Add a basic syscall tracer module to LogMaker

teambi0s / secREtary

The Reverse Engineering Assistant of your dreams

https://blog.bi0s.in

MIT License

29 stars 18 forks source link

Add a basic syscall tracer module to LogMaker #8

Open R3x opened 4 years ago

R3x commented 4 years ago

Basic syscall tracer module for our project.

[x] Hook syscalls and log them
[x] Store the address of the syscall
[x] Get the arguments (hopefully by getting an sense of the no of arguments for each syscall)
[ ] Find the address of the function if available
[ ] Sort syscalls - by the calling function

VivekKamisetty commented 4 years ago

strace.txt

VivekKamisetty commented 4 years ago

strace.txt

address of the syscall

R3x commented 4 years ago

What is this? @VivekKamisetty

VivekKamisetty commented 4 years ago

Addresses of the syscalls

VivekKamisetty commented 4 years ago

Addresses of the syscalls

Used pintool strace.so

R3x commented 4 years ago

A couple of things

When you want to share files please share via pastebin/gist.
If an entire file is not needed create a code snippet to show small parts
Tag me if you want me to notice faster.

Regarding this - I want you to write a tool from scratch which basically implements whatever I have mentioned above. It should be based on pin and you can use the strace thing you have used as reference.

R3x commented 4 years ago

I completed a few