From 8b2a596b9a55395a6d027fdc22568d342d60f5f6 Mon Sep 17 00:00:00 2001 From: Michael Mikovsky <77305074+Astatin3@users.noreply.github.com> Date: Tue, 12 Aug 2025 17:48:34 -0600 Subject: [PATCH] Add proxy list, git submodule for intercept --- .gitmodules | 3 + Cargo.toml | 16 + LICENSE | 21 - README.md | 2 - build.rs | 7 + src/lib.rs | 130 ++ src/syscall_intercept.rs | 49 + src/syscalls.rs | 3167 ++++++++++++++++++++++++++++++++++++++ syscall_intercept | 1 + 9 files changed, 3373 insertions(+), 23 deletions(-) create mode 100644 .gitmodules create mode 100644 Cargo.toml delete mode 100644 LICENSE delete mode 100644 README.md create mode 100644 build.rs create mode 100644 src/lib.rs create mode 100644 src/syscall_intercept.rs create mode 100644 src/syscalls.rs create mode 160000 syscall_intercept diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..99d027e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "syscall_intercept"] + path = syscall_intercept + url = https://github.com/pmem/syscall_intercept diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..5fc5358 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "sysintercept" +version = "0.1.0" +edition = "2024" + +[dependencies] +bincode = "2.0.1" +ctor = "0.5.0" +libc = "0.2.175" + +[build-dependencies] +cmake = "0.1" + +[lib] +name = "intercept" +crate-type = ["rlib", "cdylib"] diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 30808e0..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2025 Michael Mikovsky - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md deleted file mode 100644 index 5145fcd..0000000 --- a/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# syscall-stream-rs - AV evasion using system calls streamed over the network! diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..00d93ad --- /dev/null +++ b/build.rs @@ -0,0 +1,7 @@ +fn main() { + let dst = cmake::build("syscall_intercept"); + + println!("cargo:rustc-link-search=native={}/lib", dst.display()); + println!("cargo:rustc-link-lib=static=syscall_intercept"); + println!("cargo:rustc-link-lib=capstone"); +} diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..fdd87c0 --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,130 @@ +#[allow(dead_code)] +mod syscall_intercept; +mod syscalls; + +use libc::exit; +use std::{ + cell::Cell, + io::{BufWriter, Write}, + net::TcpStream, + sync::Mutex, +}; +use syscall_intercept::*; + +static mut STREAM: Option> = None; +static mut WRITER: Option>> = None; + +#[ctor::ctor] +fn start() { + unsafe { + STREAM = Some({ + match TcpStream::connect("127.0.0.1:1234") { + Ok(stream) => Mutex::new(stream), + Err(e) => { + eprintln!("Failed to connect to server: {}", e); + exit(1); + } + } + }); + + WRITER = Some(Mutex::new(BufWriter::new( + #[allow(static_mut_refs)] + STREAM + .as_ref() + .unwrap() + .lock() + .unwrap() + .try_clone() + .unwrap(), + ))); + } + + unsafe { set_hook_fn(hook) }; +} + +// fn print_direct(str: &str) + +thread_local! { + /// A flag indicating whether the current thread is in an intercept context. + static INTERCEPTED: Cell = Cell::new(false); +} + +// lazy_static! { + +// } + +struct InterceptGuard; + +impl InterceptGuard { + fn try_lock() -> Option { + INTERCEPTED.with(|x| { + if x.get() { + None + } else { + x.set(true); + Some(InterceptGuard) + } + }) + } +} + +impl Drop for InterceptGuard { + fn drop(&mut self) { + INTERCEPTED.with(|x| x.set(false)); + } +} + +extern "C" fn hook( + syscall_num: isize, + arg0: isize, + arg1: isize, + arg2: isize, + arg3: isize, + arg4: isize, + arg5: isize, + _result: &mut isize, +) -> InterceptResult { + // detect and avoid recursive interception + let _guard = match InterceptGuard::try_lock() { + Some(g) => g, + None => return InterceptResult::Forward, + }; + + if !syscalls::syscall_should_proxy(syscall_num) { + return InterceptResult::Forward; + } + + unsafe { + unset_hook_fn(); + } + + // Return if is print + // if syscall_num == libc::SYS_write as _ && arg0 == 1 { + // return InterceptResult::Forward; + // } + + // let args = [arg0, arg1, arg2, arg3, arg4, arg5]; + // let desc = if let Some(desc) = syscalls::get_syscall_desc(syscall_num, args) { + // "test" + // } else { + // "test" + // }; + + unsafe { + #[allow(static_mut_refs)] + if let Some(client) = WRITER.as_ref() { + client + .lock() + .unwrap() + .write_all(&format!("Data: {:?}\n", syscall_num).as_bytes()) + .unwrap(); + client.lock().unwrap().flush().unwrap(); + } + } + + unsafe { + set_hook_fn(hook); + } + + InterceptResult::Forward +} diff --git a/src/syscall_intercept.rs b/src/syscall_intercept.rs new file mode 100644 index 0000000..8cbe0b9 --- /dev/null +++ b/src/syscall_intercept.rs @@ -0,0 +1,49 @@ +#[link(name = "syscall_intercept")] +unsafe extern "C" { + static mut intercept_hook_point: Option; + + pub fn syscall_no_intercept(num: isize, ...) -> isize; +} + +/// Set syscall intercept hook function. +/// +/// # Safety +/// +/// This function will change all syscall behavior! +pub unsafe fn set_hook_fn(f: HookFn) { + unsafe { + intercept_hook_point = Some(f); + } +} + +/// Clear syscall intercept hook function. +/// +/// # Safety +/// +/// This function will change all syscall behavior! +pub unsafe fn unset_hook_fn() { + unsafe { + intercept_hook_point = None; + } +} + +/// The type of hook function. +pub type HookFn = extern "C" fn( + num: isize, + a0: isize, + a1: isize, + a2: isize, + a3: isize, + a4: isize, + a5: isize, + result: &mut isize, +) -> InterceptResult; + +/// The return value of hook function. +#[repr(i32)] +pub enum InterceptResult { + /// The user takes over the system call. The return value should be set via `result`. + Hook = 0, + /// The specific system call was ignored by the user and the original syscall should be executed. + Forward = 1, +} diff --git a/src/syscalls.rs b/src/syscalls.rs new file mode 100644 index 0000000..c81326a --- /dev/null +++ b/src/syscalls.rs @@ -0,0 +1,3167 @@ +pub fn syscall_should_proxy(n: isize) -> bool { + match n { + 0 => true, // Read + 1 => true, // Write + 2 => false, // Open + 3 => false, // Close + 4 => false, // Stat + 5 => false, // Fstat + 6 => false, // Lstat + 7 => false, // Poll + 8 => false, // Lseek + 9 => false, // Mmap + 10 => false, // Mprotect + 11 => false, // Munmap + 12 => false, // Brk + 13 => false, // RtSigaction + 14 => false, // RtSigprocmask + 15 => false, // RtSigreturn + 16 => false, // Ioctl + 17 => false, // Pread64 + 18 => false, // Pwrite64 + 19 => false, // Readv + 20 => false, // Writev + 21 => false, // Access + 22 => false, // Pipe + 23 => false, // Select + 24 => false, // SchedYield + 25 => false, // Mremap + 26 => false, // Msync + 27 => false, // Mincore + 28 => false, // Madvise + 29 => false, // Shmget + 30 => false, // Shmat + 31 => false, // Shmctl + 32 => false, // Dup + 33 => false, // Dup2 + 34 => false, // Pause + 35 => false, // Nanosleep + 36 => false, // Getitimer + 37 => false, // Alarm + 38 => false, // Setitimer + 39 => false, // Getpid + 40 => false, // Sendfile + 41 => false, // Socket + 42 => false, // Connect + 43 => false, // Accept + 44 => false, // Sendto + 45 => false, // Recvfrom + 46 => false, // Sendmsg + 47 => false, // Recvmsg + 48 => false, // Shutdown + 49 => false, // Bind + 50 => false, // Listen + 51 => false, // Getsockname + 52 => false, // Getpeername + 53 => false, // Socketpair + 54 => false, // Setsockopt + 55 => false, // Getsockopt + 56 => false, // Clone + 57 => false, // Fork + 58 => false, // Vfork + 59 => false, // Execve + 60 => false, // Exit + 61 => false, // Wait4 + 62 => false, // Kill + 63 => false, // Uname + 64 => false, // Semget + 65 => false, // Semop + 66 => false, // Semctl + 67 => false, // Shmdt + 68 => false, // Msgget + 69 => false, // Msgsnd + 70 => false, // Msgrcv + 71 => false, // Msgctl + 72 => false, // Fcntl + 73 => false, // Flock + 74 => false, // Fsync + 75 => false, // Fdatasync + 76 => false, // Truncate + 77 => false, // Ftruncate + 78 => false, // Getdents + 79 => false, // Getcwd + 80 => false, // Chdir + 81 => false, // Fchdir + 82 => false, // Rename + 83 => false, // Mkdir + 84 => false, // Rmdir + 85 => false, // Creat + 86 => false, // Link + 87 => false, // Unlink + 88 => false, // Symlink + 89 => false, // Readlink + 90 => false, // Chmod + 91 => false, // Fchmod + 92 => false, // Chown + 93 => false, // Fchown + 94 => false, // Lchown + 95 => false, // Umask + 96 => false, // Gettimeofday + 97 => false, // Getrlimit + 98 => false, // Getrusage + 99 => false, // Sysinfo + 100 => false, // Times + 101 => false, // Ptrace + 102 => false, // Getuid + 103 => false, // Syslog + 104 => false, // Getgid + 105 => false, // Setuid + 106 => false, // Setgid + 107 => false, // Geteuid + 108 => false, // Getegid + 109 => false, // Setpgid + 110 => false, // Getpgrp + 111 => false, // Setsid + 112 => false, // Setreuid + 113 => false, // Setregid + 114 => false, // Getgroups + 115 => false, // Setgroups + 116 => false, // Setresuid + 117 => false, // Getresuid + 118 => false, // Setresgid + 119 => false, // Getresgid + 120 => false, // Getpgid + 121 => false, // Setfsuid + 122 => false, // Setfsgid + 123 => false, // Getsid + 124 => false, // Capget + 125 => false, // Capset + 126 => false, // RtSigpending + 127 => false, // RtSigtimedwait + 128 => false, // RtSigqueueinfo + 129 => false, // RtSigsuspend + 130 => false, // Sigaltstack + 131 => false, // Utime + 132 => false, // Mknod + 133 => false, // Uselib + 134 => false, // Personality + 135 => false, // Ustat + 136 => false, // Statfs + 137 => false, // Fstatfs + 138 => false, // Sysfs + 139 => false, // Getpriority + 140 => false, // Setpriority + 141 => false, // SchedSetparam + 142 => false, // SchedGetparam + 143 => false, // SchedSetscheduler + 144 => false, // SchedGetscheduler + 145 => false, // SchedGetPriorityMax + 146 => false, // SchedGetPriorityMin + 147 => false, // SchedRrGetInterval + 148 => false, // Mlock + 149 => false, // Munlock + 150 => false, // Mlockall + 151 => false, // Munlockall + 152 => false, // Vhangup + 153 => false, // ModifyLdt + 154 => false, // PivotRoot + 155 => false, // Sysctl + 156 => false, // Prctl + 157 => false, // ArchPrctl + 158 => false, // Adjtimex + 159 => false, // Setrlimit + 160 => false, // Chroot + 161 => false, // Sync + 162 => false, // Acct + 163 => false, // Settimeofday + 164 => false, // Mount + 165 => false, // Umount2 + 166 => false, // Swapon + 167 => false, // Swapoff + 168 => false, // Reboot + 169 => false, // Sethostname + 170 => false, // Setdomainname + 171 => false, // Iopl + 172 => false, // Ioperm + 173 => false, // Gettid + 174 => false, // Readahead + 175 => false, // Setxattr + 176 => false, // Lsetxattr + 177 => false, // Fsetxattr + 178 => false, // Getxattr + 179 => false, // Lgetxattr + 180 => false, // Fgetxattr + 181 => false, // Listxattr + 182 => false, // Llistxattr + 183 => false, // Flistxattr + 184 => false, // Removexattr + 185 => false, // Lremovexattr + 186 => false, // Fremovexattr + 187 => false, // Tkill + 188 => false, // Time + 189 => false, // Futex + 190 => false, // SchedSetaffinity + 191 => false, // SchedGetaffinity + 192 => false, // SetThreadArea + 193 => false, // IoSetup + 194 => false, // IoDestroy + 195 => false, // IoGetevents + 196 => false, // IoSubmit + 197 => false, // IoCancel + 198 => false, // GetThreadArea + 199 => false, // LookupDcookie + 200 => false, // EpollCreate + 201 => false, // Getdents64 + 202 => false, // SetTidAddress + 203 => false, // Semtimedop + 204 => false, // Fadvise64 + 205 => false, // TimerCreate + 206 => false, // TimerSettime + 207 => false, // TimerGettime + 208 => false, // TimerGetoverrun + 209 => false, // TimerDelete + 210 => false, // ClockSettime + 211 => false, // ClockGettime + 212 => false, // ClockGetres + 213 => false, // ClockNanosleep + 214 => false, // ExitGroup + 215 => false, // EpollWait + 216 => false, // EpollCtl + 217 => false, // Tgkill + 218 => false, // Utimes + 219 => false, // Mbind + 220 => false, // SetMempolicy + 221 => false, // GetMempolicy + 222 => false, // MqOpen + 223 => false, // MqUnlink + 224 => false, // MqTimedsend + 225 => false, // MqTimedreceive + 226 => false, // MqNotify + 227 => false, // MqGetsetattr + 228 => false, // KexecLoad + 229 => false, // Waitid + 230 => false, // AddKey + 231 => false, // RequestKey + 232 => false, // Keyctl + 233 => false, // IoprioSet + 234 => false, // IoprioGet + 235 => false, // InotifyInit + 236 => false, // InotifyAddWatch + 237 => false, // InotifyRmWatch + 238 => false, // MigratePages + 239 => false, // Openat + 240 => false, // Mkdirat + 241 => false, // Mknodat + 242 => false, // Fchownat + 243 => false, // Futimesat + 244 => false, // Newfstatat + 245 => false, // Unlinkat + 246 => false, // Renameat + 247 => false, // Linkat + 248 => false, // Symlinkat + 249 => false, // Readlinkat + 250 => false, // Fchmodat + 251 => false, // Faccessat + 252 => false, // Pselect6 + 253 => false, // Ppoll + 254 => false, // Unshare + 255 => false, // SetRobustList + 256 => false, // GetRobustList + 257 => false, // Splice + 258 => false, // Tee + 259 => false, // SyncFileRange + 260 => false, // Vmsplice + 261 => false, // MovePages + 262 => false, // Utimensat + 263 => false, // EpollPwait + 264 => false, // Signalfd + 265 => false, // TimerfdCreate + 266 => false, // Eventfd + 267 => false, // Fallocate + 268 => false, // TimerfdSettime + 269 => false, // TimerfdGettime + 270 => false, // Accept4 + 271 => false, // Signalfd4 + 272 => false, // Eventfd2 + 273 => false, // EpollCreate1 + 274 => false, // Dup3 + 275 => false, // Pipe2 + 276 => false, // InotifyInit1 + 277 => false, // Preadv + 278 => false, // Pwritev + 279 => false, // RtTgsigqueueinfo + 280 => false, // PerfEventOpen + 281 => false, // Recvmmsg + 282 => false, // FanotifyInit + 283 => false, // FanotifyMark + 284 => false, // Prlimit64 + 285 => false, // NameToHandleAt + 286 => false, // OpenByHandleAt + 287 => false, // ClockAdjtime + 288 => false, // Syncfs + 289 => false, // Sendmmsg + 290 => false, // Setns + 291 => false, // Getcpu + 292 => false, // ProcessVmReadv + 293 => false, // ProcessVmWritev + 294 => false, // Kcmp + 295 => false, // FinitModule + 296 => false, // SchedSetattr(Option), + 297 => false, // SchedGetattr(Option), + 298 => false, // Renameat2(Option), + 299 => false, // Seccomp(Option), + 300 => false, // Getrandom(Option), + 301 => false, // MemfdCreate(Option), + 302 => false, // KexecFileLoad(Option), + 303 => false, // Bpf(Option), + 304 => false, // Execveat(Option), + 305 => false, // Userfaultfd(Option), + 306 => false, // Membarrier(Option), + 307 => false, // Mlock2(Option), + 308 => false, // CopyFileRange(Option), + 309 => false, // Preadv2(Option), + 310 => false, // Pwritev2(Option), + 311 => false, // PkeyMprotect(Option), + 312 => false, // PkeyAlloc(Option), + 313 => false, // PkeyFree(Option), + _ => false, + } +} + +#[derive(Debug, Clone, PartialEq)] +pub enum SyscallDesc { + Read { + fd: isize, + buf: isize, + count: isize, + }, + Write { + fd: isize, + buf: isize, + count: isize, + }, + Open { + pathname: isize, + flags: isize, + mode: isize, + }, + Close { + fd: isize, + }, + Stat { + pathname: isize, + statbuf: isize, + }, + Fstat { + fd: isize, + statbuf: isize, + }, + Lstat { + pathname: isize, + statbuf: isize, + }, + Poll { + fds: isize, + nfds: isize, + timeout: isize, + }, + Lseek { + fd: isize, + offset: isize, + whence: isize, + }, + Mmap { + addr: isize, + length: isize, + prot: isize, + flags: isize, + fd: isize, + offset: isize, + }, + Mprotect { + addr: isize, + len: isize, + prot: isize, + }, + Munmap { + addr: isize, + length: isize, + prot: isize, + flags: isize, + fd: isize, + offset: isize, + }, + Brk { + addr: isize, + }, + RtSigaction { + sig: isize, + act: isize, + oldact: isize, + }, + RtSigprocmask { + how: isize, + set: isize, + oldset: isize, + sigsetsize: isize, + }, + RtSigreturn, + Ioctl { + fd: isize, + cmd: