Header for Dr. Syscall Record Library. More...

#include <stdio.h>
#include <unistd.h>
#include "dr_api.h"
#include "drsyscall.h"
#include "drsyscall_record.h"

Typedefs
typedef size_t(*	drsyscall_record_read_t) (DR_PARAM_IN char *buffer, DR_PARAM_IN size_t size)

typedef size_t(*	drsyscall_record_write_t) (DR_PARAM_IN void drcontext, DR_PARAM_IN char buffer, DR_PARAM_IN size_t size)

typedef bool(*	drsyscall_iter_record_cb_t) (DR_PARAM_IN syscall_record_t record, DR_PARAM_IN char buffer, DR_PARAM_IN size_t size)

Functions
DR_EXPORT bool	drsyscall_iterate_records (DR_PARAM_IN drsyscall_record_read_t read_func, DR_PARAM_IN drsyscall_iter_record_cb_t record_cb)

DR_EXPORT int	drsyscall_write_param_record (DR_PARAM_IN void drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN drsys_arg_t arg)

DR_EXPORT int	drsyscall_write_memarg_record (DR_PARAM_IN void drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN drsys_arg_t arg)

DR_EXPORT int	drsyscall_write_syscall_number_record (DR_PARAM_IN void *drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN int sysnum)

DR_EXPORT int	drsyscall_write_syscall_end_record (DR_PARAM_IN void *drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN int sysnum)

DR_EXPORT int	drsyscall_write_syscall_number_timestamp_record (DR_PARAM_IN void *drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN drsys_sysnum_t sysnum, DR_PARAM_IN uint64_t timestamp)

DR_EXPORT int	drsyscall_write_syscall_end_timestamp_record (DR_PARAM_IN void *drcontext, DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN drsys_sysnum_t sysnum, DR_PARAM_IN uint64_t timestamp)

DR_EXPORT bool	drsyscall_write_pre_syscall_records (DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN void *drcontext, DR_PARAM_IN int sysnum, DR_PARAM_IN uint64_t timestamp)

DR_EXPORT bool	drsyscall_write_post_syscall_records (DR_PARAM_IN drsyscall_record_write_t write_func, DR_PARAM_IN void *drcontext, DR_PARAM_IN int sysnum, DR_PARAM_IN uint64_t timestamp)

Detailed Description

Header for Dr. Syscall Record Library.

Typedef Documentation

◆ drsyscall_iter_record_cb_t

typedef bool(* drsyscall_iter_record_cb_t) (DR_PARAM_IN syscall_record_t *record, DR_PARAM_IN char *buffer, DR_PARAM_IN size_t size)

Callback function to invoke for each syscall record. For record type DRSYS_MEMORY_CONTENT, buffer points to the beginning of the buffer and size is the size of the buffer. buffer is NULL and size is 0 for other types.

Returns true to continue, false to stop.

◆ drsyscall_record_read_t

typedef size_t(* drsyscall_record_read_t) (DR_PARAM_IN char *buffer, DR_PARAM_IN size_t size)

A user provided function to read syscall records. Returns the number of bytes read. Returns 0 if there are no more bytes.

◆ drsyscall_record_write_t

typedef size_t(* drsyscall_record_write_t) (DR_PARAM_IN void *drcontext, DR_PARAM_IN char *buffer, DR_PARAM_IN size_t size)

A user provided function to write syscall records. Returns the number of bytes written. For performance optimization, the function should implement buffering to write records in bulk.

Function Documentation

◆ drsyscall_iterate_records()

DR_EXPORT bool drsyscall_iterate_records	(	DR_PARAM_IN drsyscall_record_read_t	read_func,
		DR_PARAM_IN drsyscall_iter_record_cb_t	record_cb
	)

Dynamically iterates over all syscall records.

Parameters

[in]	read_func	A user provided function to read syscall records.
[in]	record_cb	The callback to invoke for each syscall record.

Returns: true when read_func returns 0 or record_cb returns false. Return false if an error occurs.

◆ drsyscall_write_memarg_record()

DR_EXPORT int drsyscall_write_memarg_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN drsys_arg_t *	arg
	)

Write a syscall_record_t of type DRSYS_MEMORY_CONTENT record_file based on arg.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	arg	System call parameter or memory region.

Returns: the actual number of bytes written, or -1 if an error occurs.

