zelos.plugin.kernel_base module¶
-
zelos.plugin.kernel_base.ptr2struct(z, addr, struct_class)¶ Returns an instance of struct_class read starting from addr
-
zelos.plugin.kernel_base.get_pchar_array(z, addr, size=-1)¶ Reads a set of string pointers starting at addr up to the first null pointer (with a max of size, if specified) Returns a list of null-terminated strings read from those pointers.
-
zelos.plugin.kernel_base.str2struct(struct_obj, data)¶
-
class
zelos.plugin.kernel_base.IKernel(engine)¶ Bases:
object-
property
emu¶
-
property
trace_file¶
-
set_breakpoint(syscall_name)¶
-
remove_breakpoint(syscall_name)¶
-
get_last_syscall_args()¶ Gets the last set of Args() parsed by get_args
-
get_last_retval()¶ Gets the last retval return by a syscall
-
get_retval_register()¶ Gets the register name used for syscall return values
-
generate_break_state() → Optional[dict]¶
-
print(string, max_len=1000)¶ Used to print additional debug information within a syscall. Will not appear in the strace.
-
print_info(string)¶ Used to print auxiliary information to the strace file
-
handle_syscall(process)¶ Calls the corresponding syscall with given name or number in the context of the given process
-
pause_syscall(process, condition=None)¶ Defines what happens when the pause syscall exception is received.
-
register_overrides(override_dict: Dict[str, List[int]])¶ Overrides return value behavior in the syscall manager.
-
find_syscall_name_by_number(n)¶ Finds and returns syscall name by syscall number.
-
find_syscall(sys_name)¶ Finds and returns syscall implementation by syscall number.
-
add_custom_syscall(sys_num, sys_name, sys_func)¶
-
return_addr()¶
-
nullsub(k, p)¶
-
fixme(msg)¶
-
get_syscall_number()¶
-
set_return_value(value)¶
-
property