libintrovirt v0.57.4
IntroVirt introspection library
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | List of all members
introvirt::SystemCallEvent Class Referenceabstract

Interface for system call events. More...

#include <SystemCallEvent.hh>

Inheritance diagram for introvirt::SystemCallEvent:
Inheritance graph
[legend]

Public Member Functions

virtual FastCallType instruction () const =0
 Get the type of fast system call instruction.
 
virtual SystemCallhandler ()=0
 Gets the associated system call handler with this event.
 
virtual const SystemCallhandler () const =0
 Gets the associated system call handler with this event.
 
virtual std::string name () const =0
 Get a string represenatation of the system call name.
 
virtual uint64_t raw_index () const =0
 Get the system call number executed.
 
virtual void hook_return (bool enabled)=0
 Instruct that the system call's return should be hooked.
 
virtual bool hook_return () const =0
 Check if the return is set to be hooked.
 
virtual uint64_t return_address () const =0
 Get the address where the system call will return.
 
virtual SystemCallEventImpl & impl ()=0
 Used internally.
 
virtual ~SystemCallEvent ()=default
 Destroy the instance.
 

Protected Member Functions

 SystemCallEvent ()=default
 

Detailed Description

Interface for system call events.

Methods related to fast system call events. This only applies to SYSCALL/SYSRET and SYSENTER/SYSEXIT.

Software interrupt based system calls are not yet handled.

Constructor & Destructor Documentation

◆ ~SystemCallEvent()

virtual introvirt::SystemCallEvent::~SystemCallEvent ( )
virtualdefault

Destroy the instance.

◆ SystemCallEvent()

introvirt::SystemCallEvent::SystemCallEvent ( )
protecteddefault

Member Function Documentation

◆ handler() [1/2]

virtual const SystemCall * introvirt::SystemCallEvent::handler ( ) const
pure virtual

Gets the associated system call handler with this event.

This is set by the OS library (i.e., libwintrovirt). It can return nullptr if the underlying system call is not supported.

Returns
The system call handler, or nullptr if the call is unsupported.

Implemented in introvirt::windows::WindowsSystemCallEvent.

◆ handler() [2/2]

virtual SystemCall * introvirt::SystemCallEvent::handler ( )
pure virtual

Gets the associated system call handler with this event.

This is set by the OS library (i.e., libwintrovirt). It can return nullptr if the underlying system call is not supported.

Returns
The system call handler, or nullptr if the call is unsupported.

Implemented in introvirt::windows::WindowsSystemCallEvent.

◆ hook_return() [1/2]

virtual bool introvirt::SystemCallEvent::hook_return ( ) const
pure virtual

Check if the return is set to be hooked.

Returns
True if hook_return is set

◆ hook_return() [2/2]

virtual void introvirt::SystemCallEvent::hook_return ( bool  enabled)
pure virtual

Instruct that the system call's return should be hooked.

Parameters
enabledIf true, the return of this event will be hooked

◆ impl()

virtual SystemCallEventImpl & introvirt::SystemCallEvent::impl ( )
pure virtual

Used internally.

◆ instruction()

virtual FastCallType introvirt::SystemCallEvent::instruction ( ) const
pure virtual

Get the type of fast system call instruction.

Returns
The type of instruction that was executed to perform a fast system call (or return)

◆ name()

virtual std::string introvirt::SystemCallEvent::name ( ) const
pure virtual

Get a string represenatation of the system call name.

◆ raw_index()

virtual uint64_t introvirt::SystemCallEvent::raw_index ( ) const
pure virtual

Get the system call number executed.

Returns
The value of the RAX register when the system call was executed

◆ return_address()

virtual uint64_t introvirt::SystemCallEvent::return_address ( ) const
pure virtual

Get the address where the system call will return.

Returns
uint64_t
The documentation for this class was generated from the following file: