Use libosi to handle windows introspection (panda-re#1138)

Co-authored-by: Luke Craig <[email protected]>

Dockerfile

@@ -40,6 +40,13 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 # Sanity check to ensure cargo is installed
 RUN cargo --help
 
+# install libosi
+RUN cd /tmp && \
+    git clone https://github.com/panda-re/libosi && \
+    mkdir /tmp/libosi/build && cd /tmp/libosi/build && \
+    cmake -GNinja .. && ninja && ninja package && dpkg -i libosi*.deb && \
+    cd /tmp && rm -rf libosi/
+
 # Build and install panda
 # Copy repo root directory to /panda, note we explicitly copy in .git directory
 # Note .dockerignore file keeps us from copying things we don't need

panda/dependencies/ubuntu:18.04_build.txt

@@ -71,3 +71,8 @@ texinfo
 uuid-dev
 xfslibs-dev
 zlib1g-dev
+
+# libosi install deps
+cmake
+ninja-build
+rapidjson-dev

panda/dependencies/ubuntu:20.04_build.txt

@@ -83,3 +83,8 @@ libc6.1-dev-alpha-cross
 
 # rust install deps
 curl
+
+# libosi install deps
+cmake
+ninja-build
+rapidjson-dev

panda/include/panda/common.h

@@ -70,6 +70,11 @@ target_ulong panda_current_pc(CPUState *cpu);
 
 // END_PYPANDA_NEEDS_THIS -- do not delete this comment!
 
+/**
+ * @brief Return the max address of system memory that maps to RAM.
+ */
+Int128 panda_find_max_ram_address(void);
+
 /**
  * @brief Reads/writes data into/from \p buf from/to guest physical address \p addr.
  */

panda/plugins/callstack_instr/callstack_instr.cpp

@@ -47,8 +47,6 @@ PANDAENDCOMMENT */
 // needed for the threaded stack_type
 #include "osi/osi_types.h"
 #include "osi/osi_ext.h"
-#include "wintrospection/wintrospection.h"
-#include "wintrospection/wintrospection_ext.h"
 #include "osi_linux/osi_linux_ext.h"
 
 #include "callstack_instr.h"

panda/plugins/config.panda

@@ -46,7 +46,4 @@ textprinter
 trace
 track_intexc
 unigrams
-win2000x86intro
-win7x86intro
 wintrospection
-winxpx86intro

panda/plugins/file_taint/file_taint.cpp

@@ -22,7 +22,6 @@ PANDAENDCOMMENT */
 #include "osi/osi_types.h"
 #include "osi/osi_ext.h"
 
-#include "wintrospection/wintrospection.h"
 #include "wintrospection/wintrospection_ext.h"
 
 #include "osi_linux/osi_linux_ext.h"
@@ -207,7 +206,7 @@ void windows_read_enter(CPUState *cpu, target_ulong pc, uint32_t FileHandle,
                         uint32_t ByteOffset, uint32_t Key)
 {
     // get_handle_name will assert if the filename is null
-    char *filename = get_handle_name(cpu, get_current_proc(cpu), FileHandle);
+    char *filename = get_handle_name(cpu, FileHandle);
     std::string ob_path = filename;
     // Check if the file handle is absolute, if not we need to make it absolute.
     if (filename[0] != '\\') {
@@ -221,7 +220,7 @@ void windows_read_enter(CPUState *cpu, target_ulong pc, uint32_t FileHandle,
         g_free(cwd);
     }
     verbose_printf("file_taint windows object path: %s\n", ob_path.c_str());
-    int64_t pos = get_file_handle_pos(cpu, get_current_proc(cpu), FileHandle);
+    int64_t pos = get_file_handle_pos(cpu, FileHandle);
     read_enter(ob_path, FileHandle, pos);
     g_free(filename);
 }

panda/plugins/syscalls2/syscalls2.cpp

@@ -1068,7 +1068,7 @@ bool init_plugin(void *self) {
             std::cerr << PANDA_MSG "using profile for windows sp3 x86 32-bit" << std::endl;
             syscalls_profile = &profiles[PROFILE_WINDOWS_XPSP3_X86];
         }
-        if (0 == strcmp(panda_os_variant, "7")) {
+        if (0 == strncmp(panda_os_variant, "7", 1)) {
             std::cerr << PANDA_MSG "using profile for windows 7 x86 32-bit" << std::endl;
             syscalls_profile = &profiles[PROFILE_WINDOWS_7_X86];
         }