PANDA – Platform for Architecture-Neutral Dynamic Analysis

An open source platform helps analysts quickly reverse engineer large, real-world binary systems to better analyze how software executes.

PANDA's replay log files are compact and shareable, allowing for repeatable experiments. For example, a nine billion instruction set is represented by only a few hundred megabytes.

The Platform for Architecture-Neutral Dynamic Analysis (PANDA) is a flexible plugin-based framework that helps analysts understand how software behaves as it executes on a system. The platform was designed to facilitate reverse engineering, a process of analyzing code to discover its internal principles. The knowledge gleaned from PANDA can help analysts understand the true conduct of their code, identify errors in the code and determine if those errors are benign or harmful, and make legacy code function on modern operating systems.

The main feature of PANDA is a novel record-and-replay mechanism that captures a recording of all software executing on a system. Analysts can then replay that recording repeatedly. With each replay, users can implement PANDA's software-analysis plugins, more than 40 of which have been developed by Lincoln Laboratory researchers, university collaborators, and the open-source community. Used iteratively, the plugins help an analyst construct a deep understanding of the system's execution, from determining when key events are executed on the system to tracking specific pieces of data as they flow around the system. Since PANDA's open-source release, universities and companies around the world have been using the platform to improve their software analysis tasks.