Avoided to look for syscalls in a kernel binary.

2 files changed, 6 insertions, 4 deletions

diff --git a/plugins/lnxsyscalls/collect.c b/plugins/lnxsyscalls/collect.c
index e7db1c7..8726dc2 100644
--- a/plugins/lnxsyscalls/collect.c
+++ b/plugins/lnxsyscalls/collect.c
@@ -129,7 +129,7 @@ static void copy_call_stack(call_stack *dest, const call_stack *src)
 
     }
 
-    dest->iter = copy_instruction_iterator(src->iter);
+    dest->iter = src->iter != NULL ? copy_instruction_iterator(src->iter) : NULL;
     dest->use_current = src->use_current;
 
     dest->skip_syscall = src->skip_syscall;
@@ -339,7 +339,8 @@ static void change_register_tracker_iter(tracked_path *path, size_t sid, GArchPr
     const mrange_t *range;                  /* Couverture d'une instruction*/
     instr_iter_t *iter;                     /* Tête de lecture             */
 
-    delete_instruction_iterator(path->stacks[sid].iter);
+    if (path->stacks[sid].iter != NULL)
+        delete_instruction_iterator(path->stacks[sid].iter);
 
     range = g_arch_instruction_get_range(dest);
     iter = g_arch_processor_get_iter_from_address(proc, get_mrange_addr(range));
diff --git a/plugins/lnxsyscalls/core.c b/plugins/lnxsyscalls/core.c
index 02e109d..314f89f 100644
--- a/plugins/lnxsyscalls/core.c
+++ b/plugins/lnxsyscalls/core.c
@@ -114,11 +114,12 @@ G_MODULE_EXPORT void chrysalide_plugin_process_binary_disassembly(const GPluginM
 
     format = G_BIN_FORMAT(g_loaded_binary_get_format(binary));
 
-    goto pbd_exit;
+    if (g_binary_format_has_flag(format, FFL_RUN_IN_KERNEL_SPACE))
+        goto pbd_exit;
 
     arch = g_exe_format_get_target_machine(G_EXE_FORMAT(format));
 
-    if (strcmp(arch, "armv7") == 0)
+    if (0 && strcmp(arch, "armv7") == 0)
         hops = get_armv7_hunting_ops();
 
     else