Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A hooking API allows you to define callbacks on top of the system calls you intercept #25

Open
qth1991 opened this issue Aug 22, 2018 · 3 comments
Open

A hooking API allows you to define callbacks on top of the system calls you intercept #25

qth1991 opened this issue Aug 22, 2018 · 3 comments

Comments

@qth1991
Copy link

qth1991 commented Aug 22, 2018

Hi, I can only get “event” and “name” now,How can we get hook ?
This is my
my

Here is your
yy
@Wenzel
Copy link
Member

Wenzel commented Aug 22, 2018

Did you modified the syscall.hook dict while in the callback ?
Look at the example.

@Wenzel
Copy link
Member

Wenzel commented Aug 24, 2018
edited

Use define_hook:
https://github.com/KVM-VMI/nitro/blob/master/nitro/backends/backend.py#L80

define a callback and pass it to this method.

def callback(syscall, backend):
    ...




    self.nitro.backend.define_hook('NtOpenFile', callback)

@Wenzel
Copy link
Member

Wenzel commented Aug 27, 2018

You can try to remove the definition of the hook, this will intercept all syscalls.
Check if you have NtOpenFile in one of them.

Otherwise you need to investigate by yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Wenzel @qth1991