Exemplo n.º 1
0
    def createText(self):
        value = self.value
        argtype = self.type
        name = self.name
        if not argtype or not name:
            return formatWordHex(self.value)

        syscall = self.function.name

        # Special cases
        try:
            return SYSCALL_ARG_DICT[syscall][name][value]
        except KeyError:
            pass
        try:
            callback = ARGUMENT_CALLBACK[syscall][name]
        except KeyError:
            callback = None
        if callback:
            return callback(value)
        if syscall == "execve":
            if name in ("argv", "envp"):
                return self.readCStringArray(value)
        if syscall == "socketcall":
            if name == "call":
                try:
                    return SOCKETCALL[value][0]
                except KeyError:
                    return str(value)
            if name == "args":
                func_call = FunctionCall("socketcall", self.options)
                setupSocketCall(func_call, self.function.process,
                                self.function[0], self.value)
                text = "<%s>" % func_call.format()
                return self.formatPointer(text, self.value)
        if syscall == "write" and name == "buf":
            fd = self.function[0].value
            if fd < 3:
                length = self.function[2].value
                return self.readString(value, length)
        if name == "signum":
            return signalName(value)
        if name in FILENAME_ARGUMENTS:
            return self.readCString(value)

        # Remove "const " prefix
        if argtype.startswith("const "):
            argtype = argtype[6:]

        # Format depending on the type
        if argtype.endswith("*"):
            try:
                text = self.formatValuePointer(argtype[:-1])
                if text:
                    return text
            except PTRACE_ERRORS, err:
                writeError(getLogger(), err, "Format argument value error")
                value = None
            return formatAddress(self.value)
Exemplo n.º 2
0
    def createText(self):
        value = self.value
        argtype = self.type
        name = self.name
        if not argtype or not name:
            return formatWordHex(self.value)

        syscall = self.function.name

        # Special cases
        try:
            return SYSCALL_ARG_DICT[syscall][name][value]
        except KeyError:
            pass
        try:
            callback = ARGUMENT_CALLBACK[syscall][name]
        except KeyError:
            callback = None
        if callback:
            return callback(value)
        if syscall == "execve":
            if name in ("argv", "envp"):
                return self.readCStringArray(value)
        if syscall == "socketcall":
            if name == "call":
                try:
                    return SOCKETCALL[value][0]
                except KeyError:
                    return str(value)
            if name == "args":
                func_call = FunctionCall("socketcall", self.options)
                setupSocketCall(func_call, self.function.process, self.function[0], self.value)
                text = "<%s>" % func_call.format()
                return self.formatPointer(text, self.value)
        if syscall == "write" and name == "buf":
            fd = self.function[0].value
            if fd < 3:
                length = self.function[2].value
                return self.readString(value, length)
        if name == "signum":
            return signalName(value)
        if name in FILENAME_ARGUMENTS:
            return self.readCString(value)

        # Remove "const " prefix
        if argtype.startswith("const "):
            argtype = argtype[6:]

        # Format depending on the type
        if argtype.endswith("*"):
            try:
                text = self.formatValuePointer(argtype[:-1])
                if text:
                    return text
            except PTRACE_ERRORS, err:
                writeError(getLogger(), err, "Format argument value error")
                value = None
            return formatAddress(self.value)
Exemplo n.º 3
0
 def __init__(self, process, options):
     FunctionCall.__init__(self, "syscall", options, SyscallArgument)
     self.process = process
     self.restype = "long"
     regs = process.getregs()
     self.readSyscall(regs)
     argument_values = self.readArgumentValues(regs)
     self.readArguments(argument_values)
     self.enter()
Exemplo n.º 4
0
 def __init__(self, process, options):
     FunctionCall.__init__(self, "syscall", options, SyscallArgument)
     self.process = process
     self.restype = "long"
     regs = process.getregs()
     self.readSyscall(regs)
     argument_values = self.readArgumentValues(regs)
     self.readArguments(argument_values)
     self.enter()
Exemplo n.º 5
0
 def __init__(self, process, options, regs=None):
     FunctionCall.__init__(self, "syscall", options, SyscallArgument)
     self.process = process
     self.restype = "long"
     self.result = None
     self.result_text = None
     self.instr_pointer = None
     if not regs:
         regs = self.process.getregs()
     self.readSyscall(regs)
Exemplo n.º 6
0
 def __init__(self, process, options, regs=None):
     FunctionCall.__init__(self, "syscall", options, SyscallArgument)
     self.process = process
     self.restype = "long"
     self.result = None
     self.result_text = None
     self.instr_pointer = None
     if not regs:
         regs = self.process.getregs()
     self.readSyscall(regs)
Exemplo n.º 7
0
    def createText(self):
        value = self.value
        argtype = self.type
        name = self.name
        if not argtype or not name:
            return formatWordHex(self.value)

