Dr. Memory
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Groups Pages
_drsys_options_t Struct Reference

#include <drsyscall.h>

Data Fields

size_t struct_size
 
bool analyze_unknown_syscalls
 
bool syscall_dword_granularity
 
bool syscall_sentinels
 
bool(* is_byte_addressable )(byte *addr)
 
bool(* is_byte_defined )(byte *addr)
 
bool(* is_byte_undefined )(byte *addr)
 
bool(* is_register_defined )(reg_id_t reg)
 
bool verify_sysnums
 
app_pc(* lookup_internal_symbol )(const module_data_t *mod, const char *sym)
 
bool syscall_driver
 

Detailed Description

Specifies parameters controlling the behavior of Dr. Syscall to drsys_init().

Field Documentation

bool _drsys_options_t::analyze_unknown_syscalls

Dr. Syscall does not have information on every system call. For unknown syscalls, if this parameter is set, then a pre- and post-syscall memory comparison will be used to identify output parameters. Input parameters will remain unknown. When using this parameter, we recommend providing callbacks for is_byte_addressable(), is_byte_defined(), and is_register_defined(), if possible, to achieve greater accuracy.

bool(* _drsys_options_t::is_byte_addressable)(byte *addr)

Provides a query routine for whether a byte is addressable, i.e., allocated and safe to access. If analyze_unknown_syscalls is on, the quality of unknown parameter analysis increases substantially if information on whether registers and memory contain valid, initialized information is available.

bool(* _drsys_options_t::is_byte_defined)(byte *addr)

Provides a query routine for whether a byte is defined, i.e., allocated, safe to access, and initialized. If analyze_unknown_syscalls is on, the quality of unknown parameter analysis increases substantially if information on whether registers and memory contain valid, initialized information is available.

bool(* _drsys_options_t::is_byte_undefined)(byte *addr)

Provides a query routine for whether a byte is undefined, i.e., allocated and safe to access yet uninitialized. If analyze_unknown_syscalls is on, the quality of unknown parameter analysis increases substantially if information on whether registers and memory contain valid, initialized information is available. If this is not provided but is_byte_addressable and is_byte_defined both are, those two will be called in concert to provide this information.

bool(* _drsys_options_t::is_register_defined)(reg_id_t reg)

Provides a query routine for whether a register is defined, i.e., contains a fully initialized value. If analyze_unknown_syscalls is on, the quality of unknown parameter analysis increases substantially if information on whether registers and memory contain valid, initialized information is available.

app_pc(* _drsys_options_t::lookup_internal_symbol)(const module_data_t *mod, const char *sym)

This is an internal-only option that is reserved for developer use.

size_t _drsys_options_t::struct_size

For compatibility. Set to sizeof(drsys_options_t).

bool _drsys_options_t::syscall_driver

This is an internal-only option that is reserved for developer use.

bool _drsys_options_t::syscall_dword_granularity

If analyze_unknown_syscalls is on and this parameter is on, when changes are detected, the containing dword (32 bits) are considered to have changed.

bool _drsys_options_t::syscall_sentinels

If analyze_unknown_syscalls is on and this parameter is on, sentinels are used to detect writes and reduce false positives, in particular for uninitialized reads. However, enabling this option can potentially result in incorrect behavior if definedness information is incorrect or application threads read syscall parameter info simultaneously.

bool _drsys_options_t::verify_sysnums

This is an internal-only option that is reserved for developer use.


The documentation for this struct was generated from the following file: