zelos.plugin.syscall_manager_base module¶
-
zelos.plugin.syscall_manager_base.
ptr2struct
(z, addr, struct_class)¶ Returns an instance of struct_class read starting from addr
-
zelos.plugin.syscall_manager_base.
get_pchar_array
(z, addr, size=-1)¶ Reads a set of string pointers starting at addr up to the first null pointer (with a max of size, if specified) Returns a list of null-terminated strings read from those pointers.
-
zelos.plugin.syscall_manager_base.
str2struct
(struct_obj, data)¶
-
class
zelos.plugin.syscall_manager_base.
SyscallManager
(engine)¶ Bases:
object
-
property
emu
¶
-
set_breakpoint
(syscall_name)¶
-
remove_breakpoint
(syscall_name)¶
-
get_last_syscall_args
()¶ Gets the last set of Args() parsed by get_args
-
get_last_retval
()¶ Gets the last retval return by a syscall
-
get_retval_register
()¶ Gets the register name used for syscall return values
-
generate_break_state
()¶
-
set_strace_file
(filename)¶
-
print
(string, max_len=1000)¶ Used to print additional debug information within a syscall. Will not appear in the strace.
-
print_info
(string)¶ Used to print auxiliary information to the strace file
-
print_syscall
(thread, syscall_name, args, retval)¶ Prints information regarding a syscall for the strace. Note, this may not immediately print the syscall (may need to wait for return value
-
handle_syscall
(process)¶ Calls the corresponding syscall with given name or number in the context of the given process
-
pause_syscall
(process, condition=None)¶ Defines what happens when the pause syscall exception is received.
-
register_overrides
(override_dict: Dict[str, List[int]])¶ Overrides return value behavior in the syscall manager.
-
find_syscall_name_by_number
(n)¶ Finds and returns syscall name by syscall number.
-
find_syscall
(sys_name)¶ Finds and returns syscall implementation by syscall number.
-
add_custom_syscall
(sys_num, sys_name, sys_func)¶
-
return_addr
()¶
-
nullsub
(sm, p)¶
-
fixme
(msg)¶
-
get_syscall_number
()¶
-
set_return_value
(value)¶
-
property