More debug prints to help brendan

panda-re · Dec 2, 2024 · 4766905 · 4766905
1 parent 09c8867
commit 4766905
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 10 deletions.
diff --git a/panda/plugins/dwarf2/dwarf2.cpp b/panda/plugins/dwarf2/dwarf2.cpp
@@ -1945,18 +1945,32 @@ bool ensure_main_exec_initialized(CPUState *cpu) {
         printf("get_mappings failed\n");
         return false;
     }
-    printf("[ensure_main_exec_initialized] looking at libraries\n");
+    printf("[ensure_main_exec_initialized] looking at libraries for %s\n", proc_to_monitor);
 
     for (unsigned i = 0; i < libs->len; i++) {
         char fname[260] = {};
         OsiModule *m = &g_array_index(libs, OsiModule, i);
-        if (!m->file) continue;
-        if (!m->name) continue;
+        if (debug) {
+            printf("Iteration %d within the for loop of libraries in main_exec_initialized\n", i);
+        }
+        if (!m->file) {
+            if (debug) {
+                printf("Invalid file from OsiModule\n");
+            }
+            continue;
+        }
+        if (!m->name) {
+            if (debug) {
+                printf("Invalid name from OsiModule\n");
+            }
+            continue;
+        }
         std::string lib = std::string(m->file);
 
         if (0 != strncmp(m->name, proc_to_monitor, strlen(m->name))) {
             if (debug) {
                 printf("[ensure_main_exec_initialized] looking at file %s, skip this\n", m->file);
+                printf("[ensure_main_exec_initialized] looking at name %s, skip this\n", m->name);
             }
             continue;
         }

diff --git a/panda/plugins/pri_taint/pri_taint.cpp b/panda/plugins/pri_taint/pri_taint.cpp
@@ -100,23 +100,47 @@ void print_membytes(CPUState *env, target_ulong a, target_ulong len) {
 #define LAVA_TAINT_QUERY_MAX_LEN (target_ulong)64ULL
 #if defined(TARGET_I386)
 void lava_taint_query(target_ulong buf, LocType loc_t, target_ulong buf_len, const char *astnodename) {
+    if (debug) {
+        printf("Attempt to lava_taint_query\n");
+    }
+
     // can't do a taint query if it is not a valid register (loc) or if
     // the buf_len is greater than the register size (assume size of guest pointer)
     if (loc_t == LocReg && (buf >= CPU_NB_REGS || buf_len >= sizeof(target_ulong) ||
-                buf_len == (target_ulong)-1))
+                buf_len == (target_ulong)-1)) {
+        if (debug) {
+            printf("The register is not balid OR buf_len > register size\n");
+        }
         return;
-    if (loc_t == LocErr || loc_t == LocConst)
+    }
+    if (loc_t == LocErr || loc_t == LocConst) {
+        if (debug) {
+            printf("The Location is either error OR constant");
+        }
         return;
-    if (!pandalog || !taint2_enabled() || taint2_num_labels_applied() == 0)
+    }
+    if (!pandalog || !taint2_enabled() || taint2_num_labels_applied() == 0) {
+        if (debug) {
+            printf("No Panda log, Taint2 not enabled, or No taint2 num labeled applied\n");
+        }
         return;
+    }
+    if (debug) {
+        printf("OK, Seems like I can Lava Taint! LFG!\n");
+    }
 
     CPUState *cpu = first_cpu;
     CPUArchState *env = (CPUArchState *)cpu->env_ptr;
     bool is_strnlen = ((int) buf_len == -1);
     extern ram_addr_t ram_size;
     target_ulong phys = loc_t == LocMem ? panda_virt_to_phys(cpu, buf) : 0;
 
-    if (phys == -1 || phys > ram_size) return;
+    if (phys == -1 || phys > ram_size) {
+        if (debug) {
+            printf("Incorrect physical address -1 or beyond RAM size\n");
+        }
+        return;
+    }
 
     if (debug) {
         //printf("Querying \"%s\": " TARGET_FMT_lu " bytes @ 0x" TARGET_FMT_lx " phys 0x" TARGET_FMT_plx ", strnlen=%d", astnodename, buf_len, buf, phys, is_strnlen);
@@ -150,11 +174,22 @@ void lava_taint_query(target_ulong buf, LocType loc_t, target_ulong buf_len, con
     uint32_t num_tainted = 0;
     for (uint32_t i = 0; i < len; i++) {
         Addr a = loc_t == LocMem ? make_maddr(phys + i) : make_greg(buf, i);
-        if (taint2_query(a)) num_tainted++;
+        if (taint2_query(a)) {
+            num_tainted++;
+        }
     }
 
     // If nothing's tainted and we aren't doing chaff bugs, return.
-    if (num_tainted == 0) return;
+    if (num_tainted == 0) {
+        if (debug) {
+            printf("Nothing is tainted!\n");
+        }
+        return;
+    }
+
+    if (debug) {
+        printf("Starting to write the Panda Log now in pri_taint\n");
+    }
 
     // 1. write the pandalog entry that tells us something was tainted on this extent
     Panda__TaintQueryPri tqh = PANDA__TAINT_QUERY_PRI__INIT;
@@ -206,7 +241,9 @@ void lava_taint_query(target_ulong buf, LocType loc_t, target_ulong buf_len, con
 
     pandalog_callstack_free(tqh.call_stack);
     free(tqh.src_info);
-    for (Panda__TaintQuery *ptq : tq) pandalog_taint_query_free(ptq);
+    for (Panda__TaintQuery *ptq : tq) {
+        pandalog_taint_query_free(ptq);
+    }
 }
 #endif
 struct args {