Virtuoso installation and walkthorugh
install : https://code.google.com/p/virtuoso/wiki/Installation
Walkthrough : https://code.google.com/p/virtuoso/wiki/Walkthrough
libasm
https://code.google.com/p/libdasm/
에서 파일 다운 후, 파일 압축 풀고, 아래 명령어 입력한다.
make
sudo make install
cd pydasm
sudo python setup.py install
이후 troble Shooting1 :
Finally, I have solved the problem that I encountered, and I post the solution here, which one day may be helpful for others:
This error is caused by libdasm, due to the fact that "Libdasm is missing support for some instructions, and this will cause tracing to stop and QEMU to shut down.", which is mentioned by the author in another thread "limitation and caveats".
Thus, the solution is to comment a block of code related to function "get_instruction", which starts from line 3281("for(i=0;i<16;i++)") to line 3335,(the line before "if(iferret_info_flow)") in file iferret-logging-new/target-i386/translate.c. Then recompile and install all.
After above manipulation, this error is supposed to be solved.
At last, thanks for the great job done by the author, in the field of VMI.
gcc - 3.4
qemu를 위해서는 gcc 3.4가 필요하다.
64bit용은
http://old-releases.ubuntu.com/ubuntu/pool/universe/g/gcc-3.4/
에서 필요한 파일을 다운받으면 된다.
모든 ref는 http://deokss.blogspot.kr/2012/08/gcc-34-on-ubuntu-1204default-gcc-46.html
sudo dpkg -i gcc-3.4-base_3.4.6-6ubuntu5_amd64.deb
sudo dpkg -i cpp-3.4_3.4.6-6ubuntu5_adm64.deb
sudo dpkg -i gcc-3.4_3.4.6-6ubuntu5_amd64.deb
sudo dpkg --force-depends -i g++-3.4_3.4.6-6ubuntu5_amd64.deb
sudo dpkg --force-depends -i libstdc++6-dev_3.4.6-6ubuntu5_amd64.deb
$ sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-3.4 10
$ sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 20
$ sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-3.4 10
$ sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.8 20
$ sudo update-alternatives --install /usr/bin/cc cc /usr/bin/gcc 30
$ sudo update-alternatives --set cc /usr/bin/gcc
$ sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++ 30
$ sudo update-alternatives --set c++ /usr/bin/g++
trouble shooting
- 우분투 64bit
the error log from compiling the libSDL test is:
/usr/bin/ld: cannot find crt1.o: No such file or directory
/usr/bin/ld: cannot find crti.o: No such file or directory
collect2: ld returned 1 exit status
ERROR: QEMU requires SDL or Cocoa for graphical output
To build QEMU without graphical output configure with --disable-gfx-check
Note that this will disable all output from the virtual graphics card.\
export LIBRARY_PATH=/usr/lib/x86_64-linux-gnu
하니깐 해결.....ㅎㄷㄷ....
- virtuoso파일의 권한을 변경 해주어야하다. 귀찮아서 chmod 777 * 로 때려박음
- ipython필요
$ sudo apt-get install python-pip python-dev build-essential
$ sudo pip install --upgrade pip
$ sudo pip install --upgrade virtualenv
$ sudo pip install ipython
dynamic scling시 다음과 같은 에러 발생 : AttributeError: 'module' object has no attribute 'Shell'
sudo pip install ipython==0.10
1. trace logging
in the iferret-logging-new
install/bin/qemu -m 256 \
-hda haiku-r1alpha2-anyboot.qcow2 \
-usbdevice tablet -loadvm introprog \
-monitor stdio -k en-us \
-iferret_log walkthrough
enumprocs-hda : boot the image
-loadvm : load the snapshot
-iferret_log : save traces to a logfile
iferret은 qemu 수정본이다.
output :
qemu를 어떻게 활용하나?
2. dynamic slice
./newslice.py -o haiku ../iferret-logging-new/walkthrough.0-1234
뭔가 여러가지 적업을 한다.
trace analyzer, instruction translator
output :
dynamic slicing을 하고, merging작업을 통해 QEMU µOps 을 python코드로 바꾼다. python코드는 Volatility에서 사용한다.
3.Runtime
./volatility newmicrodo \
-f haiku.mem \
-e haiku.env \
-m ../iferret-logging-new/walkthrough.pkl \
-n '[ mem.alloc(1024) ]' \
-i 'def f(x): print unpack("<%dI" % (len(x)/4),x)'
newmicrodo라는 module을 사용.
The -f tell Volatility where to find the memory state. 흠..다운받아서씀..
The -e options tell Volatility where to find the CPU state. 각 OS(haiku, linux, windows, osx) 별로 파일이 있다.
The -m option tells Volatility where to find the plugin we just generated.
Finally, the -n option fills in the inputs to the program -- in this case, a buffer where the PIDs will be placed.
Virtuoso can allocate temporary buffers if necessary using the mem.alloc command.
volatility를 어떻게 활용하나?
Hi, has somebody managed to install virtuoso in Ubuntu14.04 x64 and run the " premade virtual machine of Haiku R1 Alpha 2"??
I got some error messages :
QEMU 0.9.1 monitor - type 'help' for more information (qemu) iferret_set_keyboard_label: label is henceforth keyboard_startup?iferret_set_network_label: label is henceforth network_startup? EIP_BASE = 0x60a878e0 EAX_BASE = 0x60a87798 ECX_BASE = 0x60a878e8 EDX_BASE = 0x60a87780 EBX_BASE = 0x60a878f0 ESP_BASE = 0x60a87910 EBP_BASE = 0x60a878f8 ESI_BASE = 0x60a87790 EDI_BASE = 0x60a877a8 T0_BASE = 0x60a877b0 T1_BASE = 0x60a877c8 A0_BASE = 0x60a877b8 Q0_BASE = 0x60a87900 Q1_BASE = 0x60a87908 Q2_BASE = 0x60a87788 Q3_BASE = 0x60a877a0 TB cache flushed by request. ERROR: get_instruction failed at 0x74b4f1 : d9fcd96c240483c408c39090909090db Aborted (core dumped)
Some suggestions to solve this problem?? Any advice will be appreciated.