Source code for libdebug.builtin.pretty_print_syscall_handler

#
# This file is part of libdebug Python library (https://github.com/libdebug/libdebug).
# Copyright (c) 2024 Roberto Alessandro Bertolini, Gabriele Digregorio. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for details.
#

from __future__ import annotations

from typing import TYPE_CHECKING

from libdebug.utils.print_style import PrintStyle
from libdebug.utils.syscall_utils import (
    resolve_syscall_arguments,
    resolve_syscall_name,
)

if TYPE_CHECKING:
    from libdebug.state.thread_context import ThreadContext


[docs] def pprint_on_enter(d: ThreadContext, syscall_number: int, **kwargs: int) -> None: """Function that will be called when a syscall is entered in pretty print mode. Args: d (ThreadContext): the thread context. syscall_number (int): the syscall number. **kwargs (bool): the keyword arguments. """ syscall_name = resolve_syscall_name(syscall_number) syscall_args = resolve_syscall_arguments(syscall_number) values = [ d.syscall_arg0, d.syscall_arg1, d.syscall_arg2, d.syscall_arg3, d.syscall_arg4, d.syscall_arg5, ] if "old_args" in kwargs: old_args = kwargs["old_args"] entries = [ f"{arg} = {PrintStyle.BRIGHT_YELLOW}0x{value:x}{PrintStyle.DEFAULT_COLOR}" if old_value == value else f"{arg} = {PrintStyle.BRIGHT_YELLOW}0x{old_value:x} -> {PrintStyle.BRIGHT_YELLOW}0x{value:x}{PrintStyle.DEFAULT_COLOR}" for arg, value, old_value in zip(syscall_args, values, old_args, strict=False) if arg is not None ] else: entries = [ f"{arg} = {PrintStyle.BRIGHT_YELLOW}0x{value:x}{PrintStyle.DEFAULT_COLOR}" for arg, value in zip(syscall_args, values, strict=False) if arg is not None ] hijacked = kwargs.get("hijacked", False) user_handled = kwargs.get("callback", False) if hijacked: print( f"{PrintStyle.RED}(user hijacked) {PrintStyle.STRIKE}{PrintStyle.BLUE}{syscall_name}{PrintStyle.DEFAULT_COLOR}({', '.join(entries)}){PrintStyle.RESET}", ) elif user_handled: print( f"{PrintStyle.RED}(callback) {PrintStyle.BLUE}{syscall_name}{PrintStyle.DEFAULT_COLOR}({', '.join(entries)}) = ", end="", ) else: print( f"{PrintStyle.BLUE}{syscall_name}{PrintStyle.DEFAULT_COLOR}({', '.join(entries)}) = ", end="", )
[docs] def pprint_on_exit(syscall_return: int | tuple[int, int]) -> None: """Function that will be called when a syscall is exited in pretty print mode. Args: syscall_return (int | list[int]): the syscall return value. """ if isinstance(syscall_return, tuple): print( f"{PrintStyle.YELLOW}{PrintStyle.STRIKE}0x{syscall_return[0]:x}{PrintStyle.RESET} {PrintStyle.YELLOW}0x{syscall_return[1]:x}{PrintStyle.RESET}", ) else: print(f"{PrintStyle.YELLOW}0x{syscall_return:x}{PrintStyle.RESET}")