From b23f4e88e2e1fbdc9a0849a30d42cf81b915d79d Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Mon, 18 Jun 2018 23:47:36 +0200
Subject: Deleted the initial Python version of the syscall identifier.

---
 plugins/python/lnxsyscalls/lnxsyscalls.py | 517 ------------------------------
 1 file changed, 517 deletions(-)
 delete mode 100644 plugins/python/lnxsyscalls/lnxsyscalls.py

diff --git a/plugins/python/lnxsyscalls/lnxsyscalls.py b/plugins/python/lnxsyscalls/lnxsyscalls.py
deleted file mode 100644
index 92d5763..0000000
--- a/plugins/python/lnxsyscalls/lnxsyscalls.py
+++ /dev/null
@@ -1,517 +0,0 @@
-#!/usr/bin/python
-
-from pyoida import Plugin
-from pyoida.analysis import RenderingOptions
-from pyoida.arch import ArchProcessorType
-
-
-class SysCallDB():
-    """xxx"""
-
-    def __init__(self):
-
-        self.__syscalls = [
-            "__NR_restart_syscall",
-            "__NR_exit",
-            "__NR_fork",
-            "__NR_read",
-            "__NR_write",
-            "__NR_open",
-            "__NR_close",
-            "__NR_waitpid",
-            "__NR_creat",
-            "__NR_link",
-            "__NR_unlink",
-            "__NR_execve",
-            "__NR_chdir",
-            "__NR_time",
-            "__NR_mknod",
-            "__NR_chmod",
-            "__NR_lchown",
-            "__NR_break",
-            "__NR_oldstat",
-            "__NR_lseek",
-            "__NR_getpid",
-            "__NR_mount",
-            "__NR_umount",
-            "__NR_setuid",
-            "__NR_getuid",
-            "__NR_stime",
-            "__NR_ptrace",
-            "__NR_alarm",
-            "__NR_oldfstat",
-            "__NR_pause",
-            "__NR_utime",
-            "__NR_stty",
-            "__NR_gtty",
-            "__NR_access",
-            "__NR_nice",
-            "__NR_ftime",
-            "__NR_sync",
-            "__NR_kill",
-            "__NR_rename",
-            "__NR_mkdir",
-            "__NR_rmdir",
-            "__NR_dup",
-            "__NR_pipe",
-            "__NR_times",
-            "__NR_prof",
-            "__NR_brk",
-            "__NR_setgid",
-            "__NR_getgid",
-            "__NR_signal",
-            "__NR_geteuid",
-            "__NR_getegid",
-            "__NR_acct",
-            "__NR_umount2",
-            "__NR_lock",
-            "__NR_ioctl",
-            "__NR_fcntl",
-            "__NR_mpx",
-            "__NR_setpgid",
-            "__NR_ulimit",
-            "__NR_oldolduname",
-            "__NR_umask",
-            "__NR_chroot",
-            "__NR_ustat",
-            "__NR_dup2",
-            "__NR_getppid",
-            "__NR_getpgrp",
-            "__NR_setsid",
-            "__NR_sigaction",
-            "__NR_sgetmask",
-            "__NR_ssetmask",
-            "__NR_setreuid",
-            "__NR_setregid",
-            "__NR_sigsuspend",
-            "__NR_sigpending",
-            "__NR_sethostname",
-            "__NR_setrlimit",
-            "__NR_getrlimit",
-            "__NR_getrusage",
-            "__NR_gettimeofday",
-            "__NR_settimeofday",
-            "__NR_getgroups",
-            "__NR_setgroups",
-            "__NR_select",
-            "__NR_symlink",
-            "__NR_oldlstat",
-            "__NR_readlink",
-            "__NR_uselib",
-            "__NR_swapon",
-            "__NR_reboot",
-            "__NR_readdir",
-            "__NR_mmap",
-            "__NR_munmap",
-            "__NR_truncate",
-            "__NR_ftruncate",
-            "__NR_fchmod",
-            "__NR_fchown",
-            "__NR_getpriority",
-            "__NR_setpriority",
-            "__NR_profil",
-            "__NR_statfs",
-            "__NR_fstatfs",
-            "__NR_ioperm",
-            "__NR_socketcall",
-            "__NR_syslog",
-            "__NR_setitimer",
-            "__NR_getitimer",
-            "__NR_stat",
-            "__NR_lstat",
-            "__NR_fstat",
-            "__NR_olduname",
-            "__NR_iopl",
-            "__NR_vhangup",
-            "__NR_idle",
-            "__NR_vm86old",
-            "__NR_wait4",
-            "__NR_swapoff",
-            "__NR_sysinfo",
-            "__NR_ipc",
-            "__NR_fsync",
-            "__NR_sigreturn",
-            "__NR_clone",
-            "__NR_setdomainname",
-            "__NR_uname",
-            "__NR_modify_ldt",
-            "__NR_adjtimex",
-            "__NR_mprotect",
-            "__NR_sigprocmask",
-            "__NR_create_module",
-            "__NR_init_module",
-            "__NR_delete_module",
-            "__NR_get_kernel_syms",
-            "__NR_quotactl",
-            "__NR_getpgid",
-            "__NR_fchdir",
-            "__NR_bdflush",
