[panda-users] Hook function by name
Brendan Dolan-Gavitt
brendandg at nyu.edu
Thu Apr 12 21:42:41 EDT 2018
I'm confused. If you have something like:
libfi_add_callback("kernel32.dll", "CreateFileA", 1, 5, CreateFile_cb);
libfi_add_callback("kernel32.dll", "OpenKeyA", 1, 5, OpenKey_cb);
Then inside of CreateFile_cb you will presumably know that it came
from kernel32.dll's CreateFile.
Is the issue that you're trying to use the same callback function for
multiple APIs? If so my advice is: don't do that. Register a different
callback for each function you want to hook. If the logic of each
callback is very similar, then the different functions can be thin
wrappers around a common function, like:
void my_common_callback(char *source) { ... }
void CreateFile_cb(CPUState *env, target_ulong pc, uint8_t *arg) {
my_common_callback("CreateFIle");
}
void OpenKey_cb(CPUState *env, target_ulong pc, uint8_t *arg) {
my_common_callback("OpenKey");
}
On Thu, Apr 12, 2018 at 6:53 PM, Giuseppe Laurenza
<laurenza at diag.uniroma1.it> wrote:
> Dear Panda Users,
> With libfi plugin, is possible to obtain dll and function names that cause the trigger? Example, I need to make a new hook after the first one, so I need function and library name to do that
> Regards
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
More information about the panda-users
mailing list