/* for tasks unrelated to shadowing that are common to all tools */
bool
os_shared_pre_syscall(void *drcontext, cls_syscall_t *pt, drsys_sysnum_t sysnum,
dr_mcontext_t *mc, drsys_syscall_t *syscall)
{
bool res = true;
switch (sysnum.number) {
case SYS_close: {
/* DRi#357 has DR isolating our files for us, so nothing to do here anymore */
break;
}
case SYS_execve: {
handle_pre_execve(drcontext);
break;
}
case SYS_clone: {
handle_clone(drcontext, mc);
break;
}
case SYS_prctl: {
handle_pre_prctl(drcontext, mc);
break;
}
}
return res;
}
void
handle_event(Event *event) {
if (exiting == 1) {
exiting = 2;
debug(1, "ltrace about to exit");
ltrace_exiting();
}
debug(DEBUG_FUNCTION, "handle_event(pid=%d, type=%d)",
event->proc ? event->proc->pid : -1, event->type);
/* If the thread group or an individual task define an
overriding event handler, give them a chance to kick in.
We will end up calling both handlers, if the first one
doesn't sink the event. */
if (event->proc != NULL) {
event = call_handler(event->proc, event);
if (event == NULL)
/* It was handled. */
return;
/* Note: the previous handler has a chance to alter
* the event. */
if (event->proc != NULL
&& event->proc->leader != NULL
&& event->proc != event->proc->leader) {
event = call_handler(event->proc->leader, event);
if (event == NULL)
return;
}
}
switch (event->type) {
case EVENT_NONE:
debug(1, "event: none");
return;
case EVENT_SIGNAL:
debug(1, "event: signal (%s [%d])",
shortsignal(event->proc, event->e_un.signum),
event->e_un.signum);
handle_signal(event);
return;
case EVENT_EXIT:
debug(1, "event: exit (%d)", event->e_un.ret_val);
handle_exit(event);
return;
case EVENT_EXIT_SIGNAL:
debug(1, "event: exit signal (%s [%d])",
shortsignal(event->proc, event->e_un.signum),
event->e_un.signum);
handle_exit_signal(event);
return;
case EVENT_SYSCALL:
debug(1, "event: syscall (%s [%d])",
sysname(event->proc, event->e_un.sysnum),
event->e_un.sysnum);
handle_syscall(event);
return;
case EVENT_SYSRET:
debug(1, "event: sysret (%s [%d])",
sysname(event->proc, event->e_un.sysnum),
event->e_un.sysnum);
handle_sysret(event);
return;
case EVENT_ARCH_SYSCALL:
debug(1, "event: arch_syscall (%s [%d])",
arch_sysname(event->proc, event->e_un.sysnum),
event->e_un.sysnum);
handle_arch_syscall(event);
return;
case EVENT_ARCH_SYSRET:
debug(1, "event: arch_sysret (%s [%d])",
arch_sysname(event->proc, event->e_un.sysnum),
event->e_un.sysnum);
handle_arch_sysret(event);
return;
case EVENT_CLONE:
case EVENT_VFORK:
debug(1, "event: clone (%u)", event->e_un.newpid);
handle_clone(event);
return;
case EVENT_EXEC:
debug(1, "event: exec()");
handle_exec(event);
return;
case EVENT_BREAKPOINT:
debug(1, "event: breakpoint");
handle_breakpoint(event);
return;
case EVENT_NEW:
debug(1, "event: new process");
handle_new(event);
return;
default:
fprintf(stderr, "Error! unknown event?\n");
exit(1);
}
}
