def noop_current_syscall(pid): logging.debug('Nooping the current system call in pid: %s', pid) tracereplay.poke_register(pid, tracereplay.ORIG_EAX, 20) tracereplay.syscall(pid) next_syscall() skipping = tracereplay.peek_register(pid, tracereplay.ORIG_EAX) if skipping != 20: raise Exception('Nooping did not result in getpid exit. Got {}' .format(skipping)) tracereplay_globals.entering_syscall = False
def apply_return_conditions(pid, syscall_object): logging.debug('Applying return conditions') ret_val = syscall_object.ret[0] if syscall_object.ret[0] == -1 and syscall_object.ret[1] is not None: logging.debug('Got non-None errno value: %s', syscall_object.ret[1]) error_code = ERRNO_CODES[syscall_object.ret[1]] logging.debug('Looked up error number: %s', error_code) ret_val = -error_code logging.debug('Will return: %s instead of %s', ret_val, syscall_object.ret[0]) else: ret_val = cleanup_return_value(ret_val) logging.debug('Injecting return value %s', ret_val) tracereplay.poke_register(pid, tracereplay.EAX, ret_val)
def swap_trace_fd_to_execution_fd(pid, pos, syscall_object, params_addr=None): POS_TO_REG = { 0: tracereplay.EBX, 1: tracereplay.ECX, 2: tracereplay.EDX, 3: tracereplay.ESI, 4: tracereplay.EDI, } logging.debug('Cleaning up file descriptor at position: {}' .format(pos)) trace_fd = int(syscall_object.args[pos].value) looked_up_fd = fd_pair_for_trace_fd(trace_fd)['os_fd'] if params_addr: params = extract_socketcall_parameters(pid, params_addr, pos+1) execution_fd = params[pos] else: execution_fd = tracereplay.peek_register(pid, POS_TO_REG[pos]) logging.debug('Replacing old value (trace fd): {} with new value: {}' .format(execution_fd, looked_up_fd)) if params_addr: update_socketcall_paramater(pid, params_addr, pos, looked_up_fd) else: tracereplay.poke_register(pid, POS_TO_REG[pos], looked_up_fd)