zelos.threads module¶

class zelos.threads.ThreadState¶

Bases: enum.Enum

An enumeration.

UNKNOWN = 0¶

RUNNING = 1¶

SUCCESS = 2¶

FAILURE = 3¶

PAUSED = 4¶

KILLED = 5¶

exception zelos.threads.ThreadException¶: Bases: zelos.exceptions.ZelosException

exception zelos.threads.InvalidTidException(tid)¶: Bases: zelos.exceptions.ZelosException

class zelos.threads.Thread(thread_manager, context, stack_base, stack_size, id, name=None, priority=0, parent=None, module_path=None, benign_code=False)¶

Bases: object

Represents information regarding a thread of execution.

Remember, a thread is mostly its register state. This is contained in the Emu class, and as such, if you are interacting with a thread that is not “the current thread” you may not be changing the correct state. Remember to save_context and load_context where appropriate to ensure that your changes only effect the thread that you care about.

property memory¶

property emu¶

property is_active¶

get_reg(reg_name: str) → int¶

Gets the value of the specified register for this thread.

Parameters: reg_name – The name of the register to get the value of.
Returns: An unsigned integer containing the value of the register.

set_reg(reg_name: str, val: int) → None¶

Gets the value of the specified register for this thread.

Parameters

reg_name – The name of the register to set.
val – The value to set the register to.

Returns

An unsigned integer containing the value of the register.

getIP() → int¶

setIP(new_ip: int) → None¶

getSP() → int¶

setSP(new_sp: int) → None¶

getFP() → int¶

setFP(new_fp: int) → None¶

getstack(idx: int) → int¶

setstack(idx: int, val: int) → None¶

popstack() → int¶

pushstack(data: int) → int¶

get_all_regs()¶

get_all_reg_vals()¶

get_regs(regs=None)¶

dumpregs(regs=None)¶

pack(x, bytes=None, little_endian=None, signed=False)¶

unpack(x, bytes=None, little_endian=None, signed=False)¶

cleanup(z)¶

save_context()¶

load_context()¶

print_stack(sp=0, fp=0, top_count=5, bottom_count=10)¶

class zelos.threads.Threads(emu, memory, stack_size)¶

Bases: object

Handles the execution of multiple threads on the same memory.

This class should be manipulated through the process layer.

property completed_threads¶

property failed_threads¶

get_active_threads() → List[zelos.threads.Thread]¶: Returns all active threads

is_current_thread(t: zelos.threads.Thread) → bool¶

Returns True if “t” is the currently running thread.

Parameters: t – The thread to check.
Returns: True if “t” is currently running.

kill_thread(tid: int) → None¶

Changes the state of the specified thread to KILLED

Parameters: tid – The thread id of desired thread to kill

as_current_thread(t: zelos.threads.Thread, closure: Callable[[], Any]) → Any¶

Executes the closure as if “t” was the current thread.

Parameters

t – The thread to set active while executing the closure
closure – The function to execute

Returns

The result of the closure.

record_block(block_address)¶

block_seen_before(block_address)¶: Returns true if the block address has been seen in the current thread before

num_unique_blocks(thread_name=None)¶: Returns the number of unique blocks for the given thread. Returns unique blocks across threads if no thread name is given

executed_within_region(begin_addr, end_addr, thread_names=None)¶: Returns all block starts within the specified region, executed by the specified threads. If no thread_names are specified, checks all threads

num_active_threads() → int¶

Returns the number of threads that are still executing.

Returns: Number of threads that are still executing

fail_current_thread(fail_reason: Optional[str] = None) → None¶

Records the current thread as a failure and removes it from execution

Parameters: fail_reason – Keeps track of why the thread failed. Used in debugging

complete_current_thread() → None¶: Records the current thread as having completed successfully and removes it from execution

pause_current_thread(condition: Optional[Callable[[], bool]] = None) → None¶

Pauses the thread until the condition closure is checked and it evaluates to true. If no condition is supplied, the thread is paused indefinitely.

Parameters: condition – Evaluated periodically, if it ever returns True, unpauses the thread

new_thread(start_addr: int, tid: int, name: Optional[str] = None, priority: int = 0, stack_setup=None, module_path: str = '????', benign_code: bool = False) → zelos.threads.Thread¶: Adds a thread which will run the thread_setup before starting.

create_thread(start_addr, tid, stack_base, name=None, priority=0, stack_setup=None, module_path='????', benign_code=False) → zelos.threads.Thread¶

change_thread_priority(thread_name, new_priority)¶: Change the priority of a thread

get_all_threads() → List[zelos.threads.Thread]¶: Returns all threads, whether active or stopped

get_thread_by_name(name: str) → Optional[zelos.threads.Thread]¶: Returns the first thread with the given name

get_thread(tid)¶

get_threads(names)¶: Returns threads that have a name within the given list. If names is None, returns all threads

get_child_threads(tid: int) → List[zelos.threads.Thread]¶: Returns all threads with the given parent name

swap_with_thread(name: Optional[str] = None, tid: Optional[int] = None) → None¶

Swaps the current thread with the first thread with the given name or thread id. Keep in mind, this will override the priority given to threads. You can only specify one of name or tid.

Parameters

name – If specified, finds a thread by the name
tid – If specified, finds a thread with that thread id

swap_with_next_thread() → None¶: Swaps the current thread with the next thread to execute. This respects priority, and will not swap if there is no thread of equal or greater priority

regs_to_save = ('eax', 'ebp', 'ebx', 'ecx', 'edi', 'edx', 'flags', 'eip', 'esi', 'esp')¶