示例#1
0
const char *aulookup_syscall(llist *l, char *buf, size_t size)
{
	const char *sys;

	if (report_format <= RPT_DEFAULT) {
		snprintf(buf, size, "%d", l->s.syscall);
		return buf;
	}
	machine = audit_elf_to_machine(l->s.arch);
	if (machine < 0)
		return Q;
	sys = audit_syscall_to_name(l->s.syscall, machine);
	if (sys) {
		const char *func = NULL;
		if (strcmp(sys, "socketcall") == 0) {
			if (list_find_item(l, AUDIT_SYSCALL))
				func = aulookup_socketcall((long)l->cur->a0);
		} else if (strcmp(sys, "ipc") == 0) {
			if(list_find_item(l, AUDIT_SYSCALL))
				func = aulookup_ipccall((long)l->cur->a0);
		}
		if (func) {
			snprintf(buf, size, "%s(%s)", sys, func);
			return buf;
		}
		return sys;
	}
	snprintf(buf, size, "%d", l->s.syscall);
	return buf;
}
示例#2
0
static void print_syscall(const char *val)
{
	const char *sys;
	int ival;

	if (machine < 0) 
		machine = audit_detect_machine();
	if (machine < 0) {
		printf("%s ", val);
		return;
	}
	errno = 0;
	ival = strtoul(val, NULL, 10);
	if (errno) {
		printf("conversion error(%s) ", val);
		return;
	}
	
	sys = audit_syscall_to_name(ival, machine);
	if (sys) {
		const char *func = NULL;
		if (strcmp(sys, "socketcall") == 0)
			func = aulookup_socketcall((long)a0);
		else if (strcmp(sys, "ipc") == 0)
			func = aulookup_ipccall((long)a0);
		if (func)
			printf("%s(%s) ", sys, func);
		else
			printf("%s ", sys);
	}
	else
		printf("unknown syscall(%s) ", val);
}