Documentation ¶
Overview ¶
Package syscallinfo allows to access syscalls information.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultContextHandler = ContextHandler{}
DefaultContextHandler is the default context handler used by syscallinfo. It defines a basic handler for each specific context.
Functions ¶
func Handle ¶
func Handle(ctx Context, h HandlerFunc)
Handle assigns a HandlerFunc to a context within the DefaultContextHandler.
Example ¶
package main import ( "fmt" "github.com/jroimartin/syscallinfo" "github.com/jroimartin/syscallinfo/linux_386" ) func main() { syscallinfo.Handle(syscallinfo.CtxFD, func(n uint64) (string, error) { return fmt.Sprintf("FD(%d)", n), nil }) r := syscallinfo.NewResolver(linux_386.SyscallTable) sc, err := r.SyscallN(3) if err != nil { return } scc, err := syscallinfo.NewSyscallCall(sc, 4, 1, 2, 3) if err != nil { return } fmt.Println(scc) }
Output: read(FD(1), 0x00000002, 0x00000003) = 0x00000004
Types ¶
type Argument ¶
type Argument struct { // RefCount is the level of indirection. RefCount int // Sig is the signature of the argument (type and name). Sig string // Context specifies under which context this argument is used. Context Context }
Argument represents a syscall argument.
type Context ¶
type Context int
Context gives information about how a syscall argument or return value is used. For instance, it specifies if an argument is a file descriptor.
func (*Context) UnmarshalJSON ¶
UnmarshalJSON implements JSON unmarshaling for context.
type ContextHandler ¶
type ContextHandler map[Context]HandlerFunc
A ContextHandler is map that links contexts with handlers.
func (ContextHandler) Handle ¶
func (ch ContextHandler) Handle(ctx Context, h HandlerFunc)
Handle assigns a HandlerFunc to a context within a context handler.
type HandlerFunc ¶
HandlerFunc is a function that implements how a value must be contextualized.
type OutputOption ¶
type OutputOption int
OutputOption allow to configure the output type.
const ( // OutRet makes the ret value to be printed. OutRet OutputOption = 1 << iota )
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
A Resolver allows to access information from a given syscall table.
func NewResolver ¶
func NewResolver(tbl SyscallTable) Resolver
NewResolver returns a syscall resolver for the specified syscall table.
func (Resolver) SyscallEntry ¶
SyscallEntry returns a Syscall object which entry point matches the provided one.
type Syscall ¶
type Syscall struct { // Num is the number of the syscall. Num int // Name is the user-readable name of the syscall. Name string // Entry is the entry point of the syscall (function name). Entry string // Context is specifies under which context the syscall's return value is // used. Context Context // Args is a slice containing all the syscall's argurments. Args []Argument }
A Syscall contains information about a syscall in a way that is OS and arch independent.
type SyscallCall ¶
type SyscallCall struct {
// contains filtered or unexported fields
}
A SyscallCall represents a call to a syscall, with its own return value, arguments and context handler.
func NewSyscallCall ¶
func NewSyscallCall(sc Syscall, ret uint64, args ...uint64) (*SyscallCall, error)
NewSyscallCall returns a reference to a new SyscallCall object. The number of provided arguments must be greater or equal to the number of arguments required by the syscall.
Example ¶
package main import ( "fmt" "github.com/jroimartin/syscallinfo" "github.com/jroimartin/syscallinfo/linux_386" ) func main() { r := syscallinfo.NewResolver(linux_386.SyscallTable) sc, err := r.SyscallN(3) if err != nil { return } scc, err := syscallinfo.NewSyscallCall(sc, 4, 1, 2, 3) if err != nil { return } fmt.Println(scc) }
Output: read(1, 0x00000002, 0x00000003) = 0x00000004
func (*SyscallCall) Output ¶
func (scc *SyscallCall) Output(opts OutputOption) (string, error)
Output returns a string with the representation of the call.
func (*SyscallCall) SetContextHandler ¶
func (scc *SyscallCall) SetContextHandler(ch ContextHandler)
SetContextHandler allows to set a custom ContextHandler to a SyscallCall object.
func (*SyscallCall) String ¶
func (scc *SyscallCall) String() string
String returns a string with the representation of the call plus the return value. An empty string is returned on error.
func (*SyscallCall) Syscall ¶
func (scc *SyscallCall) Syscall() Syscall
Syscall returns the syscall corresponding to the SyscallCall.
type SyscallTable ¶
A SyscallTable contains the information about the syscalls of a specific OS.