-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathbpt_syscall_event.cpp
67 lines (57 loc) · 1.55 KB
/
bpt_syscall_event.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include <boost/foreach.hpp>
#include "bpt_events.hpp"
#include "bpt_bytes_io.hpp"
#include "bpt_visitor.hpp"
#include "bpt_bytes_io.hpp"
namespace bpt {
struct syscall_event::impl {
#ifdef _WIN32
static const int max_args = 9;
#else
static const int max_args = 6;
#endif
impl(THREADID t, const CONTEXT* ctx, SYSCALL_STANDARD std)
: tid(t)
, addr(PIN_GetContextReg(ctx, REG_INST_PTR))
, number(PIN_GetSyscallNumber(ctx, std))
, args(max_args) {
for (int i=0, I = args.size(); i < I; ++i) {
args[i] = PIN_GetSyscallArgument(ctx, std, i);
}
}
THREADID tid;
ADDRINT addr;
ADDRINT number;
std::vector<ADDRINT> args;
};
syscall_event::syscall_event(THREADID tid, const CONTEXT* ctx,
SYSCALL_STANDARD std)
: pimpl(new impl(tid, ctx, std)) {}
ADDRINT syscall_event::addr() const {
return pimpl->addr;
}
THREADID syscall_event::tid() const {
return pimpl->tid;
}
ADDRINT syscall_event::number() const {
return pimpl->addr;
}
const std::vector<ADDRINT>& syscall_event::args() const {
return pimpl->args;
}
void syscall_event::do_accept(visitor& out) const {
out.visit(*this);
}
std::ostream& syscall_event::operator<<(std::ostream& out) const {
out << "SYSCALL: " << this->tid() << " ";
io::pp_addr(out, this->addr());
out << " ";
io::pp_addr(out, this->number());
out << " ( ";
BOOST_FOREACH(ADDRINT addr, this->args()) {
io::pp_addr(out, addr) << " ";
}
out << ")";
return out;
}
} //namespace bpt