if pp: ee |= e return ee def filters(t): f = [] for e, pp in _probes.iteritems(): for p in pp: f += p.gen_filter(t) return f if __name__ == "__main__": import symbol from probeexp import function_name, syscall_num, syscall_name, memory_size, process_id symbol.init("") @function_entry(function_name == "xxx") @function_entry(function_name == "fopen") def wrap_function_entry(env): print "Calling wrap_function_entry()" @function_exit() def wrap_function_exit(env): print "Calling wrap_function_exit()" @syscall_entry(syscall_name >> ["open", "close"]) def wrap_syscall_entry(env): print "Calling wrap_syscall_entry()" @syscall_exit()
return ee def filters(t): f = [] for e, pp in _probes.iteritems(): for p in pp: f += p.gen_filter(t) return f if __name__ == "__main__": import symbol from probeexp import function_name, syscall_num, syscall_name, memory_size, process_id symbol.init("") @function_entry(function_name == "xxx") @function_entry(function_name == "fopen") def wrap_function_entry(env): print "Calling wrap_function_entry()" @function_exit() def wrap_function_exit(env): print "Calling wrap_function_exit()" @syscall_entry(syscall_name >> ["open", "close"]) def wrap_syscall_entry(env): print "Calling wrap_syscall_entry()" @syscall_exit()
def init(exe, tap, m): if not os.path.isfile(exe): raise Execfile("[!] Invalid executable (%s)" % exe) # init env, syms, and prototypes symbol.init(exe) env.init(m.read_reg, m.write_reg, m.read_mem, m.write_mem) mac = platform.machine() if mac == 'i686': ptr_size = 4 elif mac == 'x86_64': ptr_size = 8 else: assert False, "[!] Unknown machine '%s'" % mac prototype.init(["/usr/include"], ptr_size) if not os.path.isfile(tap): raise Execfail("[!] Invalid tap (%s)" % tap) # run the scripts execfile(tap, { "exe" : exe, "tap" : tap, "argv" : [exe], # probes "function_entry" : probe.function_entry, "function_exit" : probe.function_exit, "syscall_entry" : probe.syscall_entry, "syscall_exit" : probe.syscall_exit, "memory_read" : probe.memory_read, "memory_write" : probe.memory_write, "memory_execute" : probe.memory_execute, # expressions "process_id" : probeexp.process_id, "process_name" : probeexp.process_name, "thread_id" : probeexp.thread_id, "module_name" : probeexp.module_name, "function_address" : probeexp.function_address, "function_name" : probeexp.function_name, "memory_address" : probeexp.memory_address, "memory_size" : probeexp.memory_size, "memory_value" : probeexp.memory_value, "syscall_num" : probeexp.syscall_num, "syscall_name" : probeexp.syscall_name, # symbols "module" : symbol.get_module, "symbol" : resolve, "syscall" : symbol.get_syscall, # prototypes "include" : prototype.parse_header, "prototype" : prototype.get_prototype, "declare" : prototype.set_prototype, # exceptions "MissingPrototype": prototype.MissingPrototype }) probe.show_probes() return probe.enabled_probes()