@memory_read()
def wrap_mem_read(env):
print "Calling wrap_mem_read()"
@memory_write(memory_size == 1)
def wrap_mem_write(env):
print "Calling wrap_mem_write()"
@function_exit((process_id == 20) & (function_name == "malloc"))
def wrap_function_exit2(env):
print "Calling wrap_function_exit2()"
show_probes()
e = event.function_entry(pid=20,
tid=15,
inst=0xbadbabe,
stack=0xdeadbeef,
funcaddr=0xcafebabe)
print "[*] Dispatching event %s" % e
run_probes(e, None)
e = event.syscall_entry(pid=20,
tid=15,
inst=0xbadbabe,
stack=0xdeadbeef,
sysno=18)
print "[*] Dispatching event %s" % e
run_probes(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
e = event.function_entry(pid=18,
tid=15,
module=None,
inst=None,
stack=None,
callee=None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
v = (process.id == 20) | (function.name == "malloc")
print "[*] Condition:", v
e = event.syscall_entry(pid=18,
tid=15,
module=None,
inst=None,
stack=None,
sysno=31337)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
@syscall_entry(syscall_name >> ["open", "close"])
def wrap_syscall_entry(env):
print "Calling wrap_syscall_entry()"
@syscall_exit()
def wrap_syscall_exit(env):
print "Calling wrap_syscall_exit()"
@memory_read()
def wrap_mem_read(env):
print "Calling wrap_mem_read()"
@memory_write(memory_size == 1)
def wrap_mem_write(env):
print "Calling wrap_mem_write()"
@function_exit((process_id == 20) & (function_name == "malloc"))
def wrap_function_exit2(env):
print "Calling wrap_function_exit2()"
show_probes()
e = event.function_entry(pid = 20, tid = 15, inst = 0xbadbabe, stack = 0xdeadbeef, funcaddr = 0xcafebabe)
print "[*] Dispatching event %s" % e
run_probes(e, None)
e = event.syscall_entry(pid = 20, tid = 15, inst = 0xbadbabe, stack = 0xdeadbeef, sysno = 18)
print "[*] Dispatching event %s" % e
run_probes(e, None)
print "[*] Condition:", v
print "[*] Filter:", v.generateFilter([])
####
e = event.function_entry(pid = 20, tid = 76, module = None, inst = None, stack = None, callee = None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
e = event.function_entry(pid = 18, tid = 15, module = None, inst = None, stack = None, callee = None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
v = (process.id == 20) | (function.name == "malloc")
print "[*] Condition:", v
e = event.syscall_entry(pid = 18, tid = 15, module = None, inst = None, stack = None, sysno = 31337)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
