static void
event_post_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
drsys_sysnum_t sysnum_full;
bool success = false;
const char *name;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_number(syscall, &sysnum_full) != DRMF_SUCCESS)
ASSERT(false, "drsys_get_sysnum failed");
ASSERT(sysnum == sysnum_full.number, "primary should match DR's num");
if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_name failed");
check_mcontext(drcontext);
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
if (drsys_cur_syscall_result(drcontext, &success, NULL, NULL) !=
DRMF_SUCCESS || !success) {
/* With the new early injector on Linux, we see access, open, + stat64 fail */
#ifdef WINDOWS
ASSERT(false, "no syscalls in this app should fail");
#endif
} else {
if (drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_memargs failed");
}
}
static void
event_post_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool success = false;
uint errno;
drmf_status_t res;
buf_info_t buf;
buf.sofar = 0;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_cur_syscall_result(drcontext, &success, NULL, &errno) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall_result failed");
if (success)
OUTPUT(&buf, " succeeded =>\n");
else
OUTPUT(&buf, " failed (error="IF_WINDOWS_ELSE(PIFX, "%d")") =>\n", errno);
res = drsys_iterate_args(drcontext, drsys_iter_arg_cb, &buf);
if (res != DRMF_SUCCESS && res != DRMF_ERROR_DETAILS_UNKNOWN)
ASSERT(false, "drsys_iterate_args failed post-syscall");
FLUSH_BUFFER(outf, buf.buf, buf.sofar);
}
static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool known;
drsys_param_type_t ret_type;
const char *name;
drmf_status_t res;
buf_info_t buf;
buf.sofar = 0;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_name failed");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS)
ASSERT(false, "failed to find whether known");
OUTPUT(&buf, "%s%s\n", name, known ? "" : " (details not all known)");
res = drsys_iterate_args(drcontext, drsys_iter_arg_cb, &buf);
if (res != DRMF_SUCCESS && res != DRMF_ERROR_DETAILS_UNKNOWN)
ASSERT(false, "drsys_iterate_args failed pre-syscall");
/* Flush prior to potentially waiting in the kernel */
FLUSH_BUFFER(outf, buf.buf, buf.sofar);
return true;
}
static void
event_post_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool success = false;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_succeeded(syscall, dr_syscall_get_result(drcontext), &success) !=
DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_succeeded failed");
OUTPUT(" %s =>\n", success ? "succeeded" : "failed");
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
}
static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
drsys_sysnum_t sysnum_full;
bool known;
drsys_param_type_t ret_type;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_number(syscall, &sysnum_full) != DRMF_SUCCESS)
ASSERT(false, "drsys_get_sysnum failed");
ASSERT(sysnum == sysnum_full.number, "primary should match DR's num");
if (verbose) {
const char *name;
drmf_status_t res = drsys_syscall_name(syscall, &name);
ASSERT(res == DRMF_SUCCESS && name != NULL, "drsys_syscall_name failed");
dr_fprintf(STDERR, "syscall %d.%d = %s\n", sysnum_full.number,
sysnum_full.secondary, name);
}
check_mcontext(drcontext);
if (drsys_syscall_return_type(syscall, &ret_type) != DRMF_SUCCESS ||
ret_type == DRSYS_TYPE_INVALID || ret_type == DRSYS_TYPE_UNKNOWN)
ASSERT(false, "failed to get syscall return type");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS || !known)
ASSERT(false, "no syscalls in this app should be unknown");
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
if (drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_memargs failed");
return true;
}
static bool
event_pre_syscall(void *drcontext, int sysnum)
{
drsys_syscall_t *syscall;
bool known;
drsys_param_type_t ret_type;
const char *name;
if (drsys_cur_syscall(drcontext, &syscall) != DRMF_SUCCESS)
ASSERT(false, "drsys_cur_syscall failed");
if (drsys_syscall_name(syscall, &name) != DRMF_SUCCESS)
ASSERT(false, "drsys_syscall_name failed");
if (drsys_syscall_is_known(syscall, &known) != DRMF_SUCCESS)
ASSERT(false, "failed to find whether known");
OUTPUT("%s%s\n", name, known ? "" : " (details not all known)");
if (drsys_iterate_args(drcontext, drsys_iter_arg_cb, NULL) != DRMF_SUCCESS)
ASSERT(false, "drsys_iterate_args failed");
return true;
}