From 48390ffabbc19a29c196878548029248316083a6 Mon Sep 17 00:00:00 2001 From: Maciej Babinski Date: Fri, 21 Dec 2018 13:01:17 -0600 Subject: [PATCH] Gracefully handle unknown system calls. --- plasma/lib/arch/x86/int80.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/plasma/lib/arch/x86/int80.py b/plasma/lib/arch/x86/int80.py index ea52070..2318889 100644 --- a/plasma/lib/arch/x86/int80.py +++ b/plasma/lib/arch/x86/int80.py @@ -17,6 +17,8 @@ # along with this program. If not, see . # +from collections import defaultdict + from capstone.x86 import (X86_REG_EBX, X86_REG_ECX, X86_REG_EDX, X86_REG_ESI, X86_INS_INT, X86_OP_IMM, X86_REG_AL, X86_REG_AX, X86_REG_EAX, X86_REG_RAX, X86_REG_BL, X86_REG_CL, X86_REG_DL, X86_REG_BX, @@ -57,7 +59,7 @@ # http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html -SYSCALL = { +SYSCALL_DATA = { 1: {"name": "exit", "args_type": [ARG_INT]}, # 2: {"name": "fork", "args_type": ['struct pt_regs']}, 2: {"name": "fork", "args_type": []}, @@ -241,6 +243,10 @@ 190: {"name": "vfork", "args_type": ['struct pt_regs']}, } +def SYSCALL(no): + if no not in SYSCALL_DATA: + SYSCALL_DATA[no] = {"name": "SYS%d" % no, "args_type": []} + return SYSCALL_DATA[no] def reg_write(inst, reg_id): @@ -292,11 +298,11 @@ def read_block(ctx, blk): inline_comm[inst.address] = "?" continue - inline_comm[inst.address] = SYSCALL[sysnum]["name"] + "(" + inline_comm[inst.address] = SYSCALL(sysnum)["name"] + "(" # Search values for each args, otherwise print the register - args_type = SYSCALL[sysnum]["args_type"] + args_type = SYSCALL(sysnum)["args_type"] for j in range(len(args_type)): idx_wr_reg = search_backward(blk, i, ARGS_ORDER[j])