Crate panda[−][src]
Expand description
panda-rs is a set of Rust bindings for PANDA.
The following are provided:
- Callbacks to various PANDA events in the form of attribute macros
- Callbacks for when guest syscalls happen
- Bindings to various core PANDA plugins (hooks2, osi, etc)
- Safe bindings to the core PANDA API
- An API for driving PANDA via libpanda
- Access to raw PANDA API bindings via panda_sys
Feature flags:
libpanda- enable libpanda mode. This is used to allow for compiling as a binary that links against libpanda, for pypanda-style use.
Callbacks
panda-rs makes extensive use of callbacks for handling analyses on various events. To use
callbacks, you simply apply the callback’s attribute to any functions which should be called
for the given callback. In order to use a callback in a PANDA plugin (not to be confused with
an application that uses libpanda), one plugin must be marked #[panda::init], otherwise the
plugin will not work in PANDA.
libpanda Mode
PANDA also offers a dynamic library (libpanda). panda-rs allows linking against libpanda
instead of linking as a PANDA plugin. This creates a executable that requires libpanda to run.
To compile in libpanda mode, make sure the PANDA_PATH environment variable is set to your
PANDA build folder.
Re-exports
pub use inventory;Modules
PANDA callback macros
Functions for working with PANDA’s LLVM execution
Utilities for working with the guest’s memory
Callbacks for linux syscalls (from syscalls2)
Helpers for getting plugin arguments from panda
Functions for reading and modifying guest registers
Functions for record and replay
Raw bindings to the PANDA API
Taint analysis API
Macros
Structs
A typeless PANDA callback used internally by callback attributes. Not recommended for direct use.
Builder for creating PANDA instances. Only for use in libpanda mode.
An opaque type used to register/unregister callbacks with PANDA. Passed into init/unit callbacks
A callback set to run on plugin uninit. To add an uninit callback use #[panda::uninit] on a
function which takes an &mut PluginHandle as an argument.
Enums
Constants
The name of the architecture as used by PANDA
Traits
A trait for allowing conversion to and from PANDA command line arguments. Should only be used with the provided derive macro.
Functions
Get count of commandline arguments
Get commandline arguments
Get current architecture independent Address-Space ID (ASID)
Get current guest kernelspace stack pointer
Get current guest program counter
Get current guest userspace stack pointer
Get current guest userspace stack pointer, masking of page size MSBs
If required for the target architecture, enter into a high-privilege mode in order to conduct some memory access. Returns true if a switch into high-privilege mode has been made. A NO-OP on systems where such changes are unnecessary.
Revert the guest to the privilege mode it was in prior to the last call to enter_priv(). A NO-OP for architectures where enter_priv() is a NO-OP.
Get current guest function return value
Determine if guest is currently executing kernel code
Determine if guest is currently executing in kernel mode
Type Definitions
Attribute Macros
(Callback) Called after execution of every basic block. If exitCode > TB_EXIT_IDX1, then the block exited early.
(Callback) Called after execution of every basic block. If exitCode > TB_EXIT_IDX1, then the block exited early.
(Callback) Called after cpu_exec calls cpu_exec_enter function.
(Callback) Called after execution of an instruction identified by the PANDA_CB_AFTER_INSN_TRANSLATE callback
(Callback) Called after the translation of each instruction.
(Callback) Called right after a snapshot has been loaded (either with loadvm or replay initialization), but before any guest code runs.
(Callback) Called right after the machine has been initialized, but before any guest code runs.
(Callback) Called when asid changes.
(Callback) Called before execution of every basic block.
(Callback) Called before execution of every basic block, with the option to invalidate the TB.
(Callback) Called before translation of each basic block.
(Callback) Called before cpu_exec calls cpu_exec_exit function.
(Callback) Called just before we are about to handle an exception.
(Callback)
(Callback) Called at start of replay, before loadvm is called. This allows us to hook devices’ loadvm handlers. Remember to unregister the existing handler for the device first. See the example in the sample plugin.
(Callback) Called inside of cpu_restore_state(), when there is a CPU fault/exception.
(Callback) Called in the middle of machine initialization
(Callback) Called when a program inside the guest makes a hypercall to pass information from inside the guest to a plugin
(Callback) Called when there is a hard drive read
(Callback) Called when there is a hard drive write
(Required Callback) Called when the plugin is being uninitialized
(Callback) Called before execution of any instruction identified by the PANDA_CB_INSN_TRANSLATE callback.
(Callback) Called before the translation of each instruction.
(Callback) Called in IO thread in place where monitor cmds are processed
(Callback) Called after MMIO memory is read.
(Callback) Called after MMIO memory is written to.
(Callback) Called when someone uses the plugin_cmd monitor command.
Callback that runs when any syscall is entered
Callback that runs when any syscall returns.
(Callback)
(Callback)
(Callback)
(Callback) Runs when proc_start_linux recieves the AuxvValues for a given process.
(Callback)
(Callback)
(Callback) Called after memory is read.
(Callback) Called after memory is written.
(Callback) Called after memory is read.
(Callback) Called before memory is written.
(Callback) Called just before qemu shuts down
(Callback) In replay only, we are about to dma between qemu buffer and guest memory
(Callback) In replay only. We are about to dma between qemu buffer and guest memory.
(Callback) In replay only, we have a packet (incoming / outgoing) in hand.
(Callback) In replay only. Some kind of data transfer involving hard drive.
(Callback) In replay only, some kind of data transfer within the network card (currently, only the E1000 is supported).
(Callback) In replay only, called when a byte read from the serial RX FIFO
(Callback) In replay only, called when a byte is received on the serial port.
(Callback) In replay only, called when a byte is sent on the serial port.
(Callback) In replay only, called when a byte written to the serial TX FIFO
(Callback) Called at the top of the loop that manages emulation.
(Callback) Called when the guest attempts to read from an unmapped peripheral via MMIO
(Callback) Called when the guest attempts to write to an unmapped peripheral via MMIO
(Callback) Called when the plugin is being uninitialized
(Callback) Called after memory is read.
(Callback) Called after memory is written.
(Callback) Called before memory is read.
(Callback) Called before memory is written.