diff options
-rw-r--r-- | SystemCalls.py | 138 | ||||
-rw-r--r-- | SystemCalls_constants.py | 1340 |
2 files changed, 741 insertions, 737 deletions
diff --git a/SystemCalls.py b/SystemCalls.py index f47caf0..d1388a3 100644 --- a/SystemCalls.py +++ b/SystemCalls.py @@ -5,7 +5,7 @@ The system call ABI from the following link are supported. http://esec-lab.sogeti.com/post/2011/07/05/Linux-syscall-ABI - + by n0p """ @@ -27,20 +27,14 @@ import ida_segment from SystemCalls_constants import * - class SystemCallView(Choose2): def __init__(self, systemCalls): self.systemCalls = systemCalls - Choose2.__init__(self, - "System call", - [ ["Address", 13], - ["Type", 10], - ["Number", 10], - ["Name", 20], - ["Pointer Size", 12] ]) + Choose2.__init__(self, 'System call', [['Address', 13], ['Type', 10], [ + 'Number', 10], ['Name', 20], ['Pointer Size', 12]]) self.items = list() @@ -59,7 +53,8 @@ class SystemCallView(Choose2): self.systemCalls.searchSystemCalls() end = time.time() - print ("[*] It took {} seconds to discover the system calls.".format(end-start)) + print ('[*] It took {} seconds to discover the system calls.' % + (end - start)) self.items = list() @@ -67,44 +62,41 @@ class SystemCallView(Choose2): if len(self.systemCalls.x86) != 0: for faddr in self.systemCalls.x86.iterkeys(): - calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86[faddr], x86SystemCalls) + calls = self.systemCalls.getSystemCallNumber( + self.systemCalls.x86[faddr], x86SystemCalls) for call in calls: try: - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - "0x%03X" % int(call[2]), - x86SystemCalls[int(call[2])], - "32bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[call[1]], + '0x%03X' % int(call[2]), + x86SystemCalls[int(call[2])], '32bit']) except: # No hex system call number found. - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - str(call[2]), - "", - "32bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[ + call[1]], str(call[2]), '', '32bit']) if len(self.systemCalls.x86_64) != 0: for faddr in self.systemCalls.x86_64.iterkeys(): - calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86_64[faddr], x86_64SystemCalls) + calls = self.systemCalls.getSystemCallNumber( + self.systemCalls.x86_64[faddr], x86_64SystemCalls) for call in calls: try: - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - "0x%03X" % int(call[2]), - x86_64SystemCalls[int(call[2])], - "64bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[call[1]], + '0x%03X' % int(call[2]), + x86_64SystemCalls[int(call[2])], '64bit']) except: # No hex system call number found. - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - str(call[2]), - "", - "64bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[ + call[1]], str(call[2]), '', '64bit']) end = time.time() - print ("[*] It took {} seconds to analyze the system calls.".format(end-start)) + print ('[*] It took {} seconds to analyze the system calls.' % + (end - start)) - self.items.sort(key=lambda tup:tup[0]) + self.items.sort(key=lambda tup: tup[0]) def OnClose(self): pass @@ -112,7 +104,7 @@ class SystemCallView(Choose2): def OnCommand(self, n, cmd_id): if cmd_id == self.cmd_nop: start_ea = int(self.items[n][0], 16) - end_ea = start_ea+ItemSize(start_ea) + end_ea = start_ea + ItemSize(start_ea) self.nop_items.append(self.items[n][0]) @@ -123,7 +115,7 @@ class SystemCallView(Choose2): if not len(self.items) > 0: return -1 - if self.items[n][3] == "": + if self.items[n][3] == '': # No system call number found => display red icon. return 59 else: @@ -152,12 +144,12 @@ class SystemCallView(Choose2): self.initialized = True self.__fillView() - if self.Show() < 0: return False + if self.Show() < 0: + return False - if self.cmd_nop == None: - self.cmd_nop = self.AddCommand("NOP system call", - flags = idaapi.CHOOSER_POPUP_MENU, - icon=50) + if self.cmd_nop is None: + self.cmd_nop = self.AddCommand( + 'NOP system call', flags=idaapi.CHOOSER_POPUP_MENU, icon=50) return True @@ -185,11 +177,14 @@ class SystemCall(): def __init__(self): # Init miasm stuff. - if guess_machine != None: + if guess_machine is not None: self.machine = guess_machine() - self.mn, self.dis_engine, self.ira = self.machine.mn, self.machine.dis_engine, self.machine.ira + self.mn = self.machine.mn + self.dis_engine = self.machine.dis_engine + self.ira = self.machine.ira - self.mdis = self.dis_engine(bin_stream_ida(), dont_dis_nulstart_bloc=True) + self.mdis = self.dis_engine( + bin_stream_ida(), dont_dis_nulstart_bloc=True) self.ir_arch = self.ira(self.mdis.symbol_pool) # Populate symbols with ida names @@ -208,22 +203,22 @@ class SystemCall(): def __getSystemCallNumberByComment(self, addr, scstrings): cmt = idc.Comment(addr) - if cmt and cmt.startswith("LINUX - "): + if cmt and cmt.startswith('LINUX - '): try: - return scstrings.index(cmt.replace("LINUX - ", "")) + return scstrings.index(cmt.replace('LINUX - ', '')) except: return None - def getSystemCallNumber(self, func, scstrings): """ Get the value of rax/eax at the time of the system call. """ sol = list() - # Get the analysis results from IDA, by reading IDA's comments at system calls. + # Get the analysis results from IDA, by reading IDA's comments at + # system calls. calls = set() - + for call in func.calls: number = self.__getSystemCallNumberByComment(call.addr, scstrings) @@ -233,8 +228,9 @@ class SystemCall(): func.calls -= calls - # Just proceed with depgraph if IDA detected a function and miasm had been imported. - if not func.f or guess_machine == None: + # Just proceed with depgraph if IDA detected a function and miasm had + # been imported. + if not func.f or guess_machine is not None: for call in func.calls: sol.append([call.addr, call.sctype, '']) return sol @@ -255,7 +251,7 @@ class SystemCall(): # Check if addr is in a basic block without an entry. if len(self.ir_arch.getby_offset(addr)) == 0: - fc = qflow_chart_t("", func.f, BADADDR, BADADDR, FC_PREDS) + fc = qflow_chart_t('', func.f, BADADDR, BADADDR, FC_PREDS) try: # Iterate through all basic blocks. @@ -280,8 +276,8 @@ class SystemCall(): # Get dependency graphs dg = DependencyGraph(self.ir_arch, follow_call=False) - graphs = dg.get(cur_label, self.elements, line_nb, - set([self.ir_arch.symbol_pool.getby_offset(func.f.startEA)])) + graphs = dg.get(cur_label, self.elements, line_nb, set( + [self.ir_arch.symbol_pool.getby_offset(func.f.startEA)])) while 1: try: @@ -310,16 +306,19 @@ class SystemCall(): arch[faddr].f = f def __findCalls(self, seg, sbytes, slength, sctype, arch): - addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) while addr != BADADDR: - if ( ida_bytes.get_item_head(addr) == addr - and ida_bytes.get_item_size(addr) == slength): + if (ida_bytes.get_item_head(addr) == addr and + ida_bytes.get_item_size(addr) == slength): self.__addCall(addr, sctype, arch) - addr = ida_search.find_binary(addr+1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + addr + 1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) - addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) def searchSystemCalls(self): """ Looks for 'int 80', 'sysenter', 'syscall' and 'gs:[10h]' system calls. @@ -331,19 +330,19 @@ class SystemCall(): # Check if segment is executable if seg.perm & 1: # int 80h. Just on 32bit. - self.__findCalls(seg, "CD 80", 2, 0, self.x86) + self.__findCalls(seg, 'CD 80', 2, 0, self.x86) # sysenter. Just on 32bit. - self.__findCalls(seg, "0F 34", 2, 1, self.x86) + self.__findCalls(seg, '0F 34', 2, 1, self.x86) # syscall. 32bit just on AMD. 64bit on AMD and Intel. if ida_idp.ph.flag & ida_idp.PR_USE64: - self.__findCalls(seg, "0F 05", 2, 2, self.x86_64) + self.__findCalls(seg, '0F 05', 2, 2, self.x86_64) else: - self.__findCalls(seg, "0F 05", 2, 2, self.x86) + self.__findCalls(seg, '0F 05', 2, 2, self.x86) # gs:[10h]. Just on 32bit. - self.__findCalls(seg, "65 FF 15 10 00 00 00", 7, 3, self.x86) + self.__findCalls(seg, '65 FF 15 10 00 00 00', 7, 3, self.x86) seg = ida_segment.get_next_seg(seg.startEA) @@ -353,17 +352,17 @@ class SystemCall(): class SystemCallPlugin_t(idaapi.plugin_t): flags = 0 - comment = "" - help = "" - wanted_name = "System Calls" - wanted_hotkey = "" + comment = '' + help = '' + wanted_name = 'System Calls' + wanted_hotkey = '' def init(self): global systemCalls if idaapi.ph_get_id() == idaapi.PLFM_386: # Check if already initialized - if not 'systemCalls' in globals(): + if 'systemCalls' not in globals(): systemCalls = SystemCall() return idaapi.PLUGIN_KEEP @@ -379,5 +378,6 @@ class SystemCallPlugin_t(idaapi.plugin_t): if 