        syscall = self.function.name

        # Special cases
        try:
            return SYSCALL_ARG_DICT[syscall][name][value]
        except KeyError:
            pass
        try:
            callback = ARGUMENT_CALLBACK[syscall][name]
        except KeyError:
            callback = None
        if callback:
            return callback(self)
        if syscall == "execve":
            if name in ("argv", "envp"):
                return self.readCStringArray(value)
        if syscall == "socketcall":
            if name == "call":
                try:
                    return SOCKETCALL[value]
                except KeyError:
                    return str(value)
            if name == "args":
                func_call = FunctionCall("socketcall", self.options)
                setupSocketCall(func_call, self.function.process,
                                self.function[0], self.value)
                text = "<%s>" % func_call.format()
                return self.formatPointer(text, self.value)
        if syscall == "write" and name == "buf":
            fd = self.function[0].value
            if fd < 3:
                length = self.function[2].value
                return self.readString(value, length)
        if name == "signum":
            return signalName(value)
        if name in DIRFD_ARGUMENTS and argtype == "int":
            return formatDirFd(uint2int(value))

        # Remove "const " prefix
        if argtype.startswith("const "):
            argtype = argtype[6:]

        if name in FILENAME_ARGUMENTS and argtype == "char *":
            return self.readCString(value)

        # Format depending on the type
        if argtype.endswith("*"):
            try:
                text = self.formatValuePointer(argtype[:-1])
                if text:
                    return text
            except PTRACE_ERRORS as err:
                writeError(getLogger(),
                           err,
                           "Warning: Format %r value error" % self,
                           log_level=INFO)
            return formatAddress(self.value)

        # Array like "int[2]"
        match = re.match("(.*)\[([0-9])+\]", argtype)
        if match:
            basetype = match.group(1)
            count = int(match.group(2))
            if basetype == "int":
                return self.readArray(self.value, c_int, count)

        # Simple types
        if argtype in ("unsigned int", "unsigned long", "u32"):
            return str(self.value)
        if argtype in INTEGER_TYPES:
            return str(uint2int(self.value))

        # Default formatter: hexadecimal
        return formatWordHex(self.value)
Exemplo n.º 8
0
    def createText(self):
        value = self.value
        argtype = self.type
        name = self.name
        if not argtype or not name:
            return formatWordHex(self.value)

        syscall = self.function.name

        # Special cases
        try:
            return SYSCALL_ARG_DICT[syscall][name][value]
        except KeyError:
            pass
        try:
            callback = ARGUMENT_CALLBACK[syscall][name]
        except KeyError:
            callback = None
        if callback:
            return callback(self)
        if syscall == "execve":
            if name in ("argv", "envp"):
                return self.readCStringArray(value)
        if syscall == "socketcall":
            if name == "call":
                try:
                    return SOCKETCALL[value]
                except KeyError:
                    return str(value)
            if name == "args":
                func_call = FunctionCall("socketcall", self.options)
                setupSocketCall(func_call, self.function.process, self.function[0], self.value)
                text = "<%s>" % func_call.format()
                return self.formatPointer(text, self.value)
        if syscall == "write" and name == "buf":
            fd = self.function[0].value
            if fd < 3:
                length = self.function[2].value
                return self.readString(value, length)
        if name == "signum":
            return signalName(value)
        if name in DIRFD_ARGUMENTS and argtype == "int":
            return formatDirFd(uint2int(value))

        # Remove "const " prefix
        if argtype.startswith("const "):
            argtype = argtype[6:]

        if name in FILENAME_ARGUMENTS and argtype == "char *":
            return self.readCString(value)

        # Format depending on the type
        if argtype.endswith("*"):
            try:
                text = self.formatValuePointer(argtype[:-1])
                if text:
                    return text
            except PTRACE_ERRORS as err:
                writeError(getLogger(), err, "Warning: Format %r value error" % self, log_level=INFO)
            return formatAddress(self.value)

        # Array like "int[2]"
        match = re.match("(.*)\[([0-9])+\]", argtype)
        if match:
            basetype = match.group(1)
            count = int(match.group(2))
            if basetype == "int":
                return self.readArray(self.value, c_int, count)

        # Simple types
        if argtype in ("unsigned int", "unsigned long", "u32"):
            return str(self.value)
        if argtype in INTEGER_TYPES:
            return str(uint2int(self.value))

        # Default formatter: hexadecimal
        return formatWordHex(self.value)