate guest virtual address to physical address |
| virtual_memory_read | Read from guest virtual memory |
| virtual_memory_write | Write to guest virtual memory |
Attribute Macros
| after_block_exec | (Callback) Called after execution of every basic block. If exitCode > TB_EXIT_IDX1, then the block exited early. |
| after_block_translate | (Callback) Called after execution of every basic block. If exitCode > TB_EXIT_IDX1, then the block exited early. |
| after_cpu_exec_enter | (Callback) Called after cpu_exec calls cpu_exec_enter function. |
| after_insn_exec | (Callback) Called after execution of an instruction identified by the PANDA_CB_AFTER_INSN_TRANSLATE callback |
| after_insn_translate | (Callback) Called after the translation of each instruction. |
| after_loadvm | (Callback) Called right after a snapshot has been loaded (either with loadvm or replay initialization), but before any guest code runs. |
| after_machine_init | (Callback) Called right after the machine has been initialized, but before any guest code runs. |
| asid_changed | (Callback) Called when asid changes. |
| before_block_exec | (Callback) Called before execution of every basic block. |
| before_block_exec_invalidate_opt | (Callback) Called before execution of every basic block, with the option to invalidate the TB. |
| before_block_translate | (Callback) Called before translation of each basic block. |
| before_cpu_exec_exit | (Callback) Called before cpu_exec calls cpu_exec_exit function. |
| before_handle_exception | (Callback) Called just before we are about to handle an exception. |
| before_handle_interrupt | (Callback) |
| before_loadvm | (Callback) Called at start of replay, before loadvm is called. This allows us to hook devices' loadvm handlers. Remember to unregister the existing handler for the device first. See the example in the sample plugin. |
| cpu_restore_state | (Callback) Called inside of cpu_restore_state(), when there is a CPU fault/exception. |
| during_machine_init | (Callback) Called in the middle of machine initialization |
| guest_hypercall | (Callback) Called when a program inside the guest makes a hypercall to pass information from inside the guest to a plugin |
| hd_read | (Callback) Called when there is a hard drive read |
| hd_write | (Callback) Called when there is a hard drive write |
| init | (Required Callback) Called when the plugin is being uninitialized |
| insn_exec | (Callback) Called before execution of any instruction identified by the PANDA_CB_INSN_TRANSLATE callback. |
| insn_translate | (Callback) Called before the translation of each instruction. |
| main_loop_wait | (Callback) Called in IO thread in place where monitor cmds are processed |
| mmio_after_read | (Callback) Called after MMIO memory is read. |
| mmio_before_write | (Callback) Called after MMIO memory is written to. |
| monitor | (Callback) Called when someone uses the plugin_cmd monitor command. |
| on_mmap_updated | (Callback) |
| on_process_end | (Callback) |
| on_process_start | (Callback) |
| on_sys_execve_enter | (Callback) |
| on_sys_write_enter | (Callback) |
| on_thread_end | (Callback) |
| on_thread_start | (Callback) |
| phys_mem_after_read | (Callback) Called after memory is read. |
| phys_mem_after_write | (Callback) Called after memory is written. |
| phys_mem_before_read | (Callback) Called after memory is read. |
| phys_mem_before_write | (Callback) Called before memory is written. |
| pre_shutdown | (Callback) Called just before qemu shuts down |
| replay_after_dma | (Callback) In replay only, we are about to dma between qemu buffer and guest memory |
| replay_before_dma | (Callback) In replay only. We are about to dma between qemu buffer and guest memory. |
| replay_handle_packet | (Callback) In replay only, we have a packet (incoming / outgoing) in hand. |
| replay_hd_transfer | (Callback) In replay only. Some kind of data transfer involving hard drive. |
| replay_net_transfer | (Callback) In replay only, some kind of data transfer within the network card (currently, only the E1000 is supported). |
| replay_serial_read | (Callback) In replay only, called when a byte read from the serial RX FIFO |
| replay_serial_receive | (Callback) In replay only, called when a byte is received on the serial port. |
| replay_serial_send | (Callback) In replay only, called when a byte is sent on the serial port. |
| replay_serial_write | (Callback) In replay only, called when a byte written to the serial TX FIFO |
| top_loop | (Callback) Called at the top of the loop that manages emulation. |
| unassigned_io_read | (Callback) Called when the guest attempts to read from an unmapped peripheral via MMIO |
| unassigned_io_write | (Callback) Called when the guest attempts to write to an unmapped peripheral via MMIO |
| uninit | (Callback) Called when the plugin is being uninitialized |
| virt_mem_after_read | (Callback) Called after memory is read. |
| virt_mem_after_write | (Callback) Called after memory is written. |
| virt_mem_before_read | (Callback) Called before memory is read. |
| virt_mem_before_write | (Callback) Called before memory is written. |
Derive Macros
| PandaArgs |