loaded plugin not supported for x86-64

[AndrewQuijano]

It seems Dwarf2 requires the loaded plugin. However, the loaded library works only with 32-bit not 64-bit. Based on Git, it seems @LauraLMann added the check to explicitly exclude 64-bit 5 years ago.

Would you know if loaded now works with 64-bit? Would this just involve using 64-bit counters instead of 32-bit counters on the current plugin? If so, could you please update loaded to support 64-bit? This would greatly help on the final steps to revive LAVA, which I hope to finalize in the next 2 weeks.

https://github.com/panda-re/panda/blob/dev/panda/plugins/loaded/loaded.cpp

[LauraLMann]

The loaded plugin was modified to explicitly reject 64-bit recordings because back when 64-bit support was added to PANDA's syscalls2 plugin, the loaded plugin required the use of a system call that does not exist in the 64-bit system calls. As the people paying my salary have no interest in using that particular plugin, we took the easy way out and disabled it for 64-bit recordings. It seemed nicer than having it just do crazy stuff if someone tried to use it on a 64-bit recording.
It appears there has been a little work done on the loaded plugin since then, but it doesn't appear to have changed what system calls are used, so I doubt it's as simple as removing the 64-bit check.
Maybe one of the people who have made actual functional changes to loaded can help you out.

[AndrewQuijano]

Thank you for the information! If someone were to get this to work for 64-bit, what work would need to be done? Would it likely be significant?

[LauraLMann]

I have NO idea, except I suspect it would not be trivial. Someone would need to figure out a way to get the information desired without the system call that doesn't exist in 64 bit linux. I neglected to note what system call it was, so I can't even tell you that. I have no idea if 64-bit linux has a similar system call that can be used instead, or if it would have to be done without system calls with a 64-bit recording.

[AndrewQuijano]

@LauraLMann, I am taking a crack at the fix and I am having partial success (it works, but not 100% of the time). It looks like mmap_pgoff is roughly equivalent to mmap2 (which is just mmap). However, this loaded library doesn't always work 100% of the time, if you have any advice please let me know

PR #1553

References
https://www.linuxquestions.org/questions/linux-general-1/difference-between-mmap2-syscall-and-mmap_pgoff-syscall-for-32-bit-linux-4175622986/

https://github.com/panda-re/panda/blob/dev/panda/plugins/syscalls2/generated/syscalls_ext_typedefs_x64.h#L7405-L7412
https://github.com/panda-re/panda/blob/dev/panda/plugins/syscalls2/generated/syscalls_ext_typedefs_x86.h#L4493-L4500