Virtuoso installation and walkthorugh

install : https://code.google.com/p/virtuoso/wiki/Installation

Walkthrough : https://code.google.com/p/virtuoso/wiki/Walkthrough

libasm

https://code.google.com/p/libdasm/

에서 파일 다운 후,  파일 압축 풀고, 아래 명령어 입력한다.

make

sudo make install

cd pydasm

sudo python setup.py install

이후 troble Shooting1 : 

Comment by qps...@gmail.com, Aug 6, 2014

Hi, has somebody managed to install virtuoso in Ubuntu14.04 x64 and run the " premade virtual machine of Haiku R1 Alpha 2"??

I got some error messages :

QEMU 0.9.1 monitor - type 'help' for more information (qemu) iferret_set_keyboard_label: label is henceforth keyboard_startup?iferret_set_network_label: label is henceforth network_startup? EIP_BASE = 0x60a878e0 EAX_BASE = 0x60a87798 ECX_BASE = 0x60a878e8 EDX_BASE = 0x60a87780 EBX_BASE = 0x60a878f0 ESP_BASE = 0x60a87910 EBP_BASE = 0x60a878f8 ESI_BASE = 0x60a87790 EDI_BASE = 0x60a877a8 T0_BASE = 0x60a877b0 T1_BASE = 0x60a877c8 A0_BASE = 0x60a877b8 Q0_BASE = 0x60a87900 Q1_BASE = 0x60a87908 Q2_BASE = 0x60a87788 Q3_BASE = 0x60a877a0 TB cache flushed by request. ERROR: get_instruction failed at 0x74b4f1 : d9fcd96c240483c408c39090909090db Aborted (core dumped)

Some suggestions to solve this problem?? Any advice will be appreciated.

Comment by qps...@gmail.com, Aug 26, 2014

Finally, I have solved the problem that I encountered, and I post the solution here, which one day may be helpful for others:

This error is caused by libdasm, due to the fact that "Libdasm is missing support for some instructions, and this will cause tracing to stop and QEMU to shut down.", which is mentioned by the author in another thread "limitation and caveats".

Thus, the solution is to comment a block of code related to function "get_instruction", which starts from line 3281("for(i=0;i<16;i++)") to line 3335,(the line before "if(iferret_info_flow)") in file iferret-logging-new/target-i386/translate.c. Then recompile and install all.

After above manipulation, this error is supposed to be solved.

At last, thanks for the great job done by the author, in the field of VMI.

gcc - 3.4

qemu를 위해서는 gcc 3.4가 필요하다.

64bit용은

http://old-releases.ubuntu.com/ubuntu/pool/universe/g/gcc-3.4/ 

 에서 필요한 파일을 다운받으면 된다.

모든  ref는 http://deokss.blogspot.kr/2012/08/gcc-34-on-ubuntu-1204default-gcc-46.html

sudo dpkg -i gcc-3.4-base_3.4.6-6ubuntu5_amd64.deb 

sudo dpkg -i cpp-3.4_3.4.6-6ubuntu5_adm64.deb 

sudo dpkg -i gcc-3.4_3.4.6-6ubuntu5_amd64.deb 

sudo dpkg --force-depends -i g++-3.4_3.4.6-6ubuntu5_amd64.deb

sudo dpkg --force-depends -i libstdc++6-dev_3.4.6-6ubuntu5_amd64.deb

$ sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-3.4 10

$ sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 20

$ sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-3.4 10

$ sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.8 20

$ sudo update-alternatives --install /usr/bin/cc cc /usr/bin/gcc 30

$ sudo update-alternatives --set cc /usr/bin/gcc

$ sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++ 30

$ sudo update-alternatives --set c++ /usr/bin/g++

 main으로 할 거 설정해주기.

$ sudo update-alternatives --config gcc

$ sudo update-alternatives --config g++

trouble shooting

• 우분투 64bit

the error log from compiling the libSDL test is: 

/usr/bin/ld: cannot find crt1.o: No such file or directory

/usr/bin/ld: cannot find crti.o: No such file or directory

collect2: ld returned 1 exit status

ERROR: QEMU requires SDL or Cocoa for graphical output

To build QEMU without graphical output configure with --disable-gfx-check

Note that this will disable all output from the virtual graphics card.\

export LIBRARY_PATH=/usr/lib/x86_64-linux-gnu 

 하니깐 해결.....ㅎㄷㄷ....

• virtuoso파일의 권한을 변경 해주어야하다. 귀찮아서 chmod 777 * 로 때려박음

• ipython필요

$ sudo apt-get install python-pip python-dev build-essential 

$ sudo pip install --upgrade pip 

$ sudo pip install --upgrade virtualenv 

$ sudo pip install ipython

dynamic scling시 다음과 같은 에러 발생 :   AttributeError: 'module' object has no attribute 'Shell'

sudo pip install ipython==0.10

1. trace logging

in the iferret-logging-new

install/bin/qemu -m 256 \
    -hda haiku-r1alpha2-anyboot.qcow2 \
    -usbdevice tablet -loadvm introprog \
    -monitor stdio -k en-us \
    -iferret_log walkthrough

enumprocs

-hda : boot the image

-loadvm : load the snapshot

-iferret_log  : save traces to a logfile

iferret은 qemu 수정본이다.

output : 

qemu를 어떻게 활용하나?

2. dynamic slice

./newslice.py -o haiku ../iferret-logging-new/walkthrough.0-1234

뭔가 여러가지 적업을 한다. 

trace analyzer, instruction translator

output : 

dynamic slicing을 하고, merging작업을 통해 QEMU µOps 을 python코드로 바꾼다. python코드는  Volatility에서 사용한다.

3.Runtime

./volatility newmicrodo \
    -f haiku.mem \
    -e haiku.env \
    -m ../iferret-logging-new/walkthrough.pkl \
    -n '[ mem.alloc(1024) ]' \
    -i 'def f(x): print unpack("<%dI" % (len(x)/4),x)'

newmicrodo라는 module을 사용.

The -f  tell Volatility where to find the memory state. 흠..다운받아서씀..

The -e options   tell Volatility where to find the  CPU state. 각 OS(haiku, linux, windows, osx) 별로 파일이 있다.

The -m option tells Volatility where to find the plugin we just generated. 

Finally, the -n option fills in the inputs to the program -- in this case, a buffer where the PIDs will be placed. 

Virtuoso can allocate temporary buffers if necessary using the mem.alloc command. 

volatility를 어떻게 활용하나?