isize, + arg: isize, + }, + Pread64 { + fd: isize, + buf: isize, + count: isize, + offset: isize, + }, + Pwrite64 { + fd: isize, + buf: isize, + count: isize, + offset: isize, + }, + Readv { + fd: isize, + iov: isize, + iovcnt: isize, + }, + Writev { + fd: isize, + iov: isize, + iovcnt: isize, + }, + Access { + pathname: isize, + mode: isize, + }, + Pipe { + pipefd: isize, + }, + Select { + nfds: isize, + readfds: isize, + writefds: isize, + exceptfds: isize, + timeout: isize, + }, + SchedYield, + Mremap { + old_addr: isize, + old_size: isize, + new_size: isize, + flags: isize, + new_addr: isize, + }, + Msync { + addr: isize, + length: isize, + flags: isize, + }, + Mincore { + addr: isize, + length: isize, + vec: isize, + }, + Madvise { + addr: isize, + length: isize, + advice: isize, + }, + Shmget { + key: isize, + size: isize, + shmflg: isize, + }, + Shmat { + shmid: isize, + shmaddr: isize, + shmflg: isize, + }, + Shmctl { + shmid: isize, + cmd: isize, + buf: isize, + }, + Dup { + oldfd: isize, + }, + Dup2 { + oldfd: isize, + newfd: isize, + }, + Pause, + Nanosleep { + req: isize, + rem: isize, + }, + Getitimer { + which: isize, + curr_value: isize, + }, + Alarm { + seconds: isize, + }, + Setitimer { + which: isize, + new_value: isize, + old_value: isize, + }, + Getpid, + Sendfile { + out_fd: isize, + in_fd: isize, + offset: isize, + count: isize, + }, + Socket { + domain: isize, + socket_type: isize, + protocol: isize, + }, + Connect { + sockfd: isize, + addr: isize, + addrlen: isize, + }, + Accept { + sockfd: isize, + addr: isize, + addrlen: isize, + }, + Sendto { + sockfd: isize, + buf: isize, + len: isize, + flags: isize, + }, + Recvfrom { + sockfd: isize, + buf: isize, + len: isize, + flags: isize, + src_addr: isize, + addrlen: isize, + }, + Sendmsg { + sockfd: isize, + msg: isize, + flags: isize, + }, + Recvmsg { + sockfd: isize, + msg: isize, + flags: isize, + }, + Shutdown { + sockfd: isize, + how: isize, + }, + Bind { + sockfd: isize, + addr: isize, + addrlen: isize, + }, + Listen { + sockfd: isize, + backlog: isize, + }, + Getsockname { + sockfd: isize, + addr: isize, + addrlen: isize, + }, + Getpeername { + sockfd: isize, + addr: isize, + addrlen: isize, + }, + Socketpair { + domain: isize, + socket_type: isize, + protocol: isize, + sv: isize, + }, + Setsockopt { + sockfd: isize, + level: isize, + optname: isize, + optval: isize, + optlen: isize, + }, + Getsockopt { + sockfd: isize, + level: isize, + optname: isize, + optval: isize, + optlen: isize, + }, + Clone { + flags: isize, + stack: isize, + parent_tid: isize, + child_tid: isize, + tls: isize, + regs: isize, + }, + Fork, + Vfork, + Execve { + pathname: isize, + argv: isize, + envp: isize, + }, + Exit { + status: isize, + }, + Wait4 { + pid: isize, + wstatus: isize, + options: isize, + rusage: isize, + }, + Kill { + pid: isize, + sig: isize, + }, + Uname { + buf: isize, + }, + Semget { + key: isize, + nsems: isize, + semflg: isize, + }, + Semop { + semid: isize, + sops: isize, + nsops: isize, + }, + Semctl { + semid: isize, + semnum: isize, + cmd: isize, + arg1: isize, + arg2: isize, + arg3: isize, + }, + Shmdt { + shmaddr: isize, + }, + Msgget { + key: isize, + msgflg: isize, + }, + Msgsnd { + msqid: isize, + msgp: isize, + msgsz: isize, + msgflg: isize, + }, + Msgrcv { + msqid: isize, + msgp: isize, + msgsz: isize, + msgtyp: isize, + msgflg: isize, + }, + Msgctl { + msqid: isize, + cmd: isize, + buf: isize, + }, + Fcntl { + fd: isize, + cmd: isize, + arg: isize, + }, + Flock { + fd: isize, + operation: isize, + }, + Fsync { + fd: isize, + }, + Fdatasync { + fd: isize, + }, + Truncate { + path: isize, + length: isize, + }, + Ftruncate { + fd: isize, + length: isize, + }, + Getdents { + fd: isize, + dirp: isize, + count: isize, + }, + Getcwd { + buf: isize, + size: isize, + }, + Chdir { + path: isize, + }, + Fchdir { + fd: isize, + }, + Rename { + oldpath: isize, + newpath: isize, + }, + Mkdir { + pathname: isize, + mode: isize, + }, + Rmdir { + pathname: isize, + }, + Creat { + pathname: isize, + mode: isize, + }, + Link { + oldpath: isize, + newpath: isize, + }, + Unlink { + pathname: isize, + }, + Symlink { + target: isize, + linkpath: isize, + }, + Readlink { + pathname: isize, + buf: isize, + bufsiz: isize, + }, + Chmod { + pathname: isize, + mode: isize, + }, + Fchmod { + fd: isize, + mode: isize, + }, + Chown { + pathname: isize, + owner: isize, + group: isize, + }, + Fchown { + fd: isize, + owner: isize, + group: isize, + }, + Lchown { + pathname: isize, + owner: isize, + group: isize, + }, + Umask { + mask: isize, + }, + Gettimeofday { + tv: isize, + tz: isize, + }, + Getrlimit { + resource: isize, + rlim: isize, + }, + Getrusage { + who: isize, + usage: isize, + }, + Sysinfo { + info: isize, + arg2: isize, + }, + Times { + buf: isize, + }, + Ptrace { + request: isize, + pid: isize, + addr: isize, + data: isize, + }, + Getuid, + Syslog { + log_type: isize, + bufp: isize, + len: isize, + }, + Getgid, + Setuid { + uid: isize, + }, + Setgid { + gid: isize, + }, + Geteuid, + Getegid, + Setpgid, + Getpgrp, + Setsid, + Setreuid { + ruid: isize, + euid: isize, + }, + Setregid { + rgid: isize, + egid: isize, + }, + Getgroups { + size: isize, + list: isize, + }, + Setgroups { + size: isize, + list: isize, + }, + Setresuid { + ruid: isize, + euid: isize, + suid: isize, + }, + Getresuid { + ruid: isize, + euid: isize, + suid: isize, + }, + Setresgid { + rgid: isize, + egid: isize, + sgid: isize, + }, + Getresgid { + rgid: isize, + egid: isize, + sgid: isize, + }, + Getpgid { + pid: isize, + }, + Setfsuid { + fsuid: isize, + }, + Setfsgid { + fsgid: isize, + }, + Getsid { + pid: isize, + }, + Capget { + hdrp: isize, + datap: isize, + }, + Capset { + hdrp: isize, + datap: isize, + }, + RtSigpending { + set: isize, + }, + RtSigtimedwait { + set: isize, + info: isize, + timeout: isize, + sigsetsize: isize, + }, + RtSigqueueinfo { + pid: isize, + sig: isize, + info: isize, + }, + RtSigsuspend { + mask: isize, + sigsetsize: isize, + }, + Sigaltstack { + ss: isize, + old_ss: isize, + }, + Utime { + filename: isize, + times: isize, + }, + Mknod { + pathname: isize, + mode: isize, + dev: isize, + }, + Uselib { + library: isize, + }, + Personality { + persona: isize, + }, + Ustat { + dev: isize, + ubuf: isize, + }, + Statfs { + path: isize, + buf: isize, + }, + Fstatfs { + fd: isize, + buf: isize, + }, + Sysfs { + option: isize, + arg2: isize, + arg3: isize, + }, + Getpriority { + which: isize, + who: isize, + }, + Setpriority { + which: isize, + who: isize, + prio: isize, + }, + SchedSetparam { + pid: isize, + param: isize, + }, + SchedGetparam { + pid: isize, + param: isize, + }, + SchedSetscheduler { + pid: isize, + policy: isize, + param: isize, + }, + SchedGetscheduler { + pid: isize, + }, + SchedGetPriorityMax { + policy: isize, + }, + SchedGetPriorityMin { + policy: isize, + }, + SchedRrGetInterval { + pid: isize, + interval: isize, + }, + Mlock { + addr: isize, + len: isize, + }, + Munlock { + addr: isize, + len: isize, + }, + Mlockall { + flags: isize, + }, + Munlockall, + Vhangup, + ModifyLdt { + func: isize, + ptr: isize, + bytecount: isize, + }, + PivotRoot { + new_root: isize, + old_root: isize, + }, + Sysctl { + args: isize, + }, + Prctl { + option: isize, + arg2: isize, + arg3: isize, + arg4: isize, + arg5: isize, + }, + ArchPrctl { + code: isize, + addr: isize, + arg3: isize, + }, + Adjtimex { + buf: isize, + }, + Setrlimit { + resource: isize, + rlim: isize, + }, + Chroot { + path: isize, + }, + Sync, + Acct { + filename: isize, + }, + Settimeofday { + tv: isize, + tz: isize, + }, + Mount { + source: isize, + target: isize, + filesystemtype: isize, + mountflags: isize, + data: isize, + }, + Umount2 { + target: isize, + flags: isize, + }, + Swapon { + path: isize, + swapflags: isize, + }, + Swapoff { + path: isize, + }, + Reboot { + magic: isize, + magic2: isize, + cmd: isize, + arg: isize, + }, + Sethostname { + name: isize, + len: isize, + }, + Setdomainname { + name: isize, + len: isize, + }, + Iopl { + level: isize, + }, + Ioperm { + from: isize, + num: isize, + turn_on: isize, + }, + Gettid, + Readahead { + fd: isize, + offset: isize, + count: isize, + }, + Setxattr { + path: isize, + name: isize, + value: isize, + size: isize, + flags: isize, + }, + Lsetxattr { + path: isize, + name: isize, + value: isize, + size: isize, + flags: isize, + }, + Fsetxattr { + fd: isize, + name: isize, + value: isize, + size: isize, + flags: isize, + }, + Getxattr { + path: isize, + name: isize, + value: isize, + size: isize, + }, + Lgetxattr { + path: isize, + name: isize, + value: isize, + size: isize, + }, + Fgetxattr { + fd: isize, + name: isize, + value: isize, + size: isize, + }, + Listxattr { + path: isize, + list: isize, + size: isize, + }, + Llistxattr { + path: isize, + list: isize, + size: isize, + }, + Flistxattr { + path: isize, + list: isize, + size: isize, + }, + Removexattr { + path: isize, + name: isize, + }, + Lremovexattr { + path: isize, + name: isize, + }, + Fremovexattr { + fd: isize, + name: isize, + }, + Tkill { + tid: isize, + sig: isize, + }, + Time { + tloc: isize, + }, + Futex { + uaddr: isize, + futex_op: isize, + val: isize, + timeout: isize, + uaddr2: isize, + val3: isize, + }, + SchedSetaffinity { + pid: isize, + cpusetsize: isize, + mask: isize, + }, + SchedGetaffinity { + pid: isize, + cpusetsize: isize, + mask: isize, + }, + SetThreadArea { + u_info: isize, + }, + IoSetup { + nr_events: isize, + ctx_idp: isize, + }, + IoDestroy { + ctx_id: isize, + }, + IoGetevents { + ctx_id: isize, + min_nr: isize, + nr: isize, + events: isize, + timeout: isize, + }, + IoSubmit { + ctx_id: isize, + nr: isize, + iocbpp: isize, + }, + IoCancel { + ctx_id: isize, + iocb: isize, + result: isize, + }, + GetThreadArea { + u_info: isize, + }, + LookupDcookie { + cookie: isize, + buffer: isize, + len: isize, + }, + EpollCreate { + size: isize, + }, + Getdents64 { + fd: isize, + dirp: isize, + count: isize, + }, + SetTidAddress { + tidptr: isize, + }, + Semtimedop { + semid: isize, + sops: isize, + nsops: isize, + timeout: isize, + }, + Fadvise64 { + fd: isize, + offset: isize, + len: isize, + advice: isize, + }, + TimerCreate { + clockid: isize, + sevp: isize, + timerid: isize, + }, + TimerSettime { + timerid: isize, + flags: isize, + new_value: isize, + old_value: isize, + }, + TimerGettime { + timerid: isize, + curr_value: isize, + }, + TimerGetoverrun { + timerid: isize, + }, + TimerDelete { + timerid: isize, + }, + ClockSettime { + clockid: isize, + tp: isize, + }, + ClockGettime { + clockid: isize, + tp: isize, + }, + ClockGetres { + clockid: isize, + res: isize, + }, + ClockNanosleep { + clockid: isize, + flags: isize, + request: isize, + remain: isize, + }, + ExitGroup { + status: isize, + }, + EpollWait { + epfd: isize, + events: isize, + maxevents: isize, + timeout: isize, + }, + EpollCtl { + epfd: isize, + op: isize, + fd: isize, + event: isize, + }, + Tgkill { + tgid: isize, + tid: isize, + sig: isize, + }, + Utimes { + filename: isize, + times: isize, + }, + Mbind { + addr: isize, + len: isize, + mode: isize, + nodemask: isize, + maxnode: isize, + }, + SetMempolicy { + mode: isize, + nodemask: isize, + maxnode: isize, + }, + GetMempolicy { + mode: isize, + nodemask: isize, + maxnode: isize, + addr: isize, + flags: isize, + }, + MqOpen { + name: isize, + oflag: isize, + mode: isize, + attr: isize, + arg5: isize, + }, + MqUnlink { + name: isize, + }, + MqTimedsend { + mqdes: isize, + msg_ptr: isize, + msg_len: isize, + msg_prio: isize, + abs_timeout: isize, + }, + MqTimedreceive { + mqdes: isize, + msg_ptr: isize, + msg_len: isize, + msg_prio: isize, + abs_timeout: isize, + }, + MqNotify { + mqdes: isize, + sevp: isize, + }, + MqGetsetattr { + mqdes: isize, + newattr: isize, + oldattr: isize, + }, + KexecLoad { + entry: isize, + nr_segments: isize, + segments: isize, + flags: isize, + }, + Waitid { + idtype: isize, + id: isize, + infop: isize, + options: isize, + }, + AddKey { + key_type: isize, + description: isize, + payload: isize, + plen: isize, + keyring: isize, + }, + RequestKey { + key_type: isize, + description: isize, + callout_info: isize, + dest_keyring: isize, + }, + Keyctl { + operation: isize, + arg2: isize, + arg3: isize, + arg4: isize, + arg5: isize, + }, + IoprioSet { + which: isize, + who: isize, + ioprio: isize, + }, + IoprioGet { + which: isize, + who: isize, + }, + InotifyInit, + InotifyAddWatch { + fd: isize, + pathname: isize, + mask: isize, + }, + InotifyRmWatch { + fd: isize, + wd: isize, + }, + MigratePages { + pid: isize, + maxnode: isize, + old_nodes: isize, + new_nodes: isize, + }, + Openat { + dirfd: isize, + pathname: isize, + flags: isize, + mode: isize, + }, + Mkdirat { + dirfd: isize, + pathname: isize, + mode: isize, + }, + Mknodat { + dirfd: isize, + pathname: isize, + mode: isize, + dev: isize, + }, + Fchownat { + dirfd: isize, + pathname: isize, + owner: isize, + group: isize, + flags: isize, + }, + Futimesat { + dirfd: isize, + pathname: isize, + times: isize, + }, + Newfstatat { + dirfd: isize, + pathname: isize, + statbuf: isize, + flags: isize, + }, + Unlinkat { + dirfd: isize, + pathname: isize, + flags: isize, + }, + Renameat { + olddirfd: isize, + oldpath: isize, + newdirfd: isize, + newpath: isize, + }, + Linkat { + olddirfd: isize, + oldpath: isize, + newdirfd: isize, + newpath: isize, + flags: isize, + }, + Symlinkat { + olddirfd: isize, + oldpath: isize, + newpath: isize, + }, + Readlinkat { + dirfd: isize, + pathname: isize, + buf: isize, + bufsiz: isize, + }, + Fchmodat { + dirfd: isize, + pathname: isize, + mode: isize, + }, + Faccessat { + dirfd: isize, + pathname: isize, + mode: isize, + }, + Pselect6 { + nfds: isize, + readfds: isize, + writefds: isize, + exceptfds: isize, + timeout: isize, + sigmask: isize, + }, + Ppoll { + fds: isize, + nfds: isize, + tmo_p: isize, + sigmask: isize, + sigsetsize: isize, + }, + Unshare { + flags: isize, + }, + SetRobustList { + head: isize, + len: isize, + }, + GetRobustList { + pid: isize, + head_ptr: isize, + len_ptr: isize, + }, + Splice { + fd_in: isize, + off_in: isize, + fd_out: isize, + off_out: isize, + len: isize, + flags: isize, + }, + Tee { + fd_in: isize, + fd_out: isize, + len: isize, + flags: isize, + }, + SyncFileRange { + fd: isize, + offset: isize, + nbytes: isize, + flags: isize, + }, + Vmsplice { + fd: isize, + iov: isize, + nr_segs: isize, + flags: isize, + }, + MovePages { + pid: isize, + count: isize, + pages: isize, + nodes: isize, + status: isize, + flags: isize, + }, + Utimensat { + dirfd: isize, + pathname: isize, + times: isize, + flags: isize, + }, + EpollPwait { + epfd: isize, + events: isize, + maxevents: isize, + timeout: isize, + sigmask: isize, + sigsetsize: isize, + }, + Signalfd { + ufd: isize, + mask: isize, + sizemask: isize, + }, + TimerfdCreate { + clockid: isize, + flags: isize, + }, + Eventfd { + initval: isize, + }, + Fallocate { + fd: isize, + mode: isize, + offset: isize, + len: isize, + }, + TimerfdSettime { + fd: isize, + flags: isize, + new_value: isize, + old_value: isize, + }, + TimerfdGettime { + fd: isize, + curr_value: isize, + }, + Accept4 { + sockfd: isize, + addr: isize, + addrlen: isize, + flags: isize, + arg5: isize, + }, + Signalfd4 { + ufd: isize, + mask: isize, + sizemask: isize, + flags: isize, + arg5: isize, + }, + Eventfd2 { + initval: isize, + flags: isize, + }, + EpollCreate1 { + flags: isize, + }, + Dup3 { + oldfd: isize, + newfd: isize, + flags: isize, + }, + Pipe2 { + pipefd: isize, + flags: isize, + }, + InotifyInit1 { + flags: isize, + }, + Preadv { + fd: isize, + iov: isize, + iovcnt: isize, + offset: isize, + }, + Pwritev { + fd: isize, + iov: isize, + iovcnt: isize, + offset: isize, + }, + RtTgsigqueueinfo { + tgid: isize, + tid: isize, + sig: isize, + info: isize, + }, + PerfEventOpen { + attr: isize, + pid: isize, + cpu: isize, + group_fd: isize, + flags: isize, + }, + Recvmmsg { + sockfd: isize, + msgvec: isize, + vlen: isize, + flags: isize, + timeout: isize, + }, + FanotifyInit { + flags: isize, + event_f_flags: isize, + }, + FanotifyMark { + fanotify_fd: isize, + flags: isize, + mask: isize, + dirfd: isize, + pathname: isize, + }, + Prlimit64 { + pid: isize, + resource: isize, + new_limit: isize, + old_limit: isize, + }, + NameToHandleAt { + dirfd: isize, + pathname: isize, + handle: isize, + mount_id: isize, + flags: isize, + }, + OpenByHandleAt { + mountdirfd: isize, + handle: isize, + flags: isize, + }, + ClockAdjtime { + clk_id: isize, + buf: isize, + }, + Syncfs { + fd: isize, + }, + Sendmmsg { + sockfd: isize, + msgvec: isize, + vlen: isize, + flags: isize, + }, + Setns { + fd: isize, + nstype: isize, + }, + Getcpu { + cpu: isize, + node: isize, + tcache: isize, + }, + ProcessVmReadv { + pid: isize, + lvec: isize, + liovcnt: isize, + rvec: isize, + riovcnt: isize, + flags: isize, + }, + ProcessVmWritev { + pid: isize, + lvec: isize, + liovcnt: isize, + rvec: isize, + riovcnt: isize, + flags: isize, + }, + Kcmp { + pid1: isize, + pid2: isize, + type_: isize, + idx1: isize, + idx2: isize, + }, + FinitModule { + fd: isize, + param_values: isize, + flags: isize, + }, + SchedSetattr { + pid: isize, + attr: isize, + flags: isize, + }, + SchedGetattr { + pid: isize, + attr: isize, + size: isize, + flags: isize, + }, + Renameat2 { + olddirfd: isize, + oldpath: isize, + newdirfd: isize, + newpath: isize, + flags: isize, + }, + Seccomp { + operation: isize, + flags: isize, + args: isize, + }, + Getrandom { + buf: isize, + buflen: isize, + flags: isize, + }, + MemfdCreate { + name: isize, + flags: isize, + }, + KexecFileLoad { + kernel_fd: isize, + initrd_fd: isize, + cmdline_len: isize, + cmdline: isize, + flags: isize, + }, + Bpf { + cmd: isize, + attr: isize, + size: isize, + }, + Execveat { + dirfd: isize, + pathname: isize, + argv: isize, + envp: isize, + flags: isize, + }, + Userfaultfd { + flags: isize, + }, + Membarrier { + cmd: isize, + flags: isize, + }, + Mlock2 { + addr: isize, + len: isize, + flags: isize, + }, + CopyFileRange { + fd_in: isize, + off_in: isize, + fd_out: isize, + off_out: isize, + len: isize, + flags: isize, + }, + Preadv2 { + fd: isize, + iov: isize, + iovcnt: isize, + offset: isize, + flags: isize, + }, + Pwritev2 { + fd: isize, + iov: isize, + iovcnt: isize, + offset: isize, + flags: isize, + }, + PkeyMprotect { + addr: isize, + len: isize, + prot: isize, + pkey: isize, + }, + PkeyAlloc { + flags: isize, + access_rights: isize, + }, + PkeyFree { + pkey: isize, + }, +} + +impl SyscallDesc { + pub fn get_syscall_desc(syscall_num: isize, args: [isize; 6]) -> Option { + match syscall_num { + 0 => Some(SyscallDesc::Read { + fd: args[0], + buf: args[1], + count: args[2], + }), + 1 => Some(SyscallDesc::Write { + fd: args[0], + buf: args[1], + count: args[2], + }), + 2 => Some(SyscallDesc::Open { + pathname: args[0], + flags: args[1], + mode: args[2], + }), + 3 => Some(SyscallDesc::Close { fd: args[0] }), + 4 => Some(SyscallDesc::Stat { + pathname: args[0], + statbuf: args[1], + }), + 5 => Some(SyscallDesc::Fstat { + fd: args[0], + statbuf: args[1], + }), + 6 => Some(SyscallDesc::Lstat { + pathname: args[0], + statbuf: args[1], + }), + 7 => Some(SyscallDesc::Poll { + fds: args[0], + nfds: args[1], + timeout: args[2], + }), + 8 => Some(SyscallDesc::Lseek { + fd: args[0], + offset: args[1], + whence: args[2], + }), + 9 => Some(SyscallDesc::Mmap { + addr: args[0], + length: args[1], + prot: args[2], + flags: args[3], + fd: args[4], + offset: args[5], + }), + 10 => Some(SyscallDesc::Mprotect { + addr: args[0], + len: args[1], + prot: args[2], + }), + 11 => Some(SyscallDesc::Munmap { + addr: args[0], + length: args[1], + prot: args[2], + flags: args[3], + fd: args[4], + offset: args[5], + }), + 12 => Some(SyscallDesc::Brk { addr: args[0] }), + 13 => Some(SyscallDesc::RtSigaction { + sig: args[0], + act: args[1], + oldact: args[2], + }), + 14 => Some(SyscallDesc::RtSigprocmask { + how: args[0], + set: args[1], + oldset: args[2], + sigsetsize: args[3], + }), + 15 => Some(SyscallDesc::RtSigreturn), + 16 => Some(SyscallDesc::Ioctl { + fd: args[0], + cmd: args[1], + arg: args[2], + }), + 17 => Some(SyscallDesc::Pread64 { + fd: args[0], + buf: args[1], + count: args[2], + offset: args[3], + }), + 18 => Some(SyscallDesc::Pwrite64 { + fd: args[0], + buf: args[1], + count: args[2], + offset: args[3], + }), + 19 => Some(SyscallDesc::Readv { + fd: args[0], + iov: args[1], + iovcnt: args[2], + }), + 20 => Some(SyscallDesc::Writev { + fd: args[0], + iov: args[1], + iovcnt: args[2], + }), + 21 => Some(SyscallDesc::Access { + pathname: args[0], + mode: args[1], + }), + 22 => Some(SyscallDesc::Pipe { pipefd: args[0] }), + 23 => Some(SyscallDesc::Select { + nfds: args[0], + readfds: args[1], + writefds: args[2], + exceptfds: args[3], + timeout: args[4], + }), + 24 => Some(SyscallDesc::SchedYield), + 25 => Some(SyscallDesc::Mremap { + old_addr: args[0], + old_size: args[1], + new_size: args[2], + flags: args[3], + new_addr: args[4], + }), + 26 => Some(SyscallDesc::Msync { + addr: args[0], + length: args[1], + flags: args[2], + }), + 27 => Some(SyscallDesc::Mincore { + addr: args[0], + length: args[1], + vec: args[2], + }), + 28 => Some(SyscallDesc::Madvise { + addr: args[0], + length: args[1], + advice: args[2], + }), + 29 => Some(SyscallDesc::Shmget { + key: args[0], + size: args[1], + shmflg: args[2], + }), + 30 => Some(SyscallDesc::Shmat { + shmid: args[0], + shmaddr: args[1], + shmflg: args[2], + }), + 31 => Some(SyscallDesc::Shmctl { + shmid: args[0], + cmd: args[1], + buf: args[2], + }), + 32 => Some(SyscallDesc::Dup { oldfd: args[0] }), + 33 => Some(SyscallDesc::Dup2 { + oldfd: args[0], + newfd: args[1], + }), + 34 => Some(SyscallDesc::Pause), + 35 => Some(SyscallDesc::Nanosleep { + req: args[0], + rem: args[1], + }), + 36 => Some(SyscallDesc::Getitimer { + which: args[0], + curr_value: args[1], + }), + 37 => Some(SyscallDesc::Alarm { seconds: args[0] }), + 38 => Some(SyscallDesc::Setitimer { + which: args[0], + new_value: args[1], + old_value: args[2], + }), + 39 => Some(SyscallDesc::Getpid), + 40 => Some(SyscallDesc::Sendfile { + out_fd: args[0], + in_fd: args[1], + offset: args[2], + count: args[3], + }), + 41 => Some(SyscallDesc::Socket { + domain: args[0], + socket_type: args[1], + protocol: args[2], + }), + 42 => Some(SyscallDesc::Connect { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + }), + 43 => Some(SyscallDesc::Accept { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + }), + 44 => Some(SyscallDesc::Sendto { + sockfd: args[0], + buf: args[1], + len: args[2], + flags: args[3], + }), + 45 => Some(SyscallDesc::Recvfrom { + sockfd: args[0], + buf: args[1], + len: args[2], + flags: args[3], + src_addr: args[4], + addrlen: args[5], + }), + 46 => Some(SyscallDesc::Sendmsg { + sockfd: args[0], + msg: args[1], + flags: args[2], + }), + 47 => Some(SyscallDesc::Recvmsg { + sockfd: args[0], + msg: args[1], + flags: args[2], + }), + 48 => Some(SyscallDesc::Shutdown { + sockfd: args[0], + how: args[1], + }), + 49 => Some(SyscallDesc::Bind { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + }), + 50 => Some(SyscallDesc::Listen { + sockfd: args[0], + backlog: args[1], + }), + 51 => Some(SyscallDesc::Getsockname { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + }), + 52 => Some(SyscallDesc::Getpeername { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + }), + 53 => Some(SyscallDesc::Socketpair { + domain: args[0], + socket_type: args[1], + protocol: args[2], + sv: args[3], + }), + 54 => Some(SyscallDesc::Setsockopt { + sockfd: args[0], + level: args[1], + optname: args[2], + optval: args[3], + optlen: args[4], + }), + 55 => Some(SyscallDesc::Getsockopt { + sockfd: args[0], + level: args[1], + optname: args[2], + optval: args[3], + optlen: args[4], + }), + 56 => Some(SyscallDesc::Clone { + flags: args[0], + stack: args[1], + parent_tid: args[2], + child_tid: args[3], + tls: args[4], + regs: args[5], + }), + 57 => Some(SyscallDesc::Fork), + 58 => Some(SyscallDesc::Vfork), + 