SpoofedSyscall

wraith::manipulation::spoof

Struct SpoofedSyscall 

Source 
pub struct SpoofedSyscall { /* private fields */ }
Expand description

spoofed syscall invoker

wraps a syscall with return address spoofing to evade call stack analysis

Implementations§

Source§

impl SpoofedSyscall

Source

pub fn new(name: &str) -> Result<Self>

create spoofed syscall from name with default config

Source

pub fn with_config(name: &str, config: SpoofConfig) -> Result<Self>

create spoofed syscall with custom configuration

Source

pub fn from_entry_with_config( entry: &SyscallEntry, config: SpoofConfig, ) -> Result<Self>

create from syscall entry with config

Source

pub fn from_entry(entry: &SyscallEntry) -> Result<Self>

create from syscall entry with default config

Source

pub fn ssn(&self) -> u16

get syscall number

Source

pub fn name(&self) -> &str

get syscall name

Source

pub fn mode(&self) -> SpoofMode

get the spoofing mode

Source

pub fn gadget_addr(&self) -> Option<usize>

get gadget address (if using gadget mode)

Source§

impl SpoofedSyscall

Source

pub unsafe fn call0(&self) -> i32

invoke spoofed syscall with 0 arguments

§Safety

caller must ensure the syscall is appropriate to call with 0 args

Source

pub unsafe fn call1(&self, arg1: usize) -> i32

invoke spoofed syscall with 1 argument

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call2(&self, arg1: usize, arg2: usize) -> i32

invoke spoofed syscall with 2 arguments

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call3(&self, arg1: usize, arg2: usize, arg3: usize) -> i32

invoke spoofed syscall with 3 arguments

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call4( &self, arg1: usize, arg2: usize, arg3: usize, arg4: usize, ) -> i32

invoke spoofed syscall with 4 arguments

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call5( &self, arg1: usize, arg2: usize, arg3: usize, arg4: usize, arg5: usize, ) -> i32

invoke spoofed syscall with 5 arguments

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call6( &self, arg1: usize, arg2: usize, arg3: usize, arg4: usize, arg5: usize, arg6: usize, ) -> i32

invoke spoofed syscall with 6 arguments

§Safety

caller must ensure args are valid for this syscall

Source

pub unsafe fn call_many(&self, args: &[usize]) -> i32

invoke with variable arguments

§Safety

caller must ensure args are valid for this syscall

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.