◆ drsyscall_write_param_record()

DR_EXPORT int drsyscall_write_param_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN drsys_arg_t *	arg
	)

Write a syscall_record_t of type DRSYS_PRECALL_PARAM or DRSYS_PRECALL_PARAM based on arg.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	arg	System call parameter or memory region.

Returns: the actual number of bytes written, or -1 if an error occurs.

◆ drsyscall_write_post_syscall_records()

DR_EXPORT bool drsyscall_write_post_syscall_records	(	DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN int	sysnum,
		DR_PARAM_IN uint64_t	timestamp
	)

Write pre-syscall records of type DRSYS_POSTCALL_PARAM, DRSYS_MEMORY_CONTENT, DRSYS_RETURN_VALUE, and DRSYS_RECORD_END_TIMESTAMP of the current syscall. The caller must invoke drmgr_init() and drsys_init() before calling this function.

Parameters

[in]	write_func	A user provided function to write syscall record.
[in]	drcontext	The opaque context.
[in]	sysnum	The system call number.
[in]	timestamp	The timestamp of the end of the syscall.

Returns: true when records are written successfully, false otherwise.

◆ drsyscall_write_pre_syscall_records()

DR_EXPORT bool drsyscall_write_pre_syscall_records	(	DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN int	sysnum,
		DR_PARAM_IN uint64_t	timestamp
	)

Write pre-syscall records of type DRSYS_SYSCALL_NUMBER_TIMESTAMP, DRSYS_PRECALL_PARAM, and DRSYS_MEMORY_CONTENT of the current syscall. The caller must invoke drmgr_init() and drsys_init() before calling this function.

Parameters

[in]	write_func	A user provided function to write syscall record.
[in]	drcontext	The opaque context.
[in]	sysnum	The system call number.
[in]	timestamp	The timestamp of the end of the syscall.

Returns: true when records are written successfully, false otherwise.

◆ drsyscall_write_syscall_end_record()

DR_EXPORT int drsyscall_write_syscall_end_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN int	sysnum
	)

Write a syscall_record_t of type DRSYS_RECORD_END_DEPRECATED based on sysnum.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	sysnum	The system call number.

Returns: the actual number of bytes written.

Deprecated:: drsyscall_write_syscall_end_timestamp_record() should be used instead.

◆ drsyscall_write_syscall_end_timestamp_record()

DR_EXPORT int drsyscall_write_syscall_end_timestamp_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN drsys_sysnum_t	sysnum,
		DR_PARAM_IN uint64_t	timestamp
	)

Write a syscall_record_t of type DRSYS_RECORD_END_TIMESTAMP based on sysnum and timestamp.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	sysnum	The system call number.
[in]	timestamp	The timestamp of the end of the syscall.

Returns: the actual number of bytes written.

◆ drsyscall_write_syscall_number_record()

DR_EXPORT int drsyscall_write_syscall_number_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN int	sysnum
	)

Write a syscall_record_t of type DRSYS_SYSCALL_NUMBER_DEPRECATED based on sysnum.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	sysnum	The system call number.

Returns: the actual number of bytes written.

Deprecated:: drsyscall_write_syscall_number_timestamp_record() should be used instead.

◆ drsyscall_write_syscall_number_timestamp_record()

DR_EXPORT int drsyscall_write_syscall_number_timestamp_record	(	DR_PARAM_IN void *	drcontext,
		DR_PARAM_IN drsyscall_record_write_t	write_func,
		DR_PARAM_IN drsys_sysnum_t	sysnum,
		DR_PARAM_IN uint64_t	timestamp
	)

Write a syscall_record_t of type DRSYS_SYSCALL_NUMBER_TIMESTAMP based on sysnum and timestamp.

Parameters

[in]	drcontext	The opaque context.
[in]	write_func	A user provided function to write syscall record.
[in]	sysnum	The system call number.
[in]	timestamp	The timestamp of the beginning of the syscall.

Returns: the actual number of bytes written.

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ drsyscall_iter_record_cb_t

◆ drsyscall_record_read_t

◆ drsyscall_record_write_t

Function Documentation

◆ drsyscall_iterate_records()

◆ drsyscall_write_memarg_record()

◆ drsyscall_write_param_record()

◆ drsyscall_write_post_syscall_records()

◆ drsyscall_write_pre_syscall_records()

◆ drsyscall_write_syscall_end_record()

◆ drsyscall_write_syscall_end_timestamp_record()

◆ drsyscall_write_syscall_number_record()

◆ drsyscall_write_syscall_number_timestamp_record()