<div><div dir="auto">Ok, if it is not prossible to achieve that I try to create different functions. Hoping it is enough </div><br><div class="gmail_quote"><div>On Thu, Apr 12, 2018 at 9:43 PM Brendan Dolan-Gavitt <<a href="mailto:brendandg@nyu.edu">brendandg@nyu.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm confused. If you have something like:<br>
<br>
libfi_add_callback("kernel32.dll", "CreateFileA", 1, 5, CreateFile_cb);<br>
libfi_add_callback("kernel32.dll", "OpenKeyA", 1, 5, OpenKey_cb);<br>
<br>
Then inside of CreateFile_cb you will presumably know that it came<br>
from kernel32.dll's CreateFile.<br>
<br>
Is the issue that you're trying to use the same callback function for<br>
multiple APIs? If so my advice is: don't do that. Register a different<br>
callback for each function you want to hook. If the logic of each<br>
callback is very similar, then the different functions can be thin<br>
wrappers around a common function, like:<br>
<br>
void my_common_callback(char *source) { ... }<br>
<br>
void CreateFile_cb(CPUState *env, target_ulong pc, uint8_t *arg) {<br>
my_common_callback("CreateFIle");<br>
}<br>
<br>
void OpenKey_cb(CPUState *env, target_ulong pc, uint8_t *arg) {<br>
my_common_callback("OpenKey");<br>
}<br>
<br>
On Thu, Apr 12, 2018 at 6:53 PM, Giuseppe Laurenza<br>
<<a href="mailto:laurenza@diag.uniroma1.it" target="_blank">laurenza@diag.uniroma1.it</a>> wrote:<br>
> Dear Panda Users,<br>
> With libfi plugin, is possible to obtain dll and function names that cause the trigger? Example, I need to make a new hook after the first one, so I need function and library name to do that<br>
> Regards<br>
<br>
<br>
<br>
-- <br>
Brendan Dolan-Gavitt<br>
Assistant Professor, Department of Computer Science and Engineering<br>
NYU Tandon School of Engineering<br>
</blockquote></div></div>