![]() ![]() Checkpoints are just snapshots of all guest state. To be able to time-travel, we wrote a checkpointing API built on QEMU’s savevm. We implemented the two commands reverse-step and reverse-continue in the simplest possible way given existing mechanisms. We extended this debug mechanism to enable reverse execution, as well as other useful debugging commands inspired by Mozilla rr. QEMU also contains a GDB stub that can talk to a remote GDB client. This allows you to capture and analyze a recording of a whole system, but until now, only in the forward direction. are recorded in a logfile and read back during replay, synchronized by the guest instruction index. ![]() Non-deterministic events such as hardware interrupts, timestamp reads, etc. ![]() PANDA, which is built on the QEMU emulator, has the ability to record-replay a full system running a variety of architectures. In this blog post, I’ll talk about the simple design behind reverse-execution and demonstrate its utility in root-causing a Linux kernel n-day. While Mozilla’s brilliant rr is the dominant choice for Linux user binaries and WinDBG Preview works on Windows binaries, PANDA can debug user and kernel space on both systems. During a weekend hackathon with some of the Lincoln Lab maintainers of PANDA, I implemented a really useful feature - time-travel debugging!Īs has been discussed in Ret2Systems’ great blog post, time-travel debugging is an invaluable tool in the reverse engineer’s arsenal. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |