def build_syscall_name_map(self):
# Its a bit difficult to know where the system call table ends, here we
# do something kind of risky and read as long as translate_v2ksym
# returns something that looks like a system call handler.
mapping = {}
for i in range(0, MAX_SYSTEM_CALL_COUNT):
p_addr = self.sys_call_table_addr + (i * VOID_P_SIZE)
try:
addr = self.libvmi.read_addr_va(p_addr, 0)
symbol = self.libvmi.translate_v2ksym(addr)
except LibvmiError as error:
logging.critical("Failed to build syscall name map")
raise error
else:
if symbol is not None:
mapping[symbol] = i
else:
break
return mapping
评论列表
文章目录
