Class MacosX64InterruptorAgent

This class is the main part of tracing and parsing part. It provides every parts very specific to an architecture, an OS, ...

Hierarchy

Implements

Constructors

constructor

Properties

_do_ft _tids coverage? debug emulator filter_name filter_num followFork followThread hook hvc_hk interrupts irq_hk loadCtr modules onStart output pid ranges scope smc_hk svc_hk tid types uid FLAVOR_DXC FLAVOR_STRACE

Methods

_setupDelegateFilters configure formatLogLine getModuleList getSyscallError getSyscallList isTrackCoverage locatePC onHypervisorCall onSupervisorCall parseOptions parseRawArgs parseStruct parseValue prepareScope printStats processBbsCoverage setupBuiltinHook start startOnLoad trace traceSyscall traceSyscallRet

Constructors

constructor

Properties

_do_ft

_do_ft: any = null

_tids

_tids: number[] = []

Optional coverage

coverage?: CoverageAgent

debug

debug: DebugOptions = ...

emulator

emulator: boolean

filter_name

filter_name: string[] = []

filter_num

filter_num: string[] = []

followFork

followFork: boolean = false

followThread

followThread: boolean = false

hook

hook: InterruptorHooks = ...

hvc_hk

hvc_hk: any = {}

interrupts

interrupts: InterruptSignatureMap

irq_hk

irq_hk: any = {}

loadCtr

loadCtr: number = 0

modules

modules: Module[] = []

onStart

onStart: any = ...

To use with startOnLoad() A callback function executed when the modules specified in "startOnLoad" are loaded

Field

output

output: OutputOpts = ...

pid

pid: number = -1

PID of process to stalk, when followFork is enabled or on attach

Field

ranges

ranges: any = ...

scope

scope: ScopeMap

smc_hk

smc_hk: any = {}

svc_hk

svc_hk: any = {}

tid

tid: number = -1

types

types: any = {}

uid

uid: number = 0

Static FLAVOR_DXC

FLAVOR_DXC: string = "dxc"

Static FLAVOR_STRACE

FLAVOR_STRACE: string = "strace"

Methods

Protected _setupDelegateFilters

configure

formatLogLine

getModuleList

getSyscallError

  • To retrieve litteral ErrorCode from the numeric value inside a list of error code.

    Parameters

    • pErrRet: number

      Error code

    • pErrEnum: any[]

      The list of error codes

    Returns any

getSyscallList

isTrackCoverage

locatePC

onHypervisorCall

onSupervisorCall

parseOptions

parseRawArgs

parseStruct

  • To parse memory according to the structure defined by pFormat

    Parameters

    • pContext: any
    • pFormats: TypedData[]
    • pPointer: NativePointer
    • pSeparator: string = "\n"
    • pAlign: boolean = false

    Returns string

parseValue

prepareScope

printStats

processBbsCoverage

setupBuiltinHook

start

startOnLoad

trace

  • To setup "trace" hook is the current instruction is an interruption or follow immediately one.

    This function is called by Stalker's event listener for each instruction

    Parameters

    • pStalkerInterator: StalkerX86Iterator | StalkerArmIterator | StalkerThumbIterator | StalkerArm64Iterator

      The stalker iterator

    • pInstruction: any

      The current instruction

    • pExtra: any

      Some extra options

    Returns number

    Method

traceSyscall

  • Method executed before the syscall interruption if the syscall is not excluded.

    This method is responsible of argument parsing, and work as described below :

      1. read syscall number from a register according to @link{ SyscallCallingConvention }
      1. find description of corresponding syscall
      1. save the type of return value from description into hook context

    Parameters

    • pContext: any

      CPU context

    • pHookCfg: any = null

      Addition hook configuration

    Returns void

    Method

traceSyscallRet

  • Method executed AFTER the syscall interruption if the syscall is not excluded

    This method does several operations :

    • print the syscall trace
    • parse return value
    • process return value and correlating

    Parameters

    • pContext: any
    • pHookCfg: any = null

    Returns void

    Method

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc