zelos.plugin package¶
Submodules¶
Module contents¶
-
class
zelos.plugin.
ArgFactory
(str_func: Callable[[zelos.plugin.arg_base.Arg], str])¶ Bases:
object
-
gen_args
(arg_spec: List[Tuple[str, str]], values: List[int], arg_string_overrides: Dict[str, Callable[[zelos.plugin.arg_base.Args], str]] = {}) → zelos.plugin.arg_base.Args¶
-
-
class
zelos.plugin.
Loader
(z, state, files, process, triggers, original_file_name)¶ Bases:
object
-
STACK_BASE
= 1703936¶
-
property
emu
¶
-
property
memory
¶
-
load
(module_path, file, thread_name='main', entrypoint_override=None)¶
-
-
class
zelos.plugin.
CommandLineOption
(name, **kwargs)¶ Bases:
object
Registers a command line option for Zelos. The kwargs are those recognized by the argparse library
-
class
zelos.plugin.
IPlugin
(zelos)¶ Bases:
zelos.manager.IManager
Base class for Plugins that provides an api for interacting with zelos objects.
-
class
zelos.plugin.
OSPlugins
(z)¶ Bases:
object
-
unregistered_os_plugins
= []¶
-
parse
(path, binary)¶
-
load
(file, process, entrypoint_override=None)¶
-
-
class
zelos.plugin.
PluginCommands
(paths, argparser)¶ Bases:
object
-
registered_flags
= {}¶
-
flags_to_resolve
= []¶
-
add_flags
(source_file_name, flags_dict, argparser)¶
-
-
class
zelos.plugin.
Plugins
(zelos, paths)¶ Bases:
object
Plugins are set as attributes of this class for convenience.
-
loaded_plugins
= []¶
-
register_plugin
(plugin_class: Callable[[Zelos], zelos.plugin.plugin.IPlugin]) → None¶
-
get
(plugin_name)¶
-
has
(plugin_name)¶
-
-
class
zelos.plugin.
SyscallManager
(engine)¶ Bases:
object
-
property
emu
¶
-
set_breakpoint
(syscall_name)¶
-
remove_breakpoint
(syscall_name)¶
-
get_last_syscall_args
()¶ Gets the last set of Args() parsed by get_args
-
get_last_retval
()¶ Gets the last retval return by a syscall
-
get_retval_register
()¶ Gets the register name used for syscall return values
-
generate_break_state
()¶
-
set_strace_file
(filename)¶
-
print
(string, max_len=1000)¶ Used to print additional debug information within a syscall. Will not appear in the strace.
-
print_info
(string)¶ Used to print auxiliary information to the strace file
-
print_syscall
(thread, syscall_name, args, retval)¶ Prints information regarding a syscall for the strace. Note, this may not immediately print the syscall (may need to wait for return value
-
handle_syscall
(process)¶ Calls the corresponding syscall with given name or number in the context of the given process
-
pause_syscall
(process, condition=None)¶ Defines what happens when the pause syscall exception is received.
-
register_overrides
(override_dict: Dict[str, List[int]])¶ Overrides return value behavior in the syscall manager.
-
find_syscall_name_by_number
(n)¶ Finds and returns syscall name by syscall number.
-
find_syscall
(sys_name)¶ Finds and returns syscall implementation by syscall number.
-
add_custom_syscall
(sys_num, sys_name, sys_func)¶
-
return_addr
()¶
-
nullsub
(sm, p)¶
-
fixme
(msg)¶
-
get_syscall_number
()¶
-
set_return_value
(value)¶
-
property