'systemCalls' in globals(): del globals()['systemCalls'] + def PLUGIN_ENTRY(): return SystemCallPlugin_t() diff --git a/SystemCalls_constants.py b/SystemCalls_constants.py index 4083060..8f31cbd 100644 --- a/SystemCalls_constants.py +++ b/SystemCalls_constants.py @@ -1,671 +1,675 @@ -systemCallTypes = ["int 80h", "sysenter", "syscall", "gs:[10h]"] +systemCallTypes = ['int 80h', 'sysenter', 'syscall', 'gs:[10h]'] # Taken from /usr/include/asm/unistd_32.h at Arch Linux i686 3.16.3-1. -x86SystemCalls = ["sys_restart_syscall", - "sys_exit", - "sys_fork", - "sys_read", - "sys_write", - "sys_open", - "sys_close", - "sys_waitpid", - "sys_creat", - "sys_link", - "sys_unlink", - "sys_execve", - "sys_chdir", - "sys_time", - "sys_mknod", - "sys_chmod", - "sys_lchown", - "sys_break", - "sys_oldstat", - "sys_lseek", - "sys_getpid", - "sys_mount", - "sys_umount", - "sys_setuid", - "sys_getuid", - "sys_stime", - "sys_ptrace", - "sys_alarm", - "sys_oldfstat", - "sys_pause", - "sys_utime", - "sys_stty", - "sys_gtty", - "sys_access", - "sys_nice", - "sys_ftime", - "sys_sync", - "sys_kill", - "sys_rename", - "sys_mkdir", - "sys_rmdir", - "sys_dup", - "sys_pipe", - "sys_times", - "sys_prof", - "sys_brk", - "sys_setgid", - "sys_getgid", - "sys_signal", - "sys_geteuid", - "sys_getegid", - "sys_acct", - "sys_umount2", - "sys_lock", - "sys_ioctl", - "sys_fcntl", - "sys_mpx", - "sys_setpgid", - "sys_ulimit", - "sys_oldolduname", - "sys_umask", - "sys_chroot", - "sys_ustat", - "sys_dup2", - "sys_getppid", - "sys_getpgrp", - "sys_setsid", - "sys_sigaction", - "sys_sgetmask", - "sys_ssetmask", - "sys_setreuid", - "sys_setregid", - "sys_sigsuspend", - "sys_sigpending", - "sys_sethostname", - "sys_setrlimit", - "sys_getrlimit", - "sys_getrusage", - "sys_gettimeofday", - "sys_settimeofday", - "sys_getgroups", - "sys_setgroups", - "sys_select", - "sys_symlink", - "sys_oldlstat", - "sys_readlink", - "sys_uselib", - "sys_swapon", - "sys_reboot", - "sys_readdir", - "sys_mmap", - "sys_munmap", - "sys_truncate", - "sys_ftruncate", - "sys_fchmod", - "sys_fchown", - "sys_getpriority", - "sys_setpriority", - "sys_profil", - "sys_statfs", - "sys_fstatfs", - "sys_ioperm", - "sys_socketcall", - "sys_syslog", - "sys_setitimer", - "sys_getitimer", - "sys_stat", - "sys_lstat", - "sys_fstat", - "sys_olduname", - "sys_iopl", - "sys_vhangup", - "sys_idle", - "sys_vm86old", - "sys_wait4", - "sys_swapoff", - "sys_sysinfo", - "sys_ipc", - "sys_fsync", - "sys_sigreturn", - "sys_clone", - "sys_setdomainname", - "sys_uname", - "sys_modify_ldt", - "sys_adjtimex", - "sys_mprotect", - "sys_sigprocmask", - "sys_create_module", - "sys_init_module", - "sys_delete_module", - "sys_get_kernel_syms", - "sys_quotactl", - "sys_getpgid", - "sys_fchdir", - "sys_bdflush", - "sys_sysfs", - "sys_personality", - "sys_afs_syscall", - "sys_setfsuid", - "sys_setfsgid", - "sys__llseek", - "sys_getdents", - "sys__newselect", - "sys_flock", - "sys_msync", - "sys_readv", - "sys_writev", - "sys_getsid", - "sys_fdatasync", - "sys__sysctl", - "sys_mlock", - "sys_munlock", - "sys_mlockall", - "sys_munlockall", - "sys_sched_setparam", - "sys_sched_getparam", - "sys_sched_setscheduler", - "sys_sched_getscheduler", - "sys_sched_yield", - "sys_sched_get_priority_max", - "sys_sched_get_priority_min", - "sys_sched_rr_get_interval", - "sys_nanosleep", - "sys_mremap", - "sys_setresuid", - "sys_getresuid", - "sys_vm86", - "sys_query_module", - "sys_poll", - "sys_nfsservctl", - "sys_setresgid", - "sys_getresgid", - "sys_prctl", - "sys_rt_sigreturn", - "sys_rt_sigaction", - "sys_rt_sigprocmask", - "sys_rt_sigpending", - "sys_rt_sigtimedwait", - "sys_rt_sigqueueinfo", - "sys_rt_sigsuspend", - "sys_pread64", - "sys_pwrite64", - "sys_chown", - "sys_getcwd", - "sys_capget", - "sys_capset", - "sys_sigaltstack", - "sys_sendfile", - "sys_getpmsg", - "sys_putpmsg", - "sys_vfork", - "sys_ugetrlimit", - "sys_mmap2", - "sys_truncate64", - "sys_ftruncate64", - "sys_stat64", - "sys_lstat64", - "sys_fstat64", - "sys_lchown32", - "sys_getuid32", - "sys_getgid32", - "sys_geteuid32", - "sys_getegid32", - "sys_setreuid32", - "sys_setregid32", - "sys_getgroups32", - "sys_setgroups32", - "sys_fchown32", - "sys_setresuid32", - "sys_getresuid32", - "sys_setresgid32", - "sys_getresgid32", - "sys_chown32", - "sys_setuid32", - "sys_setgid32", - "sys_setfsuid32", - "sys_setfsgid32", - "sys_pivot_root", - "sys_mincore", - "sys_madvise", - "sys_getdents64", - "sys_fcntl64", - "sys_gettid", - "sys_readahead", - "sys_setxattr", - "sys_lsetxattr", - "sys_fsetxattr", - "sys_getxattr", - "sys_lgetxattr", - "sys_fgetxattr", - "sys_listxattr", - "sys_llistxattr", - "sys_flistxattr", - "sys_removexattr", - "sys_lremovexattr", - "sys_fremovexattr", - "sys_tkill", - "sys_sendfile64", - "sys_futex", - "sys_sched_setaffinity", - "sys_sched_getaffinity", - "sys_set_thread_area", - "sys_get_thread_area", - "sys_io_setup", - "sys_io_destroy", - "sys_io_getevents", - "sys_io_submit", - "sys_io_cancel", - "sys_fadvise64", - "sys_exit_group", - "sys_lookup_dcookie", - "sys_epoll_create", - "sys_epoll_ctl", - "sys_epoll_wait", - "sys_remap_file_pages", - "sys_set_tid_address", - "sys_timer_create", - "sys_timer_settime", - "sys_timer_gettime", - "sys_timer_getoverrun", - "sys_timer_delete", - "sys_clock_settime", - "sys_clock_gettime", - "sys_clock_getres", - "sys_clock_nanosleep", - "sys_statfs64", - "sys_fstatfs64", - "sys_tgkill", - "sys_utimes", - "sys_fadvise64_64", - "sys_vserver", - "sys_mbind", - "sys_get_mempolicy", - "sys_set_mempolicy", - "sys_mq_open", - "sys_mq_unlink", - "sys_mq_timedsend", - "sys_mq_timedreceive", - "sys_mq_notify", - "sys_mq_getsetattr", - "sys_kexec_load", - "sys_waitid", - "sys_add_key", - "sys_request_key", - "sys_keyctl", - "sys_ioprio_set", - "sys_ioprio_get", - "sys_inotify_init", - "sys_inotify_add_watch", - "sys_inotify_rm_watch", - "sys_migrate_pages", - "sys_openat", - "sys_mkdirat", - "sys_mknodat", - "sys_fchownat", - "sys_futimesat", - "sys_fstatat64", - "sys_unlinkat", - "sys_renameat", - "sys_linkat", - "sys_symlinkat", - "sys_readlinkat", - "sys_fchmodat", - "sys_faccessat", - "sys_pselect6", - "sys_ppoll", - "sys_unshare", - "sys_set_robust_list", - "sys_get_robust_list", - "sys_splice", - "sys_sync_file_range", - "sys_tee", - "sys_vmsplice", - "sys_move_pages", - "sys_getcpu", - "sys_epoll_pwait", - "sys_utimensat", - "sys_signalfd", - "sys_timerfd_create", - "sys_eventfd", - "sys_fallocate", - "sys_timerfd_settime", - "sys_timerfd_gettime", - "sys_signalfd4", - "sys_eventfd2", - "sys_epoll_create1", - "sys_dup3", - "sys_pipe2", - "sys_inotify_init1", - "sys_preadv", - "sys_pwritev", - "sys_rt_tgsigqueueinfo", - "sys_perf_event_open", - "sys_recvmmsg", - "sys_fanotify_init", - "sys_fanotify_mark", - "sys_prlimit64", - "sys_name_to_handle_at", - "sys_open_by_handle_at", - "sys_clock_adjtime", - "sys_syncfs", - "sys_sendmmsg", - "sys_setns", - "sys_process_vm_readv", - "sys_process_vm_writev", - "sys_kcmp", - "sys_finit_module", - "sys_sched_setattr", - "sys_sched_getattr", - "sys_renameat2"] - +x86SystemCalls = [ + 'sys_restart_syscall', + 'sys_exit', + 'sys_fork', + 'sys_read', + 'sys_write', + 'sys_open', + 'sys_close', + 'sys_waitpid', + 'sys_creat', + 'sys_link', + 'sys_unlink', + 'sys_execve', + 'sys_chdir', + 'sys_time', + 'sys_mknod', + 'sys_chmod', + 'sys_lchown', + 'sys_break', + 'sys_oldstat', + 'sys_lseek', + 'sys_getpid', + 'sys_mount', + 'sys_umount', + 'sys_setuid', + 'sys_getuid', + 'sys_stime', + 'sys_ptrace', + 'sys_alarm', + 'sys_oldfstat', + 'sys_pause', + 'sys_utime', + 'sys_stty', + 'sys_gtty', + 'sys_access', + 'sys_nice', + 'sys_ftime', + 'sys_sync', + 'sys_kill', + 'sys_rename', + 'sys_mkdir', + 'sys_rmdir', + 'sys_dup', + 'sys_pipe', + 'sys_times', + 'sys_prof', + 'sys_brk', + 'sys_setgid', + 'sys_getgid', + 'sys_signal', + 'sys_geteuid', + 'sys_getegid', + 'sys_acct', + 'sys_umount2', + 'sys_lock', + 'sys_ioctl', + 'sys_fcntl', + 'sys_mpx', + 'sys_setpgid', + 'sys_ulimit', + 'sys_oldolduname', + 'sys_umask', + 'sys_chroot', + 'sys_ustat', + 'sys_dup2', + 'sys_getppid', + 'sys_getpgrp', + 'sys_setsid', + 'sys_sigaction', + 'sys_sgetmask', + 'sys_ssetmask', + 'sys_setreuid', + 'sys_setregid', + 'sys_sigsuspend', + 'sys_sigpending', + 'sys_sethostname', + 'sys_setrlimit', + 'sys_getrlimit', + 'sys_getrusage', + 'sys_gettimeofday', + 'sys_settimeofday', + 'sys_getgroups', + 'sys_setgroups', + 'sys_select', + 'sys_symlink', + 'sys_oldlstat', + 'sys_readlink', + 'sys_uselib', + 'sys_swapon', + 'sys_reboot', + 'sys_readdir', + 