void setup_linux(drakvuf_t drakvuf, syscalls* s)
{
s->offsets = (size_t*)g_try_malloc0(__PT_REGS_MAX*sizeof(size_t));
if ( !s->offsets )
throw -1;
for ( int i=0; i<__PT_REGS_MAX; i++ )
if ( !drakvuf_get_kernel_struct_member_rva(drakvuf, "pt_regs", linux_pt_regs_names[i], &s->offsets[i]) )
throw -1;
addr_t _text;
if ( !drakvuf_get_kernel_symbol_rva(drakvuf, "_text", &_text) )
throw -1;
addr_t syscall64;
if ( !drakvuf_get_kernel_symbol_rva(drakvuf, "do_syscall_64", &syscall64) )
throw -1;
addr_t kaslr = s->kernel_base - _text;
drakvuf_trap_t* trap = g_slice_new0(drakvuf_trap_t);
struct wrapper* w = g_slice_new0(struct wrapper);
w->s = s;
trap->breakpoint.lookup_type = LOOKUP_PID;
trap->breakpoint.pid = 0;
trap->breakpoint.addr_type = ADDR_VA;
trap->breakpoint.addr = syscall64 + kaslr;
trap->breakpoint.module = "linux";
trap->type = BREAKPOINT;
trap->cb = linux_cb;
trap->data = w;
trap->ttl = drakvuf_get_limited_traps_ttl(drakvuf);
trap->ah_cb = nullptr;
if ( drakvuf_add_trap(drakvuf, trap) )
s->traps = g_slist_prepend(s->traps, trap);
else
{
free_trap(trap);
throw -1;
}
}
🌱 Back to Garden