Ejemplo n.º 1
0
        if pp:
            ee |= e
    return ee

def filters(t):
    f = []
    for e, pp in _probes.iteritems():
        for p in pp:
            f += p.gen_filter(t)
    return f

if __name__ == "__main__":
    import symbol
    from probeexp import function_name, syscall_num, syscall_name, memory_size, process_id

    symbol.init("")

    @function_entry(function_name == "xxx")
    @function_entry(function_name == "fopen")
    def wrap_function_entry(env):
        print "Calling wrap_function_entry()"

    @function_exit()
    def wrap_function_exit(env):
        print "Calling wrap_function_exit()"

    @syscall_entry(syscall_name >> ["open", "close"])
    def wrap_syscall_entry(env):
        print "Calling wrap_syscall_entry()"

    @syscall_exit()
Ejemplo n.º 2
0
    return ee


def filters(t):
    f = []
    for e, pp in _probes.iteritems():
        for p in pp:
            f += p.gen_filter(t)
    return f


if __name__ == "__main__":
    import symbol
    from probeexp import function_name, syscall_num, syscall_name, memory_size, process_id

    symbol.init("")

    @function_entry(function_name == "xxx")
    @function_entry(function_name == "fopen")
    def wrap_function_entry(env):
        print "Calling wrap_function_entry()"

    @function_exit()
    def wrap_function_exit(env):
        print "Calling wrap_function_exit()"

    @syscall_entry(syscall_name >> ["open", "close"])
    def wrap_syscall_entry(env):
        print "Calling wrap_syscall_entry()"

    @syscall_exit()
Ejemplo n.º 3
0
def init(exe, tap, m):
    if not os.path.isfile(exe):
        raise Execfile("[!] Invalid executable (%s)" % exe)

    # init env, syms, and prototypes
    symbol.init(exe)
    env.init(m.read_reg, m.write_reg, m.read_mem, m.write_mem)

    mac = platform.machine()
    if mac == 'i686':
        ptr_size = 4
    elif mac == 'x86_64':
        ptr_size = 8
    else:
        assert False, "[!] Unknown machine '%s'" % mac

    prototype.init(["/usr/include"], ptr_size)

    if not os.path.isfile(tap):
        raise Execfail("[!] Invalid tap (%s)" % tap)

    # run the scripts
    execfile(tap, {
            "exe"  : exe,
            "tap"  : tap,
            "argv" : [exe],

            # probes
            "function_entry" : probe.function_entry,
            "function_exit"  : probe.function_exit,
            "syscall_entry"  : probe.syscall_entry,
            "syscall_exit"   : probe.syscall_exit,
            "memory_read"    : probe.memory_read,
            "memory_write"   : probe.memory_write,
            "memory_execute" : probe.memory_execute,

            # expressions
            "process_id"       : probeexp.process_id,
            "process_name"     : probeexp.process_name,
            "thread_id"        : probeexp.thread_id,
            "module_name"      : probeexp.module_name,
            "function_address" : probeexp.function_address,
            "function_name"    : probeexp.function_name,
            "memory_address"   : probeexp.memory_address,
            "memory_size"      : probeexp.memory_size,
            "memory_value"     : probeexp.memory_value,
            "syscall_num"      : probeexp.syscall_num,
            "syscall_name"     : probeexp.syscall_name,

            # symbols
            "module"  : symbol.get_module,
            "symbol"  : resolve,
            "syscall" : symbol.get_syscall,

            # prototypes
            "include"   : prototype.parse_header, 
            "prototype" : prototype.get_prototype, 
            "declare"   : prototype.set_prototype, 

            # exceptions
            "MissingPrototype": prototype.MissingPrototype
            })

    probe.show_probes()

    return probe.enabled_probes()