PANDA VM Updated

By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here:

pandavm-20141005.tar.bz2

The version in the VM is based on Git revision 28787825aaf514da22e11650fdfca3ba82b9fc57.

Enjoy!

Comments

Unknown said…
what is password for panda user
The password is the same as for the previous VM, "panda".
Parsia said…
Hi
I am trying to analyze a record of a simple AES decryption app using PANDA with the VM you provided.

I have already created the replay using the tutorial for SSL master key. I have three questions:

1) I see that there is a Keyfind plugin. Looking at the source, it is written for the SSL key. Is there one for AES keys? Similar to aeskeyfind at (https://citp.princeton.edu/research/memory/code/)?

2) I cannot load some plugins. Notably anything that is dependent on "panda_callstack_instr" like keyfind. But I can load "panda_taint".

I get this error.
loading /home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
Failed to load /home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so: libdistorm3.so: cannot open shared object file: No such file or directory
FAIL: Unable to load plugin `/home/panda/panda/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so'

I re-compiled and re-installed distorm to be sure. But the error still occurs.

3. I see there is a memorydump plugin. Is there a way to make several memory dumps from the replay at different times?

Thanks

Popular posts from this blog

Someone’s Been Messing With My Subnormals!

Decrypting LSA Secrets

SysKey and the SAM