[panda-users] Hook function by name
Giuseppe Laurenza
laurenza at diag.uniroma1.it
Thu Apr 12 21:48:28 EDT 2018
Ok, if it is not prossible to achieve that I try to create different
functions. Hoping it is enough
On Thu, Apr 12, 2018 at 9:43 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
wrote:
> I'm confused. If you have something like:
>
> libfi_add_callback("kernel32.dll", "CreateFileA", 1, 5, CreateFile_cb);
> libfi_add_callback("kernel32.dll", "OpenKeyA", 1, 5, OpenKey_cb);
>
> Then inside of CreateFile_cb you will presumably know that it came
> from kernel32.dll's CreateFile.
>
> Is the issue that you're trying to use the same callback function for
> multiple APIs? If so my advice is: don't do that. Register a different
> callback for each function you want to hook. If the logic of each
> callback is very similar, then the different functions can be thin
> wrappers around a common function, like:
>
> void my_common_callback(char *source) { ... }
>
> void CreateFile_cb(CPUState *env, target_ulong pc, uint8_t *arg) {
> my_common_callback("CreateFIle");
> }
>
> void OpenKey_cb(CPUState *env, target_ulong pc, uint8_t *arg) {
> my_common_callback("OpenKey");
> }
>
> On Thu, Apr 12, 2018 at 6:53 PM, Giuseppe Laurenza
> <laurenza at diag.uniroma1.it> wrote:
> > Dear Panda Users,
> > With libfi plugin, is possible to obtain dll and function names that
> cause the trigger? Example, I need to make a new hook after the first one,
> so I need function and library name to do that
> > Regards
>
>
>
> --
> Brendan Dolan-Gavitt
> Assistant Professor, Department of Computer Science and Engineering
> NYU Tandon School of Engineering
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20180412/87ce061f/attachment.html
More information about the panda-users
mailing list