IntroVirt/SystemCallEvent_8hh_source.html

/*

 * Copyright 2021 Assured Information Security, Inc.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *         http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once


#include <introvirt/core/fwd.hh>


#include <cstdint>

#include <string>


namespace introvirt {


enum class FastCallType {

    FASTCALL_SYSCALL,

    FASTCALL_SYSRET,

    FASTCALL_SYSENTER,

    FASTCALL_SYSEXIT,

    FASTCALL_UNKNOWN

};


class SystemCallEventImpl;


class SystemCallEvent {

  public:

    virtual FastCallType instruction() const = 0;


    virtual SystemCall* handler() = 0;


    virtual const SystemCall* handler() const = 0;


    virtual std::string name() const = 0;


    virtual uint64_t raw_index() const = 0;


    virtual void hook_return(bool enabled) = 0;


    virtual bool hook_return() const = 0;


    virtual uint64_t return_address() const = 0;


    virtual SystemCallEventImpl& impl() = 0;


    virtual ~SystemCallEvent() = default;


  protected:

    SystemCallEvent() = default;

};


const std::string& to_string(FastCallType type);


std::ostream& operator<<(std::ostream& os, FastCallType type);


} // namespace introvirt

introvirt::SystemCallEvent
Interface for system call events.
Definition SystemCallEvent.hh:46

introvirt::SystemCallEvent::raw_index
virtual uint64_t raw_index() const =0
Get the system call number executed.

introvirt::SystemCallEvent::SystemCallEvent
SystemCallEvent()=default

introvirt::SystemCallEvent::impl
virtual SystemCallEventImpl & impl()=0
Used internally.

introvirt::SystemCallEvent::handler
virtual SystemCall * handler()=0
Gets the associated system call handler with this event.

introvirt::SystemCallEvent::hook_return
virtual bool hook_return() const =0
Check if the return is set to be hooked.

introvirt::SystemCallEvent::return_address
virtual uint64_t return_address() const =0
Get the address where the system call will return.

introvirt::SystemCallEvent::~SystemCallEvent
virtual ~SystemCallEvent()=default
Destroy the instance.

introvirt::SystemCallEvent::handler
virtual const SystemCall * handler() const =0
Gets the associated system call handler with this event.

introvirt::SystemCallEvent::instruction
virtual FastCallType instruction() const =0
Get the type of fast system call instruction.

introvirt::SystemCallEvent::name
virtual std::string name() const =0
Get a string represenatation of the system call name.

introvirt::SystemCallEvent::hook_return
virtual void hook_return(bool enabled)=0
Instruct that the system call's return should be hooked.

introvirt::SystemCall
Definition SystemCall.hh:31

fwd.hh

introvirt
Core IntroVirt classes.
Definition Cr0.hh:20

introvirt::to_string
const std::string & to_string(OS)

introvirt::FastCallType
FastCallType
Enum class describing the type of fast system call.
Definition SystemCallEvent.hh:28

introvirt::FastCallType::FASTCALL_SYSRET
@ FASTCALL_SYSRET

introvirt::FastCallType::FASTCALL_SYSENTER
@ FASTCALL_SYSENTER

introvirt::FastCallType::FASTCALL_UNKNOWN
@ FASTCALL_UNKNOWN

introvirt::FastCallType::FASTCALL_SYSEXIT
@ FASTCALL_SYSEXIT

introvirt::FastCallType::FASTCALL_SYSCALL
@ FASTCALL_SYSCALL

introvirt::operator<<
std::ostream & operator<<(std::ostream &, OS)