59 => Some(SyscallDesc::Execve { + pathname: args[0], + argv: args[1], + envp: args[2], + }), + 60 => Some(SyscallDesc::Exit { status: args[0] }), + 61 => Some(SyscallDesc::Wait4 { + pid: args[0], + wstatus: args[1], + options: args[2], + rusage: args[3], + }), + 62 => Some(SyscallDesc::Kill { + pid: args[0], + sig: args[1], + }), + 63 => Some(SyscallDesc::Uname { buf: args[0] }), + 64 => Some(SyscallDesc::Semget { + key: args[0], + nsems: args[1], + semflg: args[2], + }), + 65 => Some(SyscallDesc::Semop { + semid: args[0], + sops: args[1], + nsops: args[2], + }), + 66 => Some(SyscallDesc::Semctl { + semid: args[0], + semnum: args[1], + cmd: args[2], + arg1: args[3], + arg2: args[4], + arg3: args[5], + }), + 67 => Some(SyscallDesc::Shmdt { shmaddr: args[0] }), + 68 => Some(SyscallDesc::Msgget { + key: args[0], + msgflg: args[1], + }), + 69 => Some(SyscallDesc::Msgsnd { + msqid: args[0], + msgp: args[1], + msgsz: args[2], + msgflg: args[3], + }), + 70 => Some(SyscallDesc::Msgrcv { + msqid: args[0], + msgp: args[1], + msgsz: args[2], + msgtyp: args[3], + msgflg: args[4], + }), + 71 => Some(SyscallDesc::Msgctl { + msqid: args[0], + cmd: args[1], + buf: args[2], + }), + 72 => Some(SyscallDesc::Fcntl { + fd: args[0], + cmd: args[1], + arg: args[2], + }), + 73 => Some(SyscallDesc::Flock { + fd: args[0], + operation: args[1], + }), + 74 => Some(SyscallDesc::Fsync { fd: args[0] }), + 75 => Some(SyscallDesc::Fdatasync { fd: args[0] }), + 76 => Some(SyscallDesc::Truncate { + path: args[0], + length: args[1], + }), + 77 => Some(SyscallDesc::Ftruncate { + fd: args[0], + length: args[1], + }), + 78 => Some(SyscallDesc::Getdents { + fd: args[0], + dirp: args[1], + count: args[2], + }), + 79 => Some(SyscallDesc::Getcwd { + buf: args[0], + size: args[1], + }), + 80 => Some(SyscallDesc::Chdir { path: args[0] }), + 81 => Some(SyscallDesc::Fchdir { fd: args[0] }), + 82 => Some(SyscallDesc::Rename { + oldpath: args[0], + newpath: args[1], + }), + 83 => Some(SyscallDesc::Mkdir { + pathname: args[0], + mode: args[1], + }), + 84 => Some(SyscallDesc::Rmdir { pathname: args[0] }), + 85 => Some(SyscallDesc::Creat { + pathname: args[0], + mode: args[1], + }), + 86 => Some(SyscallDesc::Link { + oldpath: args[0], + newpath: args[1], + }), + 87 => Some(SyscallDesc::Unlink { pathname: args[0] }), + 88 => Some(SyscallDesc::Symlink { + target: args[0], + linkpath: args[1], + }), + 89 => Some(SyscallDesc::Readlink { + pathname: args[0], + buf: args[1], + bufsiz: args[2], + }), + 90 => Some(SyscallDesc::Chmod { + pathname: args[0], + mode: args[1], + }), + 91 => Some(SyscallDesc::Fchmod { + fd: args[0], + mode: args[1], + }), + 92 => Some(SyscallDesc::Chown { + pathname: args[0], + owner: args[1], + group: args[2], + }), + 93 => Some(SyscallDesc::Fchown { + fd: args[0], + owner: args[1], + group: args[2], + }), + 94 => Some(SyscallDesc::Lchown { + pathname: args[0], + owner: args[1], + group: args[2], + }), + 95 => Some(SyscallDesc::Umask { mask: args[0] }), + 96 => Some(SyscallDesc::Gettimeofday { + tv: args[0], + tz: args[1], + }), + 97 => Some(SyscallDesc::Getrlimit { + resource: args[0], + rlim: args[1], + }), + 98 => Some(SyscallDesc::Getrusage { + who: args[0], + usage: args[1], + }), + 99 => Some(SyscallDesc::Sysinfo { + info: args[0], + arg2: args[1], + }), + 100 => Some(SyscallDesc::Times { buf: args[0] }), + 101 => Some(SyscallDesc::Ptrace { + request: args[0], + pid: args[1], + addr: args[2], + data: args[3], + }), + 102 => Some(SyscallDesc::Getuid), + 103 => Some(SyscallDesc::Syslog { + log_type: args[0], + bufp: args[1], + len: args[2], + }), + 104 => Some(SyscallDesc::Getgid), + 105 => Some(SyscallDesc::Setuid { uid: args[0] }), + 106 => Some(SyscallDesc::Setgid { gid: args[0] }), + 107 => Some(SyscallDesc::Geteuid), + 108 => Some(SyscallDesc::Getegid), + 109 => Some(SyscallDesc::Setpgid), + 110 => Some(SyscallDesc::Getpgrp), + 111 => Some(SyscallDesc::Setsid), + 112 => Some(SyscallDesc::Setreuid { + ruid: args[0], + euid: args[1], + }), + 113 => Some(SyscallDesc::Setregid { + rgid: args[0], + egid: args[1], + }), + 114 => Some(SyscallDesc::Getgroups { + size: args[0], + list: args[1], + }), + 115 => Some(SyscallDesc::Setgroups { + size: args[0], + list: args[1], + }), + 116 => Some(SyscallDesc::Setresuid { + ruid: args[0], + euid: args[1], + suid: args[2], + }), + 117 => Some(SyscallDesc::Getresuid { + ruid: args[0], + euid: args[1], + suid: args[2], + }), + 118 => Some(SyscallDesc::Setresgid { + rgid: args[0], + egid: args[1], + sgid: args[2], + }), + 119 => Some(SyscallDesc::Getresgid { + rgid: args[0], + egid: args[1], + sgid: args[2], + }), + 120 => Some(SyscallDesc::Getpgid { pid: args[0] }), + 121 => Some(SyscallDesc::Setfsuid { fsuid: args[0] }), + 122 => Some(SyscallDesc::Setfsgid { fsgid: args[0] }), + 123 => Some(SyscallDesc::Getsid { pid: args[0] }), + 124 => Some(SyscallDesc::Capget { + hdrp: args[0], + datap: args[1], + }), + 125 => Some(SyscallDesc::Capset { + hdrp: args[0], + datap: args[1], + }), + 126 => Some(SyscallDesc::RtSigpending { set: args[0] }), + 127 => Some(SyscallDesc::RtSigtimedwait { + set: args[0], + info: args[1], + timeout: args[2], + sigsetsize: args[3], + }), + 128 => Some(SyscallDesc::RtSigqueueinfo { + pid: args[0], + sig: args[1], + info: args[2], + }), + 129 => Some(SyscallDesc::RtSigsuspend { + mask: args[0], + sigsetsize: args[1], + }), + 130 => Some(SyscallDesc::Sigaltstack { + ss: args[0], + old_ss: args[1], + }), + 131 => Some(SyscallDesc::Utime { + filename: args[0], + times: args[1], + }), + 132 => Some(SyscallDesc::Mknod { + pathname: args[0], + mode: args[1], + dev: args[2], + }), + 133 => Some(SyscallDesc::Uselib { library: args[0] }), + 134 => Some(SyscallDesc::Personality { persona: args[0] }), + 135 => Some(SyscallDesc::Ustat { + dev: args[0], + ubuf: args[1], + }), + 136 => Some(SyscallDesc::Statfs { + path: args[0], + buf: args[1], + }), + 137 => Some(SyscallDesc::Fstatfs { + fd: args[0], + buf: args[1], + }), + 138 => Some(SyscallDesc::Sysfs { + option: args[0], + arg2: args[1], + arg3: args[2], + }), + 139 => Some(SyscallDesc::Getpriority { + which: args[0], + who: args[1], + }), + 140 => Some(SyscallDesc::Setpriority { + which: args[0], + who: args[1], + prio: args[2], + }), + 141 => Some(SyscallDesc::SchedSetparam { + pid: args[0], + param: args[1], + }), + 142 => Some(SyscallDesc::SchedGetparam { + pid: args[0], + param: args[1], + }), + 143 => Some(SyscallDesc::SchedSetscheduler { + pid: args[0], + policy: args[1], + param: args[2], + }), + 144 => Some(SyscallDesc::SchedGetscheduler { pid: args[0] }), + 145 => Some(SyscallDesc::SchedGetPriorityMax { policy: args[0] }), + 146 => Some(SyscallDesc::SchedGetPriorityMin { policy: args[0] }), + 147 => Some(SyscallDesc::SchedRrGetInterval { + pid: args[0], + interval: args[1], + }), + 148 => Some(SyscallDesc::Mlock { + addr: args[0], + len: args[1], + }), + 149 => Some(SyscallDesc::Munlock { + addr: args[0], + len: args[1], + }), + 150 => Some(SyscallDesc::Mlockall { flags: args[0] }), + 151 => Some(SyscallDesc::Munlockall), + 152 => Some(SyscallDesc::Vhangup), + 153 => Some(SyscallDesc::ModifyLdt { + func: args[0], + ptr: args[1], + bytecount: args[2], + }), + 154 => Some(SyscallDesc::PivotRoot { + new_root: args[0], + old_root: args[1], + }), + 155 => Some(SyscallDesc::Sysctl { args: args[0] }), + 156 => Some(SyscallDesc::Prctl { + option: args[0], + arg2: args[1], + arg3: args[2], + arg4: args[3], + arg5: args[4], + }), + 157 => Some(SyscallDesc::ArchPrctl { + code: args[0], + addr: args[1], + arg3: args[2], + }), + 158 => Some(SyscallDesc::Adjtimex { buf: args[0] }), + 159 => Some(SyscallDesc::Setrlimit { + resource: args[0], + rlim: args[1], + }), + 160 => Some(SyscallDesc::Chroot { path: args[0] }), + 161 => Some(SyscallDesc::Sync), + 162 => Some(SyscallDesc::Acct { filename: args[0] }), + 163 => Some(SyscallDesc::Settimeofday { + tv: args[0], + tz: args[1], + }), + 164 => Some(SyscallDesc::Mount { + source: args[0], + target: args[1], + filesystemtype: