zelos.zml module¶
-
class
zelos.zml.ConditionList(conditions: Dict[str, str])¶ Bases:
objectSpecifies common conditions that are used for other ConditionLists
-
is_satisfied(zelos)¶
-
-
class
zelos.zml.SyscallConditionList(conditions: Dict[str, str])¶ Bases:
zelos.zml.ConditionListUsed to trigger an action after a specific syscall.
-
is_satisfied(zelos, sysname, args, retval)¶
-
act_when_satisfied(zelos, action: Callable[[], Any])¶
-
-
class
zelos.zml.FuncConditionList(conditions: Dict[str, str])¶ Bases:
zelos.zml.ConditionListUsed to trigger an action after a specific API.
-
is_satisfied(zelos)¶
-
act_when_satisfied(zelos, action: Callable[[], Any])¶
-
-
class
zelos.zml.AddressConditionList(conditions: Dict[str, str])¶ Bases:
zelos.zml.ConditionListUsed to trigger an action executing a specific address.
-
act_when_satisfied(zelos, action: Callable[[], Any])¶
-
-
class
zelos.zml.ThreadConditionList(conditions: Dict[str, str])¶ Bases:
zelos.zml.ConditionListUsed to trigger an action upon switching to a certain thread.
-
act_when_satisfied(zelos, action: Callable[[], Any])¶
-
-
class
zelos.zml.EmptyConditionList¶ Bases:
objectWhen no condition to activate an action is specified, default to enacting the action right now.
-
act_when_satisfied(zelos, action: Callable[[], Any])¶
-
-
class
zelos.zml.ZmlParser(zelos)¶ Bases:
objectA parser for the ZML language. Can be used to generate condition lists.
-
trigger_on_zml(action: Callable[[], Any], zml_string: str)¶
-
parse_zml_string(zml_string: str) → Optional[zelos.hooks.HookInfo]¶
-
-
class
zelos.zml.ZmlTransformer(*args, **kwargs)¶ Bases:
lark.visitors.TransformerTakes a ZML tree and creates a ConditionList object out of it.
-
condition_list(tree)¶
-
thread_event(children)¶
-
func_event(children)¶
-
syscall_event(children)¶
-
addr_event(children)¶
-
thread_cond(children)¶
-
n_cond(children)¶
-
retval_cond(children)¶
-
arg_cond(children)¶
-
NUMBER(s)¶
-
CNAME(s)¶
-