zelos.enums module

class zelos.enums.ProtType

Bases: enum.IntEnum

An enumeration.

NONE = 0

READ = 1

WRITE = 2

EXEC = 4

RWX = 7

RX = 5

RW = 3

class zelos.enums.HookType

Bases: object

class MEMORY

Bases: enum.Enum

Used by zelos.Zelos.hook_memory() to specify the memory event to hook on. View the registration function for more details.

READ = 1

WRITE = 2

READ_UNMAPPED = 3

WRITE_UNMAPPED = 4

READ_PROT = 5

WRITE_PROT = 6

READ_AFTER = 7

UNMAPPED = 8

PROT = 9

READ_INVALID = 10

WRITE_INVALID = 11

INVALID = 12

VALID = 13

class EXEC

Bases: enum.Enum

Used by zelos.Zelos.hook_execution(). If INST is chosen, the registered hook will be executed every time a single instruction is executed.

If BLOCK is chosen, the registered hook will be executed after every block of instructions is executed. A block is interpreted as a contiguous sequence of code where only the last instruction can modify control flow, typically a branch or return instruction.

View the registration function for more details.

INST = 1

BLOCK = 2

class THREAD

Bases: enum.Enum

Not usable yet through Zelos API

CREATE = 1

SWAP = 2

DESTROY = 3

class PROCESS

Bases: enum.Enum

Not usable yet through Zelos API

CREATE = 1

SWAP = 2

DESTROY = 3

class SYSCALL

Bases: enum.Enum

Used by zelos.Zelos.hook_syscalls().

If AFTER is chosen, the hook will be triggered after the syscall hass been executed.

View the registration function for more details.

AFTER = 1