zelos.enums module¶
-
class
zelos.enums.
ProtType
¶ Bases:
enum.IntEnum
An enumeration.
-
NONE
= 0¶
-
READ
= 1¶
-
WRITE
= 2¶
-
EXEC
= 4¶
-
RWX
= 7¶
-
RX
= 5¶
-
RW
= 3¶
-
-
class
zelos.enums.
HookType
¶ Bases:
object
-
class
MEMORY
¶ Bases:
enum.Enum
Used by
zelos.Zelos.hook_memory()
to specify the memory event to hook on. View the registration function for more details.-
READ
= 1¶
-
WRITE
= 2¶
-
READ_UNMAPPED
= 3¶
-
WRITE_UNMAPPED
= 4¶
-
READ_PROT
= 5¶
-
WRITE_PROT
= 6¶
-
READ_AFTER
= 7¶
-
UNMAPPED
= 8¶
-
PROT
= 9¶
-
READ_INVALID
= 10¶
-
WRITE_INVALID
= 11¶
-
INVALID
= 12¶
-
VALID
= 13¶
-
-
class
EXEC
¶ Bases:
enum.Enum
Used by
zelos.Zelos.hook_execution()
. If INST is chosen, the registered hook will be executed every time a single instruction is executed.If BLOCK is chosen, the registered hook will be executed after every block of instructions is executed. A block is interpreted as a contiguous sequence of code where only the last instruction can modify control flow, typically a branch or return instruction.
View the registration function for more details.
-
INST
= 1¶
-
BLOCK
= 2¶
-
-
class
SYSCALL
¶ Bases:
enum.Enum
Used by
zelos.Zelos.hook_syscalls()
.If AFTER is chosen, the hook will be triggered after the syscall hass been executed.
View the registration function for more details.
-
AFTER
= 1¶
-
-
class