'sys_mmap', + 'sys_munmap', + 'sys_truncate', + 'sys_ftruncate', + 'sys_fchmod', + 'sys_fchown', + 'sys_getpriority', + 'sys_setpriority', + 'sys_profil', + 'sys_statfs', + 'sys_fstatfs', + 'sys_ioperm', + 'sys_socketcall', + 'sys_syslog', + 'sys_setitimer', + 'sys_getitimer', + 'sys_stat', + 'sys_lstat', + 'sys_fstat', + 'sys_olduname', + 'sys_iopl', + 'sys_vhangup', + 'sys_idle', + 'sys_vm86old', + 'sys_wait4', + 'sys_swapoff', + 'sys_sysinfo', + 'sys_ipc', + 'sys_fsync', + 'sys_sigreturn', + 'sys_clone', + 'sys_setdomainname', + 'sys_uname', + 'sys_modify_ldt', + 'sys_adjtimex', + 'sys_mprotect', + 'sys_sigprocmask', + 'sys_create_module', + 'sys_init_module', + 'sys_delete_module', + 'sys_get_kernel_syms', + 'sys_quotactl', + 'sys_getpgid', + 'sys_fchdir', + 'sys_bdflush', + 'sys_sysfs', + 'sys_personality', + 'sys_afs_syscall', + 'sys_setfsuid', + 'sys_setfsgid', + 'sys__llseek', + 'sys_getdents', + 'sys__newselect', + 'sys_flock', + 'sys_msync', + 'sys_readv', + 'sys_writev', + 'sys_getsid', + 'sys_fdatasync', + 'sys__sysctl', + 'sys_mlock', + 'sys_munlock', + 'sys_mlockall', + 'sys_munlockall', + 'sys_sched_setparam', + 'sys_sched_getparam', + 'sys_sched_setscheduler', + 'sys_sched_getscheduler', + 'sys_sched_yield', + 'sys_sched_get_priority_max', + 'sys_sched_get_priority_min', + 'sys_sched_rr_get_interval', + 'sys_nanosleep', + 'sys_mremap', + 'sys_setresuid', + 'sys_getresuid', + 'sys_vm86', + 'sys_query_module', + 'sys_poll', + 'sys_nfsservctl', + 'sys_setresgid', + 'sys_getresgid', + 'sys_prctl', + 'sys_rt_sigreturn', + 'sys_rt_sigaction', + 'sys_rt_sigprocmask', + 'sys_rt_sigpending', + 'sys_rt_sigtimedwait', + 'sys_rt_sigqueueinfo', + 'sys_rt_sigsuspend', + 'sys_pread64', + 'sys_pwrite64', + 'sys_chown', + 'sys_getcwd', + 'sys_capget', + 'sys_capset', + 'sys_sigaltstack', + 'sys_sendfile', + 'sys_getpmsg', + 'sys_putpmsg', + 'sys_vfork', + 'sys_ugetrlimit', + 'sys_mmap2', + 'sys_truncate64', + 'sys_ftruncate64', + 'sys_stat64', + 'sys_lstat64', + 'sys_fstat64', + 'sys_lchown32', + 'sys_getuid32', + 'sys_getgid32', + 'sys_geteuid32', + 'sys_getegid32', + 'sys_setreuid32', + 'sys_setregid32', + 'sys_getgroups32', + 'sys_setgroups32', + 'sys_fchown32', + 'sys_setresuid32', + 'sys_getresuid32', + 'sys_setresgid32', + 'sys_getresgid32', + 'sys_chown32', + 'sys_setuid32', + 'sys_setgid32', + 'sys_setfsuid32', + 'sys_setfsgid32', + 'sys_pivot_root', + 'sys_mincore', + 'sys_madvise', + 'sys_getdents64', + 'sys_fcntl64', + 'sys_gettid', + 'sys_readahead', + 'sys_setxattr', + 'sys_lsetxattr', + 'sys_fsetxattr', + 'sys_getxattr', + 'sys_lgetxattr', + 'sys_fgetxattr', + 'sys_listxattr', + 'sys_llistxattr', + 'sys_flistxattr', + 'sys_removexattr', + 'sys_lremovexattr', + 'sys_fremovexattr', + 'sys_tkill', + 'sys_sendfile64', + 'sys_futex', + 'sys_sched_setaffinity', + 'sys_sched_getaffinity', + 'sys_set_thread_area', + 'sys_get_thread_area', + 'sys_io_setup', + 'sys_io_destroy', + 'sys_io_getevents', + 'sys_io_submit', + 'sys_io_cancel', + 'sys_fadvise64', + 'sys_exit_group', + 'sys_lookup_dcookie', + 'sys_epoll_create', + 'sys_epoll_ctl', + 'sys_epoll_wait', + 'sys_remap_file_pages', + 'sys_set_tid_address', + 'sys_timer_create', + 'sys_timer_settime', + 'sys_timer_gettime', + 'sys_timer_getoverrun', + 'sys_timer_delete', + 'sys_clock_settime', + 'sys_clock_gettime', + 'sys_clock_getres', + 'sys_clock_nanosleep', + 'sys_statfs64', + 'sys_fstatfs64', + 'sys_tgkill', + 'sys_utimes', + 'sys_fadvise64_64', + 'sys_vserver', + 'sys_mbind', + 'sys_get_mempolicy', + 'sys_set_mempolicy', + 'sys_mq_open', + 'sys_mq_unlink', + 'sys_mq_timedsend', + 'sys_mq_timedreceive', + 'sys_mq_notify', + 'sys_mq_getsetattr', + 'sys_kexec_load', + 'sys_waitid', + 'sys_add_key', + 'sys_request_key', + 'sys_keyctl', + 'sys_ioprio_set', + 'sys_ioprio_get', + 'sys_inotify_init', + 'sys_inotify_add_watch', + 'sys_inotify_rm_watch', + 'sys_migrate_pages', + 'sys_openat', + 'sys_mkdirat', + 'sys_mknodat', + 'sys_fchownat', + 'sys_futimesat', + 'sys_fstatat64', + 'sys_unlinkat', + 'sys_renameat', + 'sys_linkat', + 'sys_symlinkat', + 'sys_readlinkat', + 'sys_fchmodat', + 'sys_faccessat', + 'sys_pselect6', + 'sys_ppoll', + 'sys_unshare', + 'sys_set_robust_list', + 'sys_get_robust_list', + 'sys_splice', + 'sys_sync_file_range', + 'sys_tee', + 'sys_vmsplice', + 'sys_move_pages', + 'sys_getcpu', + 'sys_epoll_pwait', + 'sys_utimensat', + 'sys_signalfd', + 'sys_timerfd_create', + 'sys_eventfd', + 'sys_fallocate', + 'sys_timerfd_settime', + 'sys_timerfd_gettime', + 'sys_signalfd4', + 'sys_eventfd2', + 'sys_epoll_create1', + 'sys_dup3', + 'sys_pipe2', + 'sys_inotify_init1', + 'sys_preadv', + 'sys_pwritev', + 'sys_rt_tgsigqueueinfo', + 'sys_perf_event_open', + 'sys_recvmmsg', + 'sys_fanotify_init', + 'sys_fanotify_mark', + 'sys_prlimit64', + 'sys_name_to_handle_at', + 'sys_open_by_handle_at', + 'sys_clock_adjtime', + 'sys_syncfs', + 'sys_sendmmsg', + 'sys_setns', + 'sys_process_vm_readv', + 'sys_process_vm_writev', + 'sys_kcmp', + 'sys_finit_module', + 'sys_sched_setattr', + 'sys_sched_getattr', + 'sys_renameat2' +] + # Taken from /usr/include/asm/unistd_64.h at Arch Linux x86_64 3.16.1-1. -x86_64SystemCalls = ["sys_read", - "sys_write", - "sys_open", - "sys_close", - "sys_stat", - "sys_fstat", - "sys_lstat", - "sys_poll", - "sys_lseek", - "sys_mmap", - "sys_mprotect", - "sys_munmap", - "sys_brk", - "sys_rt_sigaction", - "sys_rt_sigprocmask", - "sys_rt_sigreturn", - "sys_ioctl", - "sys_pread64", - "sys_pwrite64", - "sys_readv", - "sys_writev", - "sys_access", - "sys_pipe", - "sys_select", - "sys_sched_yield", - "sys_mremap", - "sys_msync", - "sys_mincore", - "sys_madvise", - "sys_shmget", - "sys_shmat", - "sys_shmctl", - "sys_dup", - "sys_dup2", - "sys_pause", - "sys_nanosleep", - "sys_getitimer", - "sys_alarm", - "sys_setitimer", - "sys_getpid", - "sys_sendfile", - "sys_socket", - "sys_connect", - "sys_accept", - "sys_sendto", - "sys_recvfrom", - "sys_sendmsg", - "sys_recvmsg", - "sys_shutdown", - "sys_bind", - "sys_listen", - "sys_getsockname", - "sys_getpeername", - "sys_socketpair", - "sys_setsockopt", - "sys_getsockopt", - "sys_clone", - "sys_fork", - "sys_vfork", - "sys_execve", - "sys_exit", - "sys_wait4", - "sys_kill", - "sys_uname", - "sys_semget", - "sys_semop", - "sys_semctl", - "sys_shmdt", - "sys_msgget", - "sys_msgsnd", - "sys_msgrcv", - "sys_msgctl", - "sys_fcntl", - "sys_flock", - "sys_fsync", - "sys_fdatasync", - "sys_truncate", - "sys_ftruncate", - "sys_getdents", - "sys_getcwd", - "sys_chdir", - "sys_fchdir", - "sys_rename", - "sys_mkdir", - "sys_rmdir", - "sys_creat", - "sys_link", - "sys_unlink", - "sys_symlink", - "sys_readlink", - "sys_chmod", - "sys_fchmod", - "sys_chown", - "sys_fchown", - "sys_lchown", - "sys_umask", - "sys_gettimeofday", - "sys_getrlimit", - "sys_getrusage", - "sys_sysinfo", - "sys_times", - "sys_ptrace", - "sys_getuid", - "sys_syslog", - "sys_getgid", - "sys_setuid", - "sys_setgid", - "sys_geteuid", - "sys_getegid", - "sys_setpgid", - "sys_getppid", - "sys_getpgrp", - "sys_setsid", - "sys_setreuid", - "sys_setregid", - "sys_getgroups", - "sys_setgroups", - "sys_setresuid", - "sys_getresuid", - "sys_setresgid", - "sys_getresgid", - "sys_getpgid", - "sys_setfsuid", - "sys_setfsgid", - "sys_getsid", - "sys_capget", - "sys_capset", - "sys_rt_sigpending", - "sys_rt_sigtimedwait", - "sys_rt_sigqueueinfo", - "sys_rt_sigsuspend", - "sys_sigaltstack", - "sys_utime", - "sys_mknod", - "sys_uselib", - "sys_personality", - "sys_ustat", - "sys_statfs", - "sys_fstatfs", - "sys_sysfs", - "sys_getpriority", - "sys_setpriority", - "sys_sched_setparam", - "sys_sched_getparam", - "sys_sched_setscheduler", - "sys_sched_getscheduler", - "sys_sched_get_priority_max", - "sys_sched_get_priority_min", - "sys_sched_rr_get_interval", - "sys_mlock", - "sys_munlock", - "sys_mlockall", - "sys_munlockall", - "sys_vhangup", - "sys_modify_ldt", - "sys_pivot_root", - "sys__sysctl", - "sys_prctl", - "sys_arch_prctl", - "sys_adjtimex", - "sys_setrlimit", - "sys_chroot", - "sys_sync", - "sys_acct", - "sys_settimeofday", - "sys_mount", - "sys_umount2", - "sys_swapon", - "sys_swapoff", - "sys_reboot", - "sys_sethostname", - "sys_setdomainname", - "sys_iopl", - "sys_ioperm", - "sys_create_module", - "sys_init_module", - "sys_delete_module", - "sys_get_kernel_syms", - "sys_query_module", - "sys_quotactl", - "sys_nfsservctl", - "sys_getpmsg", - "sys_putpmsg", - "sys_afs_syscall", - "sys_tuxcall", - "sys_security", - "sys_gettid", - "sys_readahead", - "sys_setxattr", - "sys_lsetxattr", - "sys_fsetxattr", - "sys_getxattr", - "sys_lgetxattr", - "sys_fgetxattr", - "sys_listxattr", - "sys_llistxattr", - "sys_flistxattr", - "sys_removexattr", - "sys_lremovexattr", - "sys_fremovexattr", - "sys_tkill", - "sys_time", - "sys_futex", - "sys_sched_setaffinity", - "sys_sched_getaffinity", - "sys_set_thread_area", - "sys_io_setup", - "sys_io_destroy", - "sys_io_getevents", - "sys_io_submit", - "sys_io_cancel", - "sys_get_thread_area", - "sys_lookup_dcookie", - "sys_epoll_create", - "sys_epoll_ctl_old", - "sys_epoll_wait_old", - "sys_remap_file_pages", - "sys_getdents64", - "sys_set_tid_address", - "sys_restart_syscall", - "sys_semtimedop", - "sys_fadvise64", - "sys_timer_create", - "sys_timer_settime", - "sys_timer_gettime", - "sys_timer_getoverrun", - "sys_timer_delete", - "sys_clock_settime", - "sys_clock_gettime", - "sys_clock_getres", - "sys_clock_nanosleep", - "sys_exit_group", - "sys_epoll_wait", - "sys_epoll_ctl", - "sys_tgkill", - "sys_utimes", - "sys_vserver", - "sys_mbind", - "sys_set_mempolicy", - "sys_get_mempolicy", - "sys_mq_open", - "sys_mq_unlink", - "sys_mq_timedsend", - "sys_mq_timedreceive", - "sys_mq_notify", - "sys_mq_getsetattr", - "sys_kexec_load", - "sys_waitid", - "sys_add_key", - "sys_request_key", - "sys_keyctl", - "sys_ioprio_set", - "sys_ioprio_get", - "sys_inotify_init", - "sys_inotify_add_watch", - "sys_inotify_rm_watch", - "sys_migrate_pages", - "sys_openat", - "sys_mkdirat", - "sys_mknodat", - "sys_fchownat", - "sys_futimesat", - "sys_newfstatat", - "sys_unlinkat", - "sys_renameat", - "sys_linkat", - "sys_symlinkat", - "sys_readlinkat", - "sys_fchmodat", - "sys_faccessat", - "sys_pselect6", - "sys_ppoll", - "sys_unshare", - "sys_set_robust_list", - "sys_get_robust_list", - "sys_splice", - "sys_tee", - "sys_sync_file_range", - "sys_vmsplice", - "sys_move_pages", - "sys_utimensat", - "sys_epoll_pwait", - "sys_signalfd", - "sys_timerfd_create", - "sys_eventfd", - "sys_fallocate", - "sys_timerfd_settime", - "sys_timerfd_gettime", - "sys_accept4", - "sys_signalfd4", - "sys_eventfd2", - "sys_epoll_create1", - "sys_dup3", - "sys_pipe2", - "sys_inotify_init1", - "sys_preadv", - "sys_pwritev", - "sys_rt_tgsigqueueinfo", - "sys_perf_event_open", - "sys_recvmmsg", - "sys_fanotify_init", - "sys_fanotify_mark", - "sys_prlimit64", - "sys_name_to_handle_at", - "sys_open_by_handle_at", - "sys_clock_adjtime", - "sys_syncfs", - "sys_sendmmsg", - "sys_setns", - "sys_getcpu", - "sys_process_vm_readv", - "sys_process_vm_writev", - "sys_kcmp", - "sys_finit_module", - "sys_sched_setattr", - "sys_sched_getattr"] +x86_64SystemCalls = [ + 'sys_read', + 'sys_write', + 'sys_open', + 'sys_close', + 'sys_stat', + 'sys_fstat', + 'sys_lstat', + 'sys_poll', + 'sys_lseek', + 'sys_mmap', + 'sys_mprotect', + 'sys_munmap', + 'sys_brk', + 'sys_rt_sigaction', + 'sys_rt_sigprocmask', + 'sys_rt_sigreturn', + 'sys_ioctl', + 'sys_pread64', + 'sys_pwrite64', + 'sys_readv', + 'sys_writev', + 'sys_access', + 'sys_pipe', + 'sys_select', + 'sys_sched_yield', + 'sys_mremap', + 'sys_msync', + 'sys_mincore', + 'sys_madvise', + 'sys_shmget', + 'sys_shmat', + 'sys_shmctl', + 'sys_dup', + 'sys_dup2', + 'sys_pause', + 'sys_nanosleep', + 'sys_getitimer', + 'sys_alarm', + 'sys_setitimer', + 'sys_getpid', + 'sys_sendfile', + 'sys_socket', + 'sys_connect', + 'sys_accept', + 'sys_sendto', + 'sys_recvfrom', + 'sys_sendmsg', + 'sys_recvmsg', + 'sys_shutdown', + 'sys_bind', + 'sys_listen', + 'sys_getsockname', + 'sys_getpeername', + 'sys_socketpair', + 'sys_setsockopt', + 'sys_getsockopt', + 'sys_clone', + 'sys_fork', + 'sys_vfork', + 'sys_execve', + 'sys_exit', + 'sys_wait4', + 'sys_kill', + 'sys_uname', + 'sys_semget', + 'sys_semop', + 'sys_semctl', + 'sys_shmdt', + 'sys_msgget', + 'sys_msgsnd', + 'sys_msgrcv', + 'sys_msgctl', + 'sys_fcntl', + 'sys_flock', + 'sys_fsync', + 'sys_fdatasync', + 'sys_truncate', + 'sys_ftruncate', + 'sys_getdents', + 'sys_getcwd', + 'sys_chdir', + 'sys_fchdir', + 'sys_rename', + 'sys_mkdir', + 'sys_rmdir', + 'sys_creat', + 'sys_link', + 'sys_unlink', + 'sys_symlink', + 'sys_readlink', + 'sys_chmod', + 'sys_fchmod', + 'sys_chown', + 'sys_fchown', + 'sys_lchown', + 'sys_umask', + 'sys_gettimeofday', + 'sys_getrlimit', + 'sys_getrusage', + 'sys_sysinfo', + 'sys_times', + 