Monday, October 6, 2014

PANDA VM Updated

By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here:

pandavm-20141005.tar.bz2

The version in the VM is based on Git revision 28787825aaf514da22e11650fdfca3ba82b9fc57.

Enjoy!

3 comments:

pawankumar chaudhari said...

what is password for panda user

Brendan Dolan-Gavitt said...

The password is the same as for the previous VM, "panda".

Parsia said...

Hi
I am trying to analyze a record of a simple AES decryption app using PANDA with the VM you provided.

I have already created the replay using the tutorial for SSL master key. I have three questions:

1) I see that there is a Keyfind plugin. Looking at the source, it is written for the SSL key. Is there one for AES keys? Similar to aeskeyfind at (https://citp.princeton.edu/research/memory/code/)?

2) I cannot load some plugins. Notably anything that is dependent on "panda_callstack_instr" like keyfind. But I can load "panda_taint".

I get this error.
loading /home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
Failed to load /home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so: libdistorm3.so: cannot open shared object file: No such file or directory
FAIL: Unable to load plugin `/home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so'

I re-compiled and re-installed distorm to be sure. But the error still occurs.

3. I see there is a memorydump plugin. Is there a way to make several memory dumps from the replay at different times?

Thanks