long EventPostSyscall::getReturnValue() const
{
MachRegisterVal syscallReturnValue;
Process::const_ptr proc = getProcess();
Thread::const_ptr thrd = getThread();
thrd->getRegister(MachRegister::getSyscallReturnValueReg(proc->getArchitecture()), syscallReturnValue);
return syscallReturnValue;
}
Address EventSyscall::getAddress() const
{
MachRegisterVal pc;
Process::const_ptr proc = getProcess();
Thread::const_ptr thrd = getThread();
thrd->getRegister(MachRegister::getPC(proc->getArchitecture()), pc);
return pc;
}
long EventSyscall::getSyscallNumber() const
{
MachRegisterVal syscallNumber;
Process::const_ptr proc = getProcess();
Thread::const_ptr thrd = getThread();
thrd->getRegister(MachRegister::getSyscallNumberReg(proc->getArchitecture()), syscallNumber);
return syscallNumber;
}
MachSyscall makeFromEvent(const EventSyscall * ev)
{
Process::const_ptr proc = ev->getProcess();
Architecture arch = proc->getArchitecture();
OSType os = proc->getOS();
Platform plat(arch,os);
MachSyscall::SyscallIDPlatform syscallNumber = ev->getSyscallNumber();
#if !defined(os_windows)
MachSyscall::SyscallName syscallName = MachSyscall::nameLookup(plat, syscallNumber);
#else
MachSyscall::SyscallName syscallName = "Unknown";
#endif
return MachSyscall(plat, syscallNumber, syscallName);
}