static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool known;
drsys_param_type_t ret_type;
const char *name;
drmf_status_t res;
buf_info_t buf;
buf.sofar = 0;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_name failed");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS)
ASSERT(false, "failed to find whether known");
OUTPUT(&buf, "%s%s\n", name, known ? "" : " (details not all known)");
res = drsys_iterate_args(drcontext, drsys_iter_arg_cb, &buf);
if (res != DRMF_SUCCESS && res != DRMF_ERROR_DETAILS_UNKNOWN)
ASSERT(false, "drsys_iterate_args failed pre-syscall");
/* Flush prior to potentially waiting in the kernel */
FLUSH_BUFFER(outf, buf.buf, buf.sofar);
return true;
}
static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
drsys_sysnum_t sysnum_full;
bool known;
drsys_param_type_t ret_type;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_number(syscall, &sysnum_full) != DRMF_SUCCESS)
ASSERT(false, "drsys_get_sysnum failed");
ASSERT(sysnum == sysnum_full.number, "primary should match DR's num");
if (verbose) {
const char *name;
drmf_status_t res = drsys_syscall_name(syscall, &name);
ASSERT(res == DRMF_SUCCESS && name != NULL, "drsys_syscall_name failed");
dr_fprintf(STDERR, "syscall %d.%d = %s\n", sysnum_full.number,
sysnum_full.secondary, name);
}
check_mcontext(drcontext);
if (drsys_syscall_return_type(syscall, &ret_type) != DRMF_SUCCESS ||
ret_type == DRSYS_TYPE_INVALID || ret_type == DRSYS_TYPE_UNKNOWN)
ASSERT(false, "failed to get syscall return type");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS || !known)
ASSERT(false, "no syscalls in this app should be unknown");
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
if (drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_memargs failed");
return true;
}
static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool known;
drsys_param_type_t ret_type;
const char *name;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_name failed");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS)
ASSERT(false, "failed to find whether known");
OUTPUT("%s%s\n", name, known ? "" : " (details not all known)");
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
return true;
}
static void
test_static_queries(void)
{
drsys_syscall_t *syscall;
drsys_sysnum_t num = {4,4};
drmf_status_t res;
bool known;
drsys_syscall_type_t type;
drsys_param_type_t ret_type;
const char *name = "bogus";
#ifdef WINDOWS
res = drsys_name_to_syscall("NtContinue", &syscall);
#else
res = drsys_name_to_syscall("fstatfs", &syscall);
#endif
ASSERT(res == DRMF_SUCCESS, "drsys_name_to_syscall failed");
res = drsys_syscall_number(syscall, &num);
ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_syscall_number failed");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS || !known)
ASSERT(false, "syscall should be known");
if (drsys_syscall_type(syscall, &type) != DRMF_SUCCESS ||
type != DRSYS_SYSCALL_TYPE_KERNEL)
ASSERT(false, "syscall type wrong");
if (drsys_syscall_return_type(syscall, &ret_type) != DRMF_SUCCESS ||
ret_type == DRSYS_TYPE_INVALID || ret_type == DRSYS_TYPE_UNKNOWN)
ASSERT(false, "failed to get syscall return type");
#ifdef WINDOWS
/* test Zw variant */
num.secondary = 4;
if (drsys_name_to_syscall("ZwContinue", &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_name_to_syscall failed");
res = drsys_syscall_number(syscall, &num);
ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_name_to_syscall failed");
/* test not found */
res = drsys_name_to_syscall("NtContinueBogus", &syscall);
ASSERT(res == DRMF_ERROR_NOT_FOUND, "drsys_name_to_syscall should have failed");
/* test secondary */
if (drsys_name_to_syscall("NtUserCallOneParam.RELEASEDC", &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_name_to_syscall failed");
res = drsys_syscall_number(syscall, &num);
ASSERT(res == DRMF_SUCCESS && num.secondary > 0, "drsys_syscall_number failed");
if (drsys_name_to_syscall("RELEASEDC", &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_name_to_syscall failed");
res = drsys_syscall_number(syscall, &num);
ASSERT(res == DRMF_SUCCESS && num.secondary > 0, "drsys_syscall_number failed");
#else
/* test not found */
res = drsys_name_to_syscall("fstatfr", &syscall);
ASSERT(res == DRMF_ERROR_NOT_FOUND, "drsys_name_to_syscall should have failed");
#endif
/* Test number to name.
* i#1692: We choose syscall 1 because on WOW64 syscall 0 has some upper bits
* set. As a result num.number = 0 assert fails.
*/
num.number = 1;
num.secondary = 0;
if (drsys_number_to_syscall(num, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_number_to_syscall failed");
res = drsys_syscall_name(syscall, &name);
ASSERT(res == DRMF_SUCCESS && name != NULL, "drsys_syscall_name failed");
#ifdef WINDOWS
/* test secondary number to name, in particular where secondary==0 */
if (drsys_name_to_syscall("NtUserCallNoParam.CREATEMENU", &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_name_to_syscall failed");
res = drsys_syscall_number(syscall, &num);
ASSERT(res == DRMF_SUCCESS && num.secondary == 0, "drsys_syscall_number failed");
if (drsys_number_to_syscall(num, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_number_to_syscall failed");
res = drsys_syscall_name(syscall, &name);
ASSERT(res == DRMF_SUCCESS && strcmp(name, "NtUserCallNoParam.CREATEMENU") == 0,
"drsys_syscall_name failed");
#endif
}
