Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

loaded plugin not supported for x86-64 #1547

Open
AndrewQuijano opened this issue Oct 29, 2024 · 4 comments · May be fixed by #1553 or #1563
Open

loaded plugin not supported for x86-64 #1547

AndrewQuijano opened this issue Oct 29, 2024 · 4 comments · May be fixed by #1553 or #1563
Assignees

Comments

@AndrewQuijano
Copy link
Collaborator

AndrewQuijano commented Oct 29, 2024

It seems Dwarf2 requires the loaded plugin. However, the loaded library works only with 32-bit not 64-bit. Based on Git, it seems @LauraLMann added the check to explicitly exclude 64-bit 5 years ago.

Would you know if loaded now works with 64-bit? Would this just involve using 64-bit counters instead of 32-bit counters on the current plugin? If so, could you please update loaded to support 64-bit? This would greatly help on the final steps to revive LAVA, which I hope to finalize in the next 2 weeks.

https://github.com/panda-re/panda/blob/dev/panda/plugins/loaded/loaded.cpp

@LauraLMann
Copy link
Collaborator

The loaded plugin was modified to explicitly reject 64-bit recordings because back when 64-bit support was added to PANDA's syscalls2 plugin, the loaded plugin required the use of a system call that does not exist in the 64-bit system calls. As the people paying my salary have no interest in using that particular plugin, we took the easy way out and disabled it for 64-bit recordings. It seemed nicer than having it just do crazy stuff if someone tried to use it on a 64-bit recording.
It appears there has been a little work done on the loaded plugin since then, but it doesn't appear to have changed what system calls are used, so I doubt it's as simple as removing the 64-bit check.
Maybe one of the people who have made actual functional changes to loaded can help you out.

@AndrewQuijano
Copy link
Collaborator Author

Thank you for the information! If someone were to get this to work for 64-bit, what work would need to be done? Would it likely be significant?

@LauraLMann
Copy link
Collaborator

I have NO idea, except I suspect it would not be trivial. Someone would need to figure out a way to get the information desired without the system call that doesn't exist in 64 bit linux. I neglected to note what system call it was, so I can't even tell you that. I have no idea if 64-bit linux has a similar system call that can be used instead, or if it would have to be done without system calls with a 64-bit recording.

@AndrewQuijano
Copy link
Collaborator Author

AndrewQuijano commented Nov 16, 2024

@LauraLMann, I am taking a crack at the fix and I am having partial success (it works, but not 100% of the time). It looks like mmap_pgoff is roughly equivalent to mmap2 (which is just mmap). However, this loaded library doesn't always work 100% of the time, if you have any advice please let me know

PR #1553

References
https://www.linuxquestions.org/questions/linux-general-1/difference-between-mmap2-syscall-and-mmap_pgoff-syscall-for-32-bit-linux-4175622986/

https://github.com/panda-re/panda/blob/dev/panda/plugins/syscalls2/generated/syscalls_ext_typedefs_x64.h#L7405-L7412
https://github.com/panda-re/panda/blob/dev/panda/plugins/syscalls2/generated/syscalls_ext_typedefs_x86.h#L4493-L4500

@AndrewQuijano AndrewQuijano changed the title loaded pluging not supported for x86-64 loaded plugin not supported for x86-64 Nov 19, 2024
@AndrewQuijano AndrewQuijano self-assigned this Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants