zelos.plugin package

Submodules

• zelos.plugin.arg_base module
• zelos.plugin.loader_base module
• zelos.plugin.parser_base module
• zelos.plugin.plugin module
• zelos.plugin.syscall_manager_base module

Module contents

class zelos.plugin.ArgFactory(str_func: Callable[[zelos.plugin.arg_base.Arg], str])

Bases: object

gen_args(arg_spec: List[Tuple[str, str]], values: List[int], arg_string_overrides: Dict[str, Callable[[zelos.plugin.arg_base.Args], str]] = {}) → zelos.plugin.arg_base.Args

class zelos.plugin.Loader(z, state, files, process, triggers, original_file_name)

Bases: object

STACK_BASE = 1703936

property emu

property memory

load(module_path, file, thread_name='main', entrypoint_override=None)

class zelos.plugin.ParsedBinary

Bases: object

parse(filename, filedata='', options={})

string()

class zelos.plugin.Section

Bases: object

string()

class zelos.plugin.CommandLineOption(name, **kwargs)

Bases: object

Registers a command line option for Zelos. The kwargs are those recognized by the argparse library

class zelos.plugin.IPlugin(zelos)

Bases: zelos.manager.IManager

Base class for Plugins that provides an api for interacting with zelos objects.

class zelos.plugin.ISubcommand(argparser)

Bases: object

class zelos.plugin.OSPlugin(z)

Bases: object

parse(*args, **kwargs)

load(*args, **kwargs)

class zelos.plugin.OSPlugins(z)

Bases: object

unregistered_os_plugins = []

parse(path, binary)

load(file, process, entrypoint_override=None)

class zelos.plugin.PluginCommands(paths, argparser)

Bases: object

registered_flags = {}

flags_to_resolve = []

add_flags(source_file_name, flags_dict, argparser)

class zelos.plugin.Plugins(zelos, paths)

Bases: object

Plugins are set as attributes of this class for convenience.

loaded_plugins = []

register_plugin(plugin_class: Callable[[Zelos], zelos.plugin.plugin.IPlugin]) → None

get(plugin_name)

has(plugin_name)

class zelos.plugin.SyscallManager(engine)

Bases: object

property emu

set_breakpoint(syscall_name)

remove_breakpoint(syscall_name)

get_last_syscall_args()

Gets the last set of Args() parsed by get_args

get_last_retval()

Gets the last retval return by a syscall

get_retval_register()

Gets the register name used for syscall return values

generate_break_state() → Optional[dict]

set_strace_file(filename)

print(string, max_len=1000)

Used to print additional debug information within a syscall. Will not appear in the strace.

print_info(string)

Used to print auxiliary information to the strace file

print_syscall(thread, syscall_name, args, retval)

Prints information regarding a syscall for the strace. Note, this may not immediately print the syscall (may need to wait for return value

handle_syscall(process)

Calls the corresponding syscall with given name or number in the context of the given process

pause_syscall(process, condition=None)

Defines what happens when the pause syscall exception is received.

register_overrides(override_dict: Dict[str, List[int]])

Overrides return value behavior in the syscall manager.

find_syscall_name_by_number(n)

Finds and returns syscall name by syscall number.

find_syscall(sys_name)

Finds and returns syscall implementation by syscall number.

add_custom_syscall(sys_num, sys_name, sys_func)

return_addr()

nullsub(sm, p)

fixme(msg)

get_syscall_number()

set_return_value(value)