# make a directory rr_files in the panda directory
# download pdb_lines.rr, cve-2012-4792-crash.rr, and win7chromessl.rr
# unpack each downloaded .rr in the rr_files directory with ./scripts/rrunpack.py 

#=== parsing source lines section in PDB file ===
# run with syscalls plugin
qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay rr_files/pdb_lines -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_syscalls.so

# run with memdump plugin
qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay rr_files/pdb_lines -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_tapindex.so
qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay rr_files/pdb_lines -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_memdump.so
hexdump -C tap_reads.bin | grep "Microsoft"
grep -a -o -b "Microsoft" tap_reads.bin tap_writes.bin

# === internet explorer crash CVE ===
# strings to search for are in "stringsearch_search_strings.txt"; results are placed in "stringsearch_string_matches.txt"
qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay rr_files/cve-2012-4792-crash -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_stringsearch.so

# === visiting an SSL-enabled page using chrome on windows-7 (shows running process information)
qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay rr_files/win7chromessl -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_osi.so -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_syscalls2.so  -panda-plugin ./qemu/x86_64-softmmu/panda_plugins/panda_win7proc.so -pandalog win7_pandalog.plog
# view pandalog with pandalog_reader
./qemu/panda/pandalog_reader win7_pandalog.plog