static bool event_pre_syscall(void *drcontext, int sysnum) { drsys_syscall_t *syscall; bool known; drsys_param_type_t ret_type; const char *name; drmf_status_t res; buf_info_t buf; buf.sofar = 0; if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_cur_syscall failed"); if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS) ASSERT(false, "drsys_syscall_name failed"); if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS) ASSERT(false, "failed to find whether known"); OUTPUT(&buf, "%s%s\n", name, known ? "" : " (details not all known)"); res = drsys_iterate_args(drcontext, drsys_iter_arg_cb, &buf); if (res != DRMF_SUCCESS && res != DRMF_ERROR_DETAILS_UNKNOWN) ASSERT(false, "drsys_iterate_args failed pre-syscall"); /* Flush prior to potentially waiting in the kernel */ FLUSH_BUFFER(outf, buf.buf, buf.sofar); return true; }
static bool event_pre_syscall(void *drcontext, int sysnum) { drsys_syscall_t *syscall; drsys_sysnum_t sysnum_full; bool known; drsys_param_type_t ret_type; if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_cur_syscall failed"); if (drsys_syscall_number(syscall, &sysnum_full) != DRMF_SUCCESS) ASSERT(false, "drsys_get_sysnum failed"); ASSERT(sysnum == sysnum_full.number, "primary should match DR's num"); if (verbose) { const char *name; drmf_status_t res = drsys_syscall_name(syscall, &name); ASSERT(res == DRMF_SUCCESS && name != NULL, "drsys_syscall_name failed"); dr_fprintf(STDERR, "syscall %d.%d = %s\n", sysnum_full.number, sysnum_full.secondary, name); } check_mcontext(drcontext); if (drsys_syscall_return_type(syscall, &ret_type) != DRMF_SUCCESS || ret_type == DRSYS_TYPE_INVALID || ret_type == DRSYS_TYPE_UNKNOWN) ASSERT(false, "failed to get syscall return type"); if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS || !known) ASSERT(false, "no syscalls in this app should be unknown"); if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS) ASSERT(false, "drsys_iterate_args failed"); if (drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, NULL) != DRMF_SUCCESS) ASSERT(false, "drsys_iterate_memargs failed"); return true; }
static bool event_pre_syscall(void *drcontext, int sysnum) { drsys_syscall_t *syscall; bool known; drsys_param_type_t ret_type; const char *name; if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_cur_syscall failed"); if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS) ASSERT(false, "drsys_syscall_name failed"); if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS) ASSERT(false, "failed to find whether known"); OUTPUT("%s%s\n", name, known ? "" : " (details not all known)"); if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS) ASSERT(false, "drsys_iterate_args failed"); return true; }
static void test_static_queries(void) { drsys_syscall_t *syscall; drsys_sysnum_t num = {4,4}; drmf_status_t res; bool known; drsys_syscall_type_t type; drsys_param_type_t ret_type; const char *name = "bogus"; #ifdef WINDOWS res = drsys_name_to_syscall("NtContinue", &syscall); #else res = drsys_name_to_syscall("fstatfs", &syscall); #endif ASSERT(res == DRMF_SUCCESS, "drsys_name_to_syscall failed"); res = drsys_syscall_number(syscall, &num); ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_syscall_number failed"); if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS || !known) ASSERT(false, "syscall should be known"); if (drsys_syscall_type(syscall, &type) != DRMF_SUCCESS || type != DRSYS_SYSCALL_TYPE_KERNEL) ASSERT(false, "syscall type wrong"); if (drsys_syscall_return_type(syscall, &ret_type) != DRMF_SUCCESS || ret_type == DRSYS_TYPE_INVALID || ret_type == DRSYS_TYPE_UNKNOWN) ASSERT(false, "failed to get syscall return type"); #ifdef WINDOWS /* test Zw variant */ num.secondary = 4; if (drsys_name_to_syscall("ZwContinue", &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_name_to_syscall failed"); res = drsys_syscall_number(syscall, &num); ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_name_to_syscall failed"); /* test not found */ res = drsys_name_to_syscall("NtContinueBogus", &syscall); ASSERT(res == DRMF_ERROR_NOT_FOUND, "drsys_name_to_syscall should have failed"); /* test secondary */ if (drsys_name_to_syscall("NtUserCallOneParam.RELEASEDC", &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_name_to_syscall failed"); res = drsys_syscall_number(syscall, &num); ASSERT(res == DRMF_SUCCESS && num.secondary > 0, "drsys_syscall_number failed"); if (drsys_name_to_syscall("RELEASEDC", &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_name_to_syscall failed"); res = drsys_syscall_number(syscall, &num); ASSERT(res == DRMF_SUCCESS && num.secondary > 0, "drsys_syscall_number failed"); #else /* test not found */ res = drsys_name_to_syscall("fstatfr", &syscall); ASSERT(res == DRMF_ERROR_NOT_FOUND, "drsys_name_to_syscall should have failed"); #endif /* Test number to name. * i#1692: We choose syscall 1 because on WOW64 syscall 0 has some upper bits * set. As a result num.number = 0 assert fails. */ num.number = 1; num.secondary = 0; if (drsys_number_to_syscall(num, &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_number_to_syscall failed"); res = drsys_syscall_name(syscall, &name); ASSERT(res == DRMF_SUCCESS && name != NULL, "drsys_syscall_name failed"); #ifdef WINDOWS /* test secondary number to name, in particular where secondary==0 */ if (drsys_name_to_syscall("NtUserCallNoParam.CREATEMENU", &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_name_to_syscall failed"); res = drsys_syscall_number(syscall, &num); ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_syscall_number failed"); if (drsys_number_to_syscall(num, &syscall) != DRMF_SUCCESS) ASSERT(false, "drsys_number_to_syscall failed"); res = drsys_syscall_name(syscall, &name); ASSERT(res == DRMF_SUCCESS && strcmp(name, "NtUserCallNoParam.CREATEMENU") == 0, "drsys_syscall_name failed"); #endif }