args[2], + mountflags: args[3], + data: args[4], + }), + 165 => Some(SyscallDesc::Umount2 { + target: args[0], + flags: args[1], + }), + 166 => Some(SyscallDesc::Swapon { + path: args[0], + swapflags: args[1], + }), + 167 => Some(SyscallDesc::Swapoff { path: args[0] }), + 168 => Some(SyscallDesc::Reboot { + magic: args[0], + magic2: args[1], + cmd: args[2], + arg: args[3], + }), + 169 => Some(SyscallDesc::Sethostname { + name: args[0], + len: args[1], + }), + 170 => Some(SyscallDesc::Setdomainname { + name: args[0], + len: args[1], + }), + 171 => Some(SyscallDesc::Iopl { level: args[0] }), + 172 => Some(SyscallDesc::Ioperm { + from: args[0], + num: args[1], + turn_on: args[2], + }), + 186 => Some(SyscallDesc::Gettid), + 187 => Some(SyscallDesc::Readahead { + fd: args[0], + offset: args[1], + count: args[2], + }), + 188 => Some(SyscallDesc::Setxattr { + path: args[0], + name: args[1], + value: args[2], + size: args[3], + flags: args[4], + }), + 189 => Some(SyscallDesc::Lsetxattr { + path: args[0], + name: args[1], + value: args[2], + size: args[3], + flags: args[4], + }), + 190 => Some(SyscallDesc::Fsetxattr { + fd: args[0], + name: args[1], + value: args[2], + size: args[3], + flags: args[4], + }), + 191 => Some(SyscallDesc::Getxattr { + path: args[0], + name: args[1], + value: args[2], + size: args[3], + }), + 192 => Some(SyscallDesc::Lgetxattr { + path: args[0], + name: args[1], + value: args[2], + size: args[3], + }), + 193 => Some(SyscallDesc::Fgetxattr { + fd: args[0], + name: args[1], + value: args[2], + size: args[3], + }), + 194 => Some(SyscallDesc::Listxattr { + path: args[0], + list: args[1], + size: args[2], + }), + 195 => Some(SyscallDesc::Llistxattr { + path: args[0], + list: args[1], + size: args[2], + }), + 196 => Some(SyscallDesc::Flistxattr { + path: args[0], + list: args[1], + size: args[2], + }), + 197 => Some(SyscallDesc::Removexattr { + path: args[0], + name: args[1], + }), + 198 => Some(SyscallDesc::Lremovexattr { + path: args[0], + name: args[1], + }), + 199 => Some(SyscallDesc::Fremovexattr { + fd: args[0], + name: args[1], + }), + 200 => Some(SyscallDesc::Tkill { + tid: args[0], + sig: args[1], + }), + 201 => Some(SyscallDesc::Time { tloc: args[0] }), + 202 => Some(SyscallDesc::Futex { + uaddr: args[0], + futex_op: args[1], + val: args[2], + timeout: args[3], + uaddr2: args[4], + val3: args[5], + }), + 203 => Some(SyscallDesc::SchedSetaffinity { + pid: args[0], + cpusetsize: args[1], + mask: args[2], + }), + 204 => Some(SyscallDesc::SchedGetaffinity { + pid: args[0], + cpusetsize: args[1], + mask: args[2], + }), + 205 => Some(SyscallDesc::SetThreadArea { u_info: args[0] }), + 206 => Some(SyscallDesc::IoSetup { + nr_events: args[0], + ctx_idp: args[1], + }), + 207 => Some(SyscallDesc::IoDestroy { ctx_id: args[0] }), + 208 => Some(SyscallDesc::IoGetevents { + ctx_id: args[0], + min_nr: args[1], + nr: args[2], + events: args[3], + timeout: args[4], + }), + 209 => Some(SyscallDesc::IoSubmit { + ctx_id: args[0], + nr: args[1], + iocbpp: args[2], + }), + 210 => Some(SyscallDesc::IoCancel { + ctx_id: args[0], + iocb: args[1], + result: args[2], + }), + 211 => Some(SyscallDesc::GetThreadArea { u_info: args[0] }), + 212 => Some(SyscallDesc::LookupDcookie { + cookie: args[0], + buffer: args[1], + len: args[2], + }), + 213 => Some(SyscallDesc::EpollCreate { size: args[0] }), + 217 => Some(SyscallDesc::Getdents64 { + fd: args[0], + dirp: args[1], + count: args[2], + }), + 218 => Some(SyscallDesc::SetTidAddress { tidptr: args[0] }), + 220 => Some(SyscallDesc::Semtimedop { + semid: args[0], + sops: args[1], + nsops: args[2], + timeout: args[3], + }), + 221 => Some(SyscallDesc::Fadvise64 { + fd: args[0], + offset: args[1], + len: args[2], + advice: args[3], + }), + 222 => Some(SyscallDesc::TimerCreate { + clockid: args[0], + sevp: args[1], + timerid: args[2], + }), + 223 => Some(SyscallDesc::TimerSettime { + timerid: args[0], + flags: args[1], + new_value: args[2], + old_value: args[3], + }), + 224 => Some(SyscallDesc::TimerGettime { + timerid: args[0], + curr_value: args[1], + }), + 225 => Some(SyscallDesc::TimerGetoverrun { timerid: args[0] }), + 226 => Some(SyscallDesc::TimerDelete { timerid: args[0] }), + 227 => Some(SyscallDesc::ClockSettime { + clockid: args[0], + tp: args[1], + }), + 228 => Some(SyscallDesc::ClockGettime { + clockid: args[0], + tp: args[1], + }), + 229 => Some(SyscallDesc::ClockGetres { + clockid: args[0], + res: args[1], + }), + 230 => Some(SyscallDesc::ClockNanosleep { + clockid: args[0], + flags: args[1], + request: args[2], + remain: args[3], + }), + 231 => Some(SyscallDesc::ExitGroup { status: args[0] }), + 232 => Some(SyscallDesc::EpollWait { + epfd: args[0], + events: args[1], + maxevents: args[2], + timeout: args[3], + }), + 233 => Some(SyscallDesc::EpollCtl { + epfd: args[0], + op: args[1], + fd: args[2], + event: args[3], + }), + 234 => Some(SyscallDesc::Tgkill { + tgid: args[0], + tid: args[1], + sig: args[2], + }), + 235 => Some(SyscallDesc::Utimes { + filename: args[0], + times: args[1], + }), + 237 => Some(SyscallDesc::Mbind { + addr: args[0], + len: args[1], + mode: args[2], + nodemask: args[3], + maxnode: args[4], + }), + 238 => Some(SyscallDesc::SetMempolicy { + mode: args[0], + nodemask: args[1], + maxnode: args[2], + }), + 239 => Some(SyscallDesc::GetMempolicy { + mode: args[0], + nodemask: args[1], + maxnode: args[2], + addr: args[3], + flags: args[4], + }), + 240 => Some(SyscallDesc::MqOpen { + name: args[0], + oflag: args[1], + mode: args[2], + attr: args[3], + arg5: args[4], + }), + 241 => Some(SyscallDesc::MqUnlink { name: args[0] }), + 242 => Some(SyscallDesc::MqTimedsend { + mqdes: args[0], + msg_ptr: args[1], + msg_len: args[2], + msg_prio: args[3], + abs_timeout: args[4], + }), + 243 => Some(SyscallDesc::MqTimedreceive { + mqdes: args[0], + msg_ptr: args[1], + msg_len: args[2], + msg_prio: args[3], + abs_timeout: args[4], + }), + 244 => Some(SyscallDesc::MqNotify { + mqdes: args[0], + sevp: args[1], + }), + 245 => Some(SyscallDesc::MqGetsetattr { + mqdes: args[0], + newattr: args[1], + oldattr: args[2], + }), + 246 => Some(SyscallDesc::KexecLoad { + entry: args[0], + nr_segments: args[1], + segments: args[2], + flags: args[3], + }), + 247 => Some(SyscallDesc::Waitid { + idtype: args[0], + id: args[1], + infop: args[2], + options: args[3], + }), + 248 => Some(SyscallDesc::AddKey { + key_type: args[0], + description: args[1], + payload: args[2], + plen: args[3], + keyring: args[4], + }), + 249 => Some(SyscallDesc::RequestKey { + key_type: args[0], + description: args[1], + callout_info: args[2], + dest_keyring: args[3], + }), + 250 => Some(SyscallDesc::Keyctl { + operation: args[0], + arg2: args[1], + arg3: args[2], + arg4: args[3], + arg5: args[4], + }), + 251 => Some(SyscallDesc::IoprioSet { + which: args[0], + who: args[1], + ioprio: args[2], + }), + 252 => Some(SyscallDesc::IoprioGet { + which: args[0], + who: args[1], + }), + 253 => Some(SyscallDesc::InotifyInit), + 254 => Some(SyscallDesc::InotifyAddWatch { + fd: args[0], + pathname: args[1], + mask: args[2], + }), + 255 => Some(SyscallDesc::InotifyRmWatch { + fd: args[0], + wd: args[1], + }), + 256 => Some(SyscallDesc::MigratePages { + pid: args[0], + maxnode: args[1], + old_nodes: args[2], + new_nodes: args[3], + }), + 257 => Some(SyscallDesc::Openat { + dirfd: args[0], + pathname: args[1], + flags: args[2], + mode: args[3], + }), + 258 => Some(SyscallDesc::Mkdirat { + dirfd: args[0], + pathname: args[1], + mode: args[2], + }), + 259 => Some(SyscallDesc::Mknodat { + dirfd: args[0], + pathname: args[1], + mode: args[2], + dev: args[3], + }), + 260 => Some(SyscallDesc::Fchownat { + dirfd: args[0], + pathname: args[1], + owner: args[2], + group: args[3], + flags: args[4], + }), + 261 => Some(SyscallDesc::Futimesat { + dirfd: args[0], + pathname: args[1], + times: args[2], + }), + 262 => Some(SyscallDesc::Newfstatat { + dirfd: args[0], + pathname: args[1], + statbuf: args[2], + flags: args[3], + }), + 263 => Some(SyscallDesc::Unlinkat { + dirfd: args[0], + pathname: args[1], + flags: args[2], + }), + 264 => Some(SyscallDesc::Renameat { + olddirfd: args[0], + oldpath: args[1], + newdirfd: args[2], + newpath: args[3], + }), + 265 => Some(SyscallDesc::Linkat { + olddirfd: args[0], + oldpath: args[1], + newdirfd: args[2], + newpath: args[3], + flags: args[4], + }), + 266 => Some(SyscallDesc::Symlinkat { + olddirfd: args[0], + oldpath: args[1], + newpath: args[2], + }), + 267 => Some(SyscallDesc::Readlinkat { + dirfd: args[0], + pathname: args[1], + buf: args[2], + bufsiz: args[3], + }), + 268 => Some(SyscallDesc::Fchmodat { + dirfd: args[0], + pathname: args[1], + mode: args[2], + }), + 269 => Some(SyscallDesc::Faccessat { + dirfd: args[0], + pathname: args[1], + mode: args[2], + }), + 270 => Some(SyscallDesc::Pselect6 { + nfds: args[0], + readfds: args[1], + writefds: args[2], + exceptfds: args[3], + timeout: args[4], + sigmask: args[5], + }), + 271 => Some(SyscallDesc::Ppoll { + fds: args[0], + nfds: args[1], + tmo_p: args[2], + sigmask: args[3], + sigsetsize: args[4], + }), + 272 => Some(SyscallDesc::Unshare { flags: args[0] }), + 273 => Some(SyscallDesc::SetRobustList { + head: args[0], + len: args[1], + }), + 274 => Some(SyscallDesc::GetRobustList { + pid: args[0], + head_ptr: args[1], + len_ptr: args[2], + }), + 275 => Some(SyscallDesc::Splice { + fd_in: args[0], + off_in: args[1], + fd_out: args[2], + off_out: args[3], + len: args[4], + flags: args[5], + }), + 276 => Some(SyscallDesc::Tee { + fd_in: args[0], + fd_out: args[1], + len: args[2], + flags: args[3], + }), + 277 => Some(SyscallDesc::SyncFileRange { + fd: args[0], + offset: args[1], + nbytes: args[2], + flags: args[3], + }), + 278 => Some(SyscallDesc::Vmsplice { + fd: args[0], + iov: args[1], + nr_segs: args[2], + flags: args[3], + }), + 279 => Some(SyscallDesc::MovePages { + pid: args[0], + count: args[1], + pages: args[2], + nodes: args[3], + status: args[4], + flags: args[5], + }), + 280 => Some(SyscallDesc::Utimensat { + dirfd: args[0], + pathname: args[1], + times: args[2], + flags: args[3], + }), + 281 => Some(SyscallDesc::EpollPwait { + epfd: args[0], + events: args[1], + maxevents: args[2], + timeout: args[3], + sigmask: args[4], + sigsetsize: args[5], + }), + 282 => Some(SyscallDesc::Signalfd { + ufd: args[0], + mask: args[1], + sizemask: args[2], + }), + 283 => Some(SyscallDesc::TimerfdCreate { + clockid: args[0], + flags: args[1], + }), + 284 => Some(SyscallDesc::Eventfd { initval: args[0] }), + 285 => Some(SyscallDesc::Fallocate { + fd: args[0], + mode: args[1], + offset: args[2], + len: args[3], + }), + 286 => Some(SyscallDesc::TimerfdSettime { + fd: args[0], + flags: args[1], + new_value: args[2], + old_value: args[3], + }), + 287 => Some(SyscallDesc::TimerfdGettime { + fd: args[0], + curr_value: args[1], + }), + 288 => Some(SyscallDesc::Accept4 { + sockfd: args[0], + addr: args[1], + addrlen: args[2], + flags: args[3], + arg5: args[4], + }), + 289 => Some(SyscallDesc::Signalfd4 { + ufd: args[0], + mask: args[1], + sizemask: args[2], + flags: args[3], + arg5: args[4], + }), + 290 => Some(SyscallDesc::Eventfd2 { + initval: args[0], + flags: args[1], + }), + 291 => Some(SyscallDesc::EpollCreate1 { flags: args[0] }), + 292 => Some(SyscallDesc::Dup3 { + oldfd: args[0], + newfd: args[1], + flags: args[2], + }), + 293 => Some(SyscallDesc::Pipe2 { + pipefd: args[0], + flags: args[1], + }), + 294 => Some(SyscallDesc::InotifyInit1 { flags: args[0] }), + 295 => Some(SyscallDesc::Preadv { + fd: args[0], + iov: args[1], + iovcnt: args[2], + offset: args[3], + }), + 296 => Some(SyscallDesc::Pwritev { + fd: args[0], + iov: args[1], + iovcnt: args[2], + offset: args[3], + }), + 297 => Some(SyscallDesc::RtTgsigqueueinfo { + tgid: args[0], + tid: args[1], + sig: args[2], + info: args[3], + }), + 298 => Some(SyscallDesc::PerfEventOpen { + attr: args[0], + pid: args[1], + cpu: args[2], + group_fd: args[3], + flags: args[4], + }), + 299 => Some(SyscallDesc::Recvmmsg { + sockfd: args[0], + msgvec: args[1], + vlen: args[2], + flags: args[3], + timeout: args[4], + }), + 300 => Some(SyscallDesc::FanotifyInit { + flags: args[0], + event_f_flags: args[1], + }), + 301 => Some(SyscallDesc::FanotifyMark { + fanotify_fd: args[0], + flags: args[1], + mask: args[2], + dirfd: args[3], + pathname: args[4], + }), + 302 => Some(SyscallDesc::Prlimit64 { + pid: args[0], + resource: args[1], + new_limit: args[2], + old_limit: args[3], + }), + 303 => Some(SyscallDesc::NameToHandleAt { + dirfd: args[0], + pathname: args[1], + handle: args[2], + mount_id: args[3], + flags: args[4], + }), + 304 => Some(SyscallDesc::OpenByHandleAt { + mountdirfd: args[0], + handle: args[1], + flags: args[2], + }), + 305 => Some(SyscallDesc::ClockAdjtime { + clk_id: args[0], + buf: args[1], + }), + 306 => Some(SyscallDesc::Syncfs { fd: args[0] }), + 307 => Some(SyscallDesc::Sendmmsg { + sockfd: args[0], + msgvec: args[1], + vlen: args[2], + flags: args[3], + }), + 308 => Some(SyscallDesc::Setns { + fd: args[0], + nstype: args[1], + }), + 309 => Some(SyscallDesc::Getcpu { + cpu: args[0], + node: args[1], + tcache: args[2], + }), + 310 => Some(SyscallDesc::ProcessVmReadv { + pid: args[0], + lvec: args[1], + liovcnt: args[2], + rvec: args[3], + riovcnt: args[4], + flags: args[5], + }), + 311 => Some(SyscallDesc::ProcessVmWritev { + pid: args[0], + lvec: args[1], + liovcnt: args[2], + rvec: args[3], + riovcnt: args[4], + flags: args[5], + }), + 312 => Some(SyscallDesc::Kcmp { + pid1: args[0], + pid2: args[1], + type_: args[2], + idx1: args[3], + idx2: args[4], + }), + 313 => Some(SyscallDesc::FinitModule { + fd: args[0], + param_values: args[1], + flags: args[2], + }), + 314 => Some(SyscallDesc::SchedSetattr { + pid: args[0], + attr: args[1], + flags: args[2], + }), + 315 => Some(SyscallDesc::SchedGetattr { + pid: args[0], + attr: args[1], + size: args[2], + flags: args[3], + }), + 316 => Some(SyscallDesc::Renameat2 { + olddirfd: args[0], + oldpath: args[1], + newdirfd: args[2], + newpath: args[3], + flags: args[4], + }), + 317 => Some(SyscallDesc::Seccomp { + operation: args[0], + flags: args[1], + args: args[2], + }), + 318 => Some(SyscallDesc::Getrandom { + buf: args[0], + buflen: args[1], + flags: args[2], + }), + 319 => Some(SyscallDesc::MemfdCreate { + name: args[0], + flags: args[1], + }), + 320 => Some(SyscallDesc::KexecFileLoad { + kernel_fd: args[0], + initrd_fd: args[1], + cmdline_len: args[2], + cmdline: args[3], + flags: args[4], + }), + 321 => Some(SyscallDesc::Bpf { + cmd: args[0], + attr: args[1], + size: args[2], + }), + 322 => Some(SyscallDesc::Execveat { + dirfd: args[0], + pathname: args[1], + argv: args[2], + envp: args[3], + flags: args[4], + }), + 323 => Some(SyscallDesc::Userfaultfd { flags: args[0] }), + 324 => Some(SyscallDesc::Membarrier { + cmd: args[0], + flags: args[1], + }), + 325 => Some(SyscallDesc::Mlock2 { + addr: args[0], + len: args[1], + flags: args[2], + }), + 326 => Some(SyscallDesc::CopyFileRange { + fd_in: args[0], + off_in: args[1], + fd_out: args[2], + off_out: args[3], + len: args[4], + flags: args[5], + }), + 327 => Some(SyscallDesc::Preadv2 { + fd: args[0], + iov: args[1], + iovcnt: args[2], + offset: args[3], + flags: args[4], + }), + 328 => Some(SyscallDesc::Pwritev2 { + fd: args[0], + iov: args[1], + iovcnt: args[2], + offset: args[3], + flags: args[4], + }), + 329 => Some(SyscallDesc::PkeyMprotect { + addr: args[0], + len: args[1], + prot: args[2], + pkey: args[3], + }), + 330 => Some(SyscallDesc::PkeyAlloc { + flags: args[0], + access_rights: args[1], + }), + 331 => Some(SyscallDesc::PkeyFree { pkey: args[0] }), + _ => None, + } + } +} + +pub fn get_syscall_desc(syscall_num: isize, args: [isize; 6]) -> Option { + if syscall_num < 0 { + return None; + } + + return SyscallDesc::get_syscall_desc(syscall_num, args); +} diff --git a/syscall_intercept b/syscall_intercept new file mode 160000 index 0000000..b1b9bed --- /dev/null +++ b/syscall_intercept @@ -0,0 +1 @@ +Subproject commit b1b9bedcc8cf7d711cd3e74f08d860722e7c301d