[panda-users] Logging a new message in win7proc
Bridgey theGeek
bridgeythegeek at gmail.com
Sun Apr 24 11:18:59 EDT 2016
Hi PANDAs,
I've added the functionality to Syscalls2 so that it now understands
NtUserCreateWindowEx.
I'm now trying to add to win7proc so that it's also reported in the log
file this plugin produces.
In win7proc.cpp I've added:
void w7p_NtUserCreateWindowEx_enter(CPUState* env,
target_ulong pc,
uint32_t dwExStyle,
uint32_t lpClassName,
uint32_t lpWindowName,
uint32_t dwStyle,
int32_t x,
int32_t y,
int32_t nWidth,
int32_t nHeight,
uint32_t hWndParent,
uint32_t hInstance,
target_ulong lpParam) {
Panda__LogEntry ple = PANDA__LOG_ENTRY__INIT;
ple.has_nt_any_syscall = 1;
ple.nt_any_syscall = 6969;
pandalog_write_entry(&ple);
And this works. If I replay with the win7proc plugin, when a window is
created I see:
instr=419644049 pc=0x778370b2 : nt_any_syscall (num=6969)
Of course what I'd like to be able to report is some helpful metadata like
the process name, the fact that it's NtUserCreateWindowEx and ideally the
value of lpClassName and lpWindowName.
But I just can't quite follow the logic to see how Panda__LogEntry works.
Can somebody give me a quick explanation..?
Thank you!
Bridgey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20160424/b93bd116/attachment.html
More information about the panda-users
mailing list