drakvuf icon indicating copy to clipboard operation
drakvuf copied to clipboard
verified publisher icon tklengyel

Update procmon architecture

Open delvinru opened this issue 3 years ago • 3 comments

Hi, in this MR, I decided to change the approach of registering hooks for linux and bring procmon to the way plugins are made for windows. createSyscallHook() - makes it easy to register a hook, since you will not need to copy the code every time to search for a symbol in a new plugin, which can be represented in kernel symbols such as do_execveat_common.isra.?? or <symbol_name>.isra.??. The display_name field has also been added to the createSyscallHook, as this will allow some function names to be represented in a more readable format. For example, instead of __send_signal, the user will be given send_signal, etc.

delvinru avatar Aug 11 '22 11:08 delvinru

Can one of the admins verify this patch?

drakvuf-jenkins avatar Aug 11 '22 11:08 drakvuf-jenkins

@drakvuf-jenkins Test this please

tklengyel avatar Aug 11 '22 15:08 tklengyel

@drakvuf-jenkins Retest this please

tklengyel avatar Aug 14 '22 01:08 tklengyel

@drakvuf-jenkins Retest this please

tklengyel avatar Aug 17 '22 15:08 tklengyel

@drakvuf-jenkins Test this please

tklengyel avatar Aug 18 '22 13:08 tklengyel

@drakvuf-jenkins Retest this please

tklengyel avatar Sep 16 '22 11:09 tklengyel

Thanks!

tklengyel avatar Sep 19 '22 12:09 tklengyel