[panda-users] Extend plugin syscalls2
aicardi@eurecom.fr
aicardi at eurecom.fr
Fri Sep 29 08:58:44 EDT 2017
Hello everyone!
I am working on Windows7 32bit replays and I would like to monitor all
the Zw* system calls. I saw that with the syscalls2 plugin it's
possible to hook all the Nt* system calls and I would like to do the
same with the Zw* ones.
If I got it correctly, in gen_syscall_switch_enter_windows7_x86.cpp
there is a huge switch case that determines which system call has been
called based on the value of EAX (which contains the system call
number (?)).
Is it possible to do the same thing for the Zw* system calls?
Thank you in advance,
samaicardi
-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
More information about the panda-users
mailing list