dumpulator icon indicating copy to clipboard operation
dumpulator copied to clipboard
verified publisher icon mrexodia

Implement ctypes equivalent for syscall implementation

Open mrexodia opened this issue 4 years ago • 1 comments

Currently the type system for syscalls is very rough and you need to do a lot of manual work. A type system similar to ctypes needs to be implemented where you can set struct members, work with enums etc.

Once the type system is complete a pdb/header parser can be implemented to support all the native types.

mrexodia avatar Nov 30 '21 07:11 mrexodia

Probably it's enough to use a wrapper around ctypes:

def MEMORY_BASIC_INFORMATION(arch: Architecture):
    class MEMORY_BASIC_INFORMATION(ctypes.Structure):
        _alignment_ = arch.alignment()
        _fields_ = [
            ("BaseAddress", arch.ptr_type()),
            ("AllocationBase", arch.ptr_type()),
            ("AllocationProtect", ctypes.c_uint32),
            ("PartitionId", ctypes.c_uint16),
            ("RegionSize", arch.ptr_type()),
            ("State", ctypes.c_uint32),
            ("Protect", ctypes.c_uint32),
            ("Type", ctypes.c_uint32),
        ]
    return MEMORY_BASIC_INFORMATION()

The only thing left is to allow you to do:

            ("MbiPtr", arch.ptr_type(MEMORY_BASIC_INFORMATION)),

This might be possible by inheriting from ctypes and making it deserialize to a P(MEMORY_BASIC_INFORMATION), but this needs some more research.

mrexodia avatar Jul 15 '22 23:07 mrexodia