def get_access_context(self, address):
if self.target_desc is None:
# PID 0 is kernel
return AccessContext(TranslateMechanism.PROCESS_PID,
addr=address,
pid=0)
else:
return AccessContext(TranslateMechanism.PROCESS_PID,
addr=address,
pid=self.target_desc.pid)
def get_syscall_name(self, rax):
# address of the pointer within the sys_call_table array
p_addr = self.sys_call_table_addr + (rax * VOID_P_SIZE)
# get the address of the procedure
addr = self.libvmi.read_addr_va(p_addr, 0)
# translate the address into a name
ctx = AccessContext(TranslateMechanism.PROCESS_PID)
return self.libvmi.translate_v2ksym(ctx, addr)
def get_access_context(self, address):
return AccessContext(TranslateMechanism.PROCESS_DTB,
addr=address,
dtb=self.get_dtb())
def get_access_context(self, address):
return AccessContext(TranslateMechanism.PROCESS_PID,
addr=address,
pid=self.target_desc.pid)
def test_invalid_pid(vmi):
ctx = AccessContext(TranslateMechanism.PROCESS_PID,
addr=0x8000000,
pid=0xfeedbeef)
with pytest.raises(OverflowError, message="invalid pid accepted"):
vmi.read(ctx, 8)