zelos.processes module

class zelos.processes.Process(processes: str, hook_manager: zelos.hooks.HookManager, pid: int, name: str, emu: zelos.emulator.base.IEmuHelper, parent_pid: int, main_module: str = None, orig_file_name: str = '', cmdline_args: List = None, environment_variables: List = None, virtual_filename: str = None, virtual_path: str = None, disableNX: bool = False)

Bases: object

property is_active

Returns true if this process can be scheduled.

property scheduler
property current_thread
new_thread(start_addr: int, name: str = None, priority: int = 0, stack_setup: Callable = None, module_path: str = '????', benign_code: bool = False) → zelos.threads.Thread

Creates a new thread for the current process.

Parameters

  • start_addr – The starting address of the new thread

  • name – Name of the new thread

  • priority – Scheduling priority of the new thread

  • stack_setup – Callback that populates stack of the new thread

  • module_path – Name of module of new thread

  • benign_code – Logging parameter

Returns

Thread object

get_thread(tid: int) → zelos.threads.Thread

Gets the thread in this process with the specified tid.

Parameters

tid – Thread id

Returns

Thread object

get_child_processes() → List

Get a list of all child processes created by this process.

Returns

List of Process Objects

priority() → int

Returns the scheduling priority of this process. The scheduling priority of a Process is that of its highest priority Thread.

Returns

Number denoting priority

blocks_executed() → int

Calculates # of unique blocks executed across all threads of this process.

Returns

Number of blocks executed

class zelos.processes.Processes(hook_manager: zelos.hooks.HookManager, interrupt_handler: zelos.hooks.InterruptHooks, file_system: zelos.file_system.FileSystem, main_module_name: str, thread_stack_size: int, disableNX: bool = False)

Bases: object

Exposes the processes that are on the virtual machine.

set_architecture(state: zelos.state.State) → None
property current_thread
property thread_manager
gen_tid() → int

Generates a tid that is guaranteed not to have been used before.

new_process(name: str = None, parent_pid: int = None, main_module=None, cmdline_args: List = [], virtual_filename: str = None, virtual_path: str = None) → int

Creates a new process.

Parameters

  • name – Name of the new thread.

  • parent_pid – ID of the parent process.

  • main_module – Module that is used to start the new process.

  • cmdline_args – Arguments to pass to the new process.

Returns

ID of the newly created process.

kill_process(pid: int) → None

Stops a running process and all its threads.

Parameters

pid – ID of process to kill

new_thread_for_current_process(start_addr: int, name: str = None, priority: int = 0, stack_setup: Callable = None, module_path: str = '????', benign_code: bool = False) → zelos.threads.Thread

Creates a new thread for the currently running process.

Parameters

  • start_addr – The starting address of the new thread

  • name – Name of the new thread

  • priority – Scheduling priority of the new thread

  • stack_setup – Callback that populates stack of the new thread

  • module_path – Name of module of new thread

  • benign_code – Logging parameter

Returns

Thread object

num_active_processes() → int
get_process(pid: int) → zelos.processes.Process
get_thread(tid: int) → zelos.threads.Thread

Gets the thread for the given tid.

Parameters

tid – ID of thread.

get_all_threads() → List[zelos.threads.Thread]

Returns a list of threads across all processes

load_next_process() → None

Loads the next process. Will skip processes that are not active.

schedule_next() → None

Swaps processes and threads in order to ensure that all eventually get executed.

swap_with_next_thread() → None

Tries to swap with the next thread in the current process. If that is not possible, attempts to swap processes.

load_process(pid) → None

This attempts to load the designated process. This is a no-op if the process to be loaded is the same as the current process.

Parameters

pid – ID of Process to load.

serialize_process(p)
deserialize_process(data)