zelos.plugin.syscall_manager_base module

zelos.plugin.syscall_manager_base.ptr2struct(z, addr, struct_class)

Returns an instance of struct_class read starting from addr

zelos.plugin.syscall_manager_base.get_pchar_array(z, addr, size=-1)

Reads a set of string pointers starting at addr up to the first null pointer (with a max of size, if specified) Returns a list of null-terminated strings read from those pointers.

zelos.plugin.syscall_manager_base.str2struct(struct_obj, data)
class zelos.plugin.syscall_manager_base.SyscallManager(engine)

Bases: object

property emu
set_breakpoint(syscall_name)
remove_breakpoint(syscall_name)
get_last_syscall_args()

Gets the last set of Args() parsed by get_args

get_last_retval()

Gets the last retval return by a syscall

get_retval_register()

Gets the register name used for syscall return values

generate_break_state() → Optional[dict]
set_strace_file(filename)
print(string, max_len=1000)

Used to print additional debug information within a syscall. Will not appear in the strace.

print_info(string)

Used to print auxiliary information to the strace file

print_syscall(thread, syscall_name, args, retval)

Prints information regarding a syscall for the strace. Note, this may not immediately print the syscall (may need to wait for return value

handle_syscall(process)

Calls the corresponding syscall with given name or number in the context of the given process

pause_syscall(process, condition=None)

Defines what happens when the pause syscall exception is received.

register_overrides(override_dict: Dict[str, List[int]])

Overrides return value behavior in the syscall manager.

find_syscall_name_by_number(n)

Finds and returns syscall name by syscall number.

find_syscall(sys_name)

Finds and returns syscall implementation by syscall number.

add_custom_syscall(sys_num, sys_name, sys_func)
return_addr()
nullsub(sm, p)
fixme(msg)
get_syscall_number()
set_return_value(value)