I am currently working on parsing the output of Drakvuf (as part of the Drakvuf Sandbox), and I think it would be very useful if the syscall arguments would be returned in the same manner as the apimon plugin does, i.e., within a dict referenced by an "Arguments" key. For example
This would make modeling syscall entries using libraries such as Pydantic and msgpack much easier and more efficient, and would make integration with other tools (such as capa, which is what I am integrating Drakvuf with currently) much easier.
If the devs agree to this, I can also try to implement this suggestion myself.
tklengyel
commented
5 months ago
Hello,
I am currently working on parsing the output of Drakvuf (as part of the Drakvuf Sandbox), and I think it would be very useful if the syscall arguments would be returned in the same manner as the apimon plugin does, i.e., within a dict referenced by an "Arguments" key. For example
This would make modeling syscall entries using libraries such as Pydantic and msgpack much easier and more efficient, and would make integration with other tools (such as capa, which is what I am integrating Drakvuf with currently) much easier.
If the devs agree to this, I can also try to implement this suggestion myself.
Thanks!