-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add panda target and test #29
Conversation
Happy to try fixing the few linter issues, but I'm not sure how to best fix the failing panda import. Unfortunately PANDA's not easily installed via pip (there is a package, but it's very outdated). I could modify a dockerfile to install PANDA from source if you'd like, but I'm not sure where the dockerfile for the test container is and if that would be appropriate. |
Lacking proper packaging and a strong motive I'm not sure if we want to add panda to CI. In the test file, the test can be written as a |
Well, it looks like they do have a pip package: https://github.com/panda-re/panda/#quickstart-python-pip We could add this as an optional dependency and install it in the venv, and install the needed binaries at build time in the container. If this interests you, check out the angr/ci-settings repository, which is where the CI container is built. |
Thanks for the suggestions! I think skipping the CI for it would be best, the panda pip package is a few years outdated (and to make it even worse, that's my fault). I'll update this with the |
Turns out I already had the skipUnless set up, there was just an unnecessary panda import in another file. Updated the code to (hopefully) address the various linter warnings and errors. |
f311ff5
to
84c15ed
Compare
Thanks for the review. Fixed those 3 things and hopefully fixed the linter complaints from the last CI run. |
PANDA is a qemu fork designed for for dynamic analysis with a nice python interface for guest control and analysis. Avatar supports PANDA as an emulation backend, but this PR adds PANDA as a dedicated target.
The model here is a bit different than other concrete targets. Instead of passing a binary to angr and configuring it to use panda as a concrete execution engine, users explicitly drive a PANDA-emulated guest OS and use PANDA callbacks to suspend emulation at an event of interest. Then, when the concrete guest is suspended, a user can use this interface to synchronize the concrete state from PANDA to angr and run a symbolic execution. Information learned from the symbolic execution can then be used to alter concrete state in the PANDA guest.
I'm very open for suggestions on how to improve this PR, just let me know.