Source code for libdebug.builtin.antidebug_syscall_handler

#
# This file is part of libdebug Python library (https://github.com/libdebug/libdebug).
# Copyright (c) 2024 Roberto Alessandro Bertolini, Gabriele Digregorio. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for details.
#

from libdebug.data.syscall_handler import SyscallHandler
from libdebug.liblog import liblog
from libdebug.ptrace.ptrace_constants import Commands
from libdebug.state.thread_context import ThreadContext


[docs] def on_enter_ptrace(t: ThreadContext, handler: SyscallHandler) -> None: """Callback for ptrace syscall onenter.""" handler._command = t.syscall_arg0 command = Commands(t.syscall_arg0) liblog.debugger(f"entered ptrace syscall with request: {command.name}")
[docs] def on_exit_ptrace(t: ThreadContext, handler: SyscallHandler) -> None: """Callback for ptrace syscall onexit.""" if handler._command is None: liblog.error("ptrace onexit called without corresponding onenter. This should not happen.") return match handler._command: case Commands.PTRACE_TRACEME: if not handler._traceme_called: handler._traceme_called = True t.syscall_return = 0 case _: liblog.error(f"ptrace syscall with request {handler._command} not supported")