python icon indicating copy to clipboard operation
python copied to clipboard

Published 20 hours ago verified publisher icon libvmi

Monitoring Mem Events

Open dscdo opened this issue 6 years ago • 14 comments

Hi @Wenzel I'm looking examples about monitoring syscall and in native examples mem events constant setted as lstar or cstar to catch syscall But in your sample

vaddr = vmi.translate_ksym2v(symbol) paddr = vmi.translate_kv2p(vaddr) frame = paddr >> 12 .... mem_event = MemEvent(MemAccess.X, cb_mem_event, gfn=frame,data=user_data)

you are using symbol adress to set mem_event

What is the reason? With cstar or lstar can we catch same RIP adress?

dscdo avatar Jan 04 '19 07:01 dscdo