qiling icon indicating copy to clipboard operation
qiling copied to clipboard
verified publisher icon qilingframework

Allow regex when hooking an API/syscall + multiple hook for same APi/syscall

Open 0ssigeno opened this issue 4 years ago • 1 comments

Hi guys! Is your feature request related to a problem? Please describe. Right now I don't think that is possible in a clear to way to specify a group of API/syscalls that you want to hook with a single function. Example: RegOpen.*

Another thing is that right now Qiling does not support, from what I'm aware of, to specify multiple hooks for the same API. Example: hook1: .* -> log.debug("I have called an api!") hook2: Reg.* -> log.debug("I have called an api that interact with the Registry!")

Describe the solution you'd like I think I can try to write an implementation for both requests, if you think that the use case that I specified is general enough.

Let me know your opinions!

0ssigeno avatar Oct 14 '21 10:10 0ssigeno

Sure! Always welcome!

xwings avatar Oct 18 '21 03:10 xwings

Close for now.

We updated the codebase for Qiling and Unicorn since this issue being posted.

Feel free to try the latest version.

xwings avatar Oct 06 '22 03:10 xwings