static int x86_int_0x80 (RAnalEsil *esil, int interrupt) {
int syscall;
ut64 eax, ebx, ecx, edx;
if (!esil || (interrupt != 0x80))
return false;
r_anal_esil_reg_read (esil, "eax", &eax, NULL);
r_anal_esil_reg_read (esil, "ebx", &ebx, NULL);
r_anal_esil_reg_read (esil, "ecx", &ecx, NULL);
r_anal_esil_reg_read (esil, "edx", &edx, NULL);
syscall = (int) eax;
switch (syscall) {
case 3:
{
char *dst = calloc (1, (size_t)edx);
(void)read ((ut32)ebx, dst, (size_t)edx);
r_anal_esil_mem_write (esil, ecx, (ut8 *)dst, (int)edx);
free (dst);
return true;
}
case 4:
{
char *src = malloc ((size_t)edx);
r_anal_esil_mem_read (esil, ecx, (ut8 *)src, (int)edx);
write ((ut32)ebx, src, (size_t)edx);
free (src);
return true;
}
}
eprintf ("syscall %d not implemented yet\n", syscall);
return false;
}
static bool bpf_int_exit(RAnalEsil *esil, ut32 interrupt, void *user) {
int syscall;
ut64 r0;
if (!esil || (interrupt != 0x0))
return false;
r_anal_esil_reg_read (esil, "R0", &r0, NULL);
if (r0 == 0) {
esil->anal->cb_printf ("; BPF result: DROP value: %d\n", (int)r0);
eprintf ("BPF result: DROP value: %d\n", (int)r0);
} else {
esil->anal->cb_printf ("; BPF result: ACCEPT value: %d\n", (int)r0);
eprintf ("BPF result: ACCEPT value: %d\n", (int)r0);
}
return true;
}
