ARM support

[canance]

Hi,

I'm running into an issue trying to get DECAF working with an ARM guest and hoping that someone can point me in the right direction. I have created and inserted the procinfo kernel driver to get the correct values for procinfo.ini, and DECAF is able to detect the correct kernel during boot. After the VM is fully booted and I run guest_ps it only shows the kernel though:

(qemu) guest_ps
0	cr3=0x00000000	<kernel>

The lsmod command also doesn't show any results. Is there anything special that I need to do in order to get DECAF to work with an ARM guest?

EDIT --
Here is the output from the qemu monitor when the VM is first booted:

inside bdrv open, drv addr= 0x0x55cdc4d2cd40, size= 26843545600
QEMU 1.0 monitor - type 'help' for more information
(qemu) fs_open = Fragment 
inside bdrv open, drv addr= 0x0x55cdc4d2e7c0, size= 0
fs_open error! drv addr=0x0x55cdc4d2e7c0
inside vmi init 

Procinfo path: /decafroot/DECAF/decaf/arm-softmmu/../shared/kernelinfo/procinfo_generic/procinfo.ini
Total Sections: 1
Match 3.2.0-4-versatile
swapper task @ [c0393310] 

Thanks,
Cory

[hengyin]

Hi Sina, Could you point Cory to the right document about VMI configuration? Heng

…

On Wed, Jun 5, 2019 at 11:26 AM Cory Nance ***@***.***> wrote: Hi, I'm running into an issue trying to get DECAF working with an ARM guest and hoping that someone can point me in the right direction. I have created and inserted the procinfo kernel driver to get the correct values for procinfo.ini, and DECAF is able to detect the correct kernel during boot. After the VM is fully booted and I run guest_ps it only shows the kernel though: (qemu) guest_ps 0 cr3=0x00000000 <kernel> The lsmod command also doesn't show any results. Is there anything special that I need to do in order to get DECAF to work with an ARM guest? Thanks, Cory — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#67>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAWJ2RREEUCWDFZ3OQ3WJLTPZAANHANCNFSM4HUCX6IQ> .

[adava]

Dear Cory,
From what I see, it seems that the address in your procinfo.ini is different than what DECAF sees during emulation. One possible reason for this would be different memory sizes between when you generated the procinfo and when you're emulating (the "-m x" option). Other than that, you can refer to further documentation available at here. Hope this helps.

[canance]

Hi @hengyin and @adava,

Thank you both for the quick response! I verified that the address from the swapper task @ [c0393310] is the same as the value given for init_task_addr while the VM is running and being monitored. I've also tried using the default -m value of 128 MB and the max of 256 MB (for this qemu machine -- versatilepb) with no luck.

Do you happen to have a reference example of using DECAF on arm, similar to the winxp example?

I will read through the wiki to try and get a better understanding of how qemu and DECAF work to see if I can debug this. If you can think of any other reason why what I'm doing wouldn't work, please let me know.

Thanks,
Cory