pub unsafe extern "C" fn dr_register_pre_syscall_event(
func: Option<unsafe extern "C" fn(drcontext: *mut c_void, sysnum: c_int) -> bool_>,
)Expand description
Registers a callback function for the pre-syscall event. DR calls \p func whenever the application is about to invoke a system call, if any client asked for that system call number to be intercepted via the filter event (dr_register_filter_syscall_event()). Any client registering a pre- or post-syscall event should also register a filter event.
The application parameters to the system call can be viewed with dr_syscall_get_param() and set with dr_syscall_set_param(). The system call number can also be changed with dr_syscall_set_sysnum().
The application’s machine state can be accessed and set with dr_get_mcontext() and dr_set_mcontext(). Changing registers in this way overlaps with system call parameter changes on some platforms. On Linux, for SYS_clone, client changes to the ebp/rbp register will be ignored by the clone child.
On MacOS, whether 32-bit or 64-bit, the system call number passed (\p sysnum) has been normalized to a positive number with the top 8 bits set to 0x1 for a Mach system call, 0x3 for Machdep, and 0x0 for BSD (allowing the direct use of SYS_ constants). Access the raw eax register to view the unmodified number.
If \p func returns true, the application’s system call is invoked normally; if \p func returns false, the system call is skipped. If it is skipped, the return value can be set with dr_syscall_set_result() or dr_syscall_set_result_ex(). If the system call is skipped, there will not be a post-syscall event. If multiple callbacks are registered, the first one that returns false will short-circuit event delivery to later callbacks.