示例#1
0
文件: event.C 项目: aiaxun/patharmor 
long EventPostSyscall::getReturnValue() const
{
    MachRegisterVal syscallReturnValue;
    Process::const_ptr proc = getProcess();
    Thread::const_ptr thrd = getThread();
    thrd->getRegister(MachRegister::getSyscallReturnValueReg(proc->getArchitecture()), syscallReturnValue);
    return syscallReturnValue;
}
示例#2
0
文件: event.C 项目: aiaxun/patharmor 
Address EventSyscall::getAddress() const
{
    MachRegisterVal pc;
    Process::const_ptr proc = getProcess();
    Thread::const_ptr thrd = getThread();
    thrd->getRegister(MachRegister::getPC(proc->getArchitecture()), pc);
    return pc;
}
示例#3
0
文件: event.C 项目: aiaxun/patharmor 
long EventSyscall::getSyscallNumber() const
{
    MachRegisterVal syscallNumber;
    Process::const_ptr proc = getProcess();
    Thread::const_ptr thrd = getThread();
    thrd->getRegister(MachRegister::getSyscallNumberReg(proc->getArchitecture()), syscallNumber);
    return syscallNumber;
}
示例#4
0
MachSyscall makeFromEvent(const EventSyscall * ev)
{
    Process::const_ptr proc = ev->getProcess();
    Architecture arch = proc->getArchitecture();
    OSType os = proc->getOS();
    Platform plat(arch,os);
    MachSyscall::SyscallIDPlatform syscallNumber = ev->getSyscallNumber();
#if !defined(os_windows)
    MachSyscall::SyscallName syscallName = MachSyscall::nameLookup(plat, syscallNumber);
#else
    MachSyscall::SyscallName syscallName = "Unknown";
#endif
    return MachSyscall(plat, syscallNumber, syscallName);
}