'sys_ptrace', + 'sys_getuid', + 'sys_syslog', + 'sys_getgid', + 'sys_setuid', + 'sys_setgid', + 'sys_geteuid', + 'sys_getegid', + 'sys_setpgid', + 'sys_getppid', + 'sys_getpgrp', + 'sys_setsid', + 'sys_setreuid', + 'sys_setregid', + 'sys_getgroups', + 'sys_setgroups', + 'sys_setresuid', + 'sys_getresuid', + 'sys_setresgid', + 'sys_getresgid', + 'sys_getpgid', + 'sys_setfsuid', + 'sys_setfsgid', + 'sys_getsid', + 'sys_capget', + 'sys_capset', + 'sys_rt_sigpending', + 'sys_rt_sigtimedwait', + 'sys_rt_sigqueueinfo', + 'sys_rt_sigsuspend', + 'sys_sigaltstack', + 'sys_utime', + 'sys_mknod', + 'sys_uselib', + 'sys_personality', + 'sys_ustat', + 'sys_statfs', + 'sys_fstatfs', + 'sys_sysfs', + 'sys_getpriority', + 'sys_setpriority', + 'sys_sched_setparam', + 'sys_sched_getparam', + 'sys_sched_setscheduler', + 'sys_sched_getscheduler', + 'sys_sched_get_priority_max', + 'sys_sched_get_priority_min', + 'sys_sched_rr_get_interval', + 'sys_mlock', + 'sys_munlock', + 'sys_mlockall', + 'sys_munlockall', + 'sys_vhangup', + 'sys_modify_ldt', + 'sys_pivot_root', + 'sys__sysctl', + 'sys_prctl', + 'sys_arch_prctl', + 'sys_adjtimex', + 'sys_setrlimit', + 'sys_chroot', + 'sys_sync', + 'sys_acct', + 'sys_settimeofday', + 'sys_mount', + 'sys_umount2', + 'sys_swapon', + 'sys_swapoff', + 'sys_reboot', + 'sys_sethostname', + 'sys_setdomainname', + 'sys_iopl', + 'sys_ioperm', + 'sys_create_module', + 'sys_init_module', + 'sys_delete_module', + 'sys_get_kernel_syms', + 'sys_query_module', + 'sys_quotactl', + 'sys_nfsservctl', + 'sys_getpmsg', + 'sys_putpmsg', + 'sys_afs_syscall', + 'sys_tuxcall', + 'sys_security', + 'sys_gettid', + 'sys_readahead', + 'sys_setxattr', + 'sys_lsetxattr', + 'sys_fsetxattr', + 'sys_getxattr', + 'sys_lgetxattr', + 'sys_fgetxattr', + 'sys_listxattr', + 'sys_llistxattr', + 'sys_flistxattr', + 'sys_removexattr', + 'sys_lremovexattr', + 'sys_fremovexattr', + 'sys_tkill', + 'sys_time', + 'sys_futex', + 'sys_sched_setaffinity', + 'sys_sched_getaffinity', + 'sys_set_thread_area', + 'sys_io_setup', + 'sys_io_destroy', + 'sys_io_getevents', + 'sys_io_submit', + 'sys_io_cancel', + 'sys_get_thread_area', + 'sys_lookup_dcookie', + 'sys_epoll_create', + 'sys_epoll_ctl_old', + 'sys_epoll_wait_old', + 'sys_remap_file_pages', + 'sys_getdents64', + 'sys_set_tid_address', + 'sys_restart_syscall', + 'sys_semtimedop', + 'sys_fadvise64', + 'sys_timer_create', + 'sys_timer_settime', + 'sys_timer_gettime', + 'sys_timer_getoverrun', + 'sys_timer_delete', + 'sys_clock_settime', + 'sys_clock_gettime', + 'sys_clock_getres', + 'sys_clock_nanosleep', + 'sys_exit_group', + 'sys_epoll_wait', + 'sys_epoll_ctl', + 'sys_tgkill', + 'sys_utimes', + 'sys_vserver', + 'sys_mbind', + 'sys_set_mempolicy', + 'sys_get_mempolicy', + 'sys_mq_open', + 'sys_mq_unlink', + 'sys_mq_timedsend', + 'sys_mq_timedreceive', + 'sys_mq_notify', + 'sys_mq_getsetattr', + 'sys_kexec_load', + 'sys_waitid', + 'sys_add_key', + 'sys_request_key', + 'sys_keyctl', + 'sys_ioprio_set', + 'sys_ioprio_get', + 'sys_inotify_init', + 'sys_inotify_add_watch', + 'sys_inotify_rm_watch', + 'sys_migrate_pages', + 'sys_openat', + 'sys_mkdirat', + 'sys_mknodat', + 'sys_fchownat', + 'sys_futimesat', + 'sys_newfstatat', + 'sys_unlinkat', + 'sys_renameat', + 'sys_linkat', + 'sys_symlinkat', + 'sys_readlinkat', + 'sys_fchmodat', + 'sys_faccessat', + 'sys_pselect6', + 'sys_ppoll', + 'sys_unshare', + 'sys_set_robust_list', + 'sys_get_robust_list', + 'sys_splice', + 'sys_tee', + 'sys_sync_file_range', + 'sys_vmsplice', + 'sys_move_pages', + 'sys_utimensat', + 'sys_epoll_pwait', + 'sys_signalfd', + 'sys_timerfd_create', + 'sys_eventfd', + 'sys_fallocate', + 'sys_timerfd_settime', + 'sys_timerfd_gettime', + 'sys_accept4', + 'sys_signalfd4', + 'sys_eventfd2', + 'sys_epoll_create1', + 'sys_dup3', + 'sys_pipe2', + 'sys_inotify_init1', + 'sys_preadv', + 'sys_pwritev', + 'sys_rt_tgsigqueueinfo', + 'sys_perf_event_open', + 'sys_recvmmsg', + 'sys_fanotify_init', + 'sys_fanotify_mark', + 'sys_prlimit64', + 'sys_name_to_handle_at', + 'sys_open_by_handle_at', + 'sys_clock_adjtime', + 'sys_syncfs', + 'sys_sendmmsg', + 'sys_setns', + 'sys_getcpu', + 'sys_process_vm_readv', + 'sys_process_vm_writev', + 'sys_kcmp', + 'sys_finit_module', + 'sys_sched_setattr', + 'sys_sched_getattr' +] |