| Top | |
|
|
|
| void * | (*GTSyscallFunc) () |
| void | (*GTSysretFunc) () |
| GTLoop * | gt_loop_new () |
| GTOSType | gt_loop_get_ostype () |
| gboolean | gt_loop_set_cb () |
| gboolean | gt_loop_set_cbs () |
| void | gt_loop_run () |
| void | gt_loop_quit () |
| void | gt_loop_free () |
void * (*GTSyscallFunc) (vmi_instance_t vmi,vmi_event_t *event,vmi_pid_t pid,gt_tid_t tid,void *user_data);
Specifies one of the two types of functions passed to gt_loop_set_cb().
The guestrace event loop invokes this callback each time a program running
on the guest invokes the corresponding system call. Implementations can
optionally return a pointer which the guestrace event loop will later pass
to the corresponding GTSysretFunc after the system call returns.
vmi |
the libvmi instance which abstracts the guest. |
|
event |
the event which abstracts the system call which caused the guestrace event loop to invoke this function. |
|
pid |
the ID of the process running when the event occurred. |
|
tid |
the unique ID of the thread running within the current process. |
|
user_data |
optional data which might have been passed to the
corresponding |
void (*GTSysretFunc) (vmi_instance_t vmi,vmi_event_t *event,vmi_pid_t pid,gt_tid_t tid,void *user_data);
Specifies one of the two types of functions passed to gt_loop_set_cb().
The guestrace event loop invokes this callback each time a system call on
the guest returns control to a program. It is the responsibility of each
GTSysretFunc implementation to free user_data
if the corresponding
GTSyscallFunc returned a pointer to a dynamically-allocated object.
vmi |
the libvmi instance which abstracts the guest. |
|
event |
the event which abstracts the system return which caused the guestrace event loop to invoke this function. |
|
pid |
the ID of the process running when the event occurred. |
|
tid |
the unique ID of the thread running within the current process. |
|
user_data |
the return value from GTSyscallFunc which the guestrace event loop passes to GTSysretFunc. |
gboolean gt_loop_set_cb (GTLoop *loop,const char *kernel_func,GTSyscallFunc syscall_cb,GTSysretFunc sysret_cb,void *user_data);
Sets the callback functions associated with kernel_func
. Each time
processing a system call in the guest kernel calls kernel_func
,
The loop will invoke syscall_cb
with the parameters associated with the
call. When kernel_func
returns, the loop will invoke sysret_cb
.
loop |
a GTLoop. |
|
kernel_func |
the name of a function in the traced kernel which implements a system call. |
|
syscall_cb |
a GTSyscallFunc which will handle the named system call. |
|
sysret_cb |
a GTSysretFunc which will handle returns from the named system call. |
|
user_data |
optional data which the guestrace event loop will pass to each call of |
gboolean gt_loop_set_cbs (GTLoop *loop,const GTSyscallCallback callbacks[]);
A convenience function which repeatedly invoke gt_loop_set_cb for each
callback defined in syscalls
. The syscalls
array must be terminated with
an GTSyscallCallback with each field set to NULL.
loop |
a GTLoop. |
|
syscalls |
an array of GTSyscallCallback values, where each contains a function name and corresponding GTSyscallFunc and GTSysretFunc. |
void
gt_loop_run (GTLoop *loop);
Uses libvmi to complete the preparations necessary to trace a guest's system
calls. Runs loop
until gt_loop_quit() is called on loop
.
void
gt_loop_quit (GTLoop *loop);
Stops loop
from running. Any calls to gt_loop_run() for the loop will return.
This removes any modifications to the guest's memory and allows the guest
to run without instrumentation.
void
gt_loop_free (GTLoop *loop);
Free loop
and its associated memory. If the loop is currently running, then
gt_loop_quit() must first terminate the loop and remove the guest
instrumentation.