-            "__NR_sysfs",
-            "__NR_personality",
-            "__NR_afs_syscall",
-            "__NR_setfsuid",
-            "__NR_setfsgid",
-            "__NR__llseek",
-            "__NR_getdents",
-            "__NR__newselect",
-            "__NR_flock",
-            "__NR_msync",
-            "__NR_readv",
-            "__NR_writev",
-            "__NR_getsid",
-            "__NR_fdatasync",
-            "__NR__sysctl",
-            "__NR_mlock",
-            "__NR_munlock",
-            "__NR_mlockall",
-            "__NR_munlockall",
-            "__NR_sched_setparam",
-            "__NR_sched_getparam",
-            "__NR_sched_setscheduler",
-            "__NR_sched_getscheduler",
-            "__NR_sched_yield",
-            "__NR_sched_get_priority_max",
-            "__NR_sched_get_priority_min",
-            "__NR_sched_rr_get_interval",
-            "__NR_nanosleep",
-            "__NR_mremap",
-            "__NR_setresuid",
-            "__NR_getresuid",
-            "__NR_vm86",
-            "__NR_query_module",
-            "__NR_poll",
-            "__NR_nfsservctl",
-            "__NR_setresgid",
-            "__NR_getresgid",
-            "__NR_prctl",
-            "__NR_rt_sigreturn",
-            "__NR_rt_sigaction",
-            "__NR_rt_sigprocmask",
-            "__NR_rt_sigpending",
-            "__NR_rt_sigtimedwait",
-            "__NR_rt_sigqueueinfo",
-            "__NR_rt_sigsuspend",
-            "__NR_pread64",
-            "__NR_pwrite64",
-            "__NR_chown",
-            "__NR_getcwd",
-            "__NR_capget",
-            "__NR_capset",
-            "__NR_sigaltstack",
-            "__NR_sendfile",
-            "__NR_getpmsg",
-            "__NR_putpmsg",
-            "__NR_vfork",
-            "__NR_ugetrlimit",
-            "__NR_mmap2",
-            "__NR_truncate64",
-            "__NR_ftruncate64",
-            "__NR_stat64",
-            "__NR_lstat64",
-            "__NR_fstat64",
-            "__NR_lchown32",
-            "__NR_getuid32",
-            "__NR_getgid32",
-            "__NR_geteuid32",
-            "__NR_getegid32",
-            "__NR_setreuid32",
-            "__NR_setregid32",
-            "__NR_getgroups32",
-            "__NR_setgroups32",
-            "__NR_fchown32",
-            "__NR_setresuid32",
-            "__NR_getresuid32",
-            "__NR_setresgid32",
-            "__NR_getresgid32",
-            "__NR_chown32",
-            "__NR_setuid32",
-            "__NR_setgid32",
-            "__NR_setfsuid32",
-            "__NR_setfsgid32",
-            "__NR_pivot_root",
-            "__NR_mincore",
-            "__NR_madvise",
-            "__NR_madvise1",
-            "__NR_getdents64",
-            "__NR_fcntl64",
-            "__NR_unused",
-            "__NR_gettid",
-            "__NR_readahead",
-            "__NR_setxattr",
-            "__NR_lsetxattr",
-            "__NR_fsetxattr",
-            "__NR_getxattr",
-            "__NR_lgetxattr",
-            "__NR_fgetxattr",
-            "__NR_listxattr",
-            "__NR_llistxattr",
-            "__NR_flistxattr",
-            "__NR_removexattr",
-            "__NR_lremovexattr",
-            "__NR_fremovexattr",
-            "__NR_tkill",
-            "__NR_sendfile64",
-            "__NR_futex",
-            "__NR_sched_setaffinity",
-            "__NR_sched_getaffinity",
-            "__NR_set_thread_area",
-            "__NR_get_thread_area",
-            "__NR_io_setup",
-            "__NR_io_destroy",
-            "__NR_io_getevents",
-            "__NR_io_submit",
-            "__NR_io_cancel",
-            "__NR_fadvise64",
-            "__NR_unused",
-            "__NR_exit_group",
-            "__NR_lookup_dcookie",
-            "__NR_epoll_create",
-            "__NR_epoll_ctl",
-            "__NR_epoll_wait",
-            "__NR_remap_file_pages",
-            "__NR_set_tid_address",
-            "__NR_timer_create",
-            "__NR_timer_settime",
-            "__NR_timer_gettime",
-            "__NR_timer_getoverrun",
-            "__NR_timer_delete",
-            "__NR_clock_settime",
-            "__NR_clock_gettime",
-            "__NR_clock_getres",
-            "__NR_clock_nanosleep",
-            "__NR_statfs64",
-            "__NR_fstatfs64",
-            "__NR_tgkill",
-            "__NR_utimes",
-            "__NR_fadvise64_64",
-            "__NR_vserver",
-            "__NR_mbind",
-            "__NR_get_mempolicy",
-            "__NR_set_mempolicy",
-            "__NR_mq_open",
-            "__NR_mq_unlink",
-            "__NR_mq_timedsend",
-            "__NR_mq_timedreceive",
-            "__NR_mq_notify",
-            "__NR_mq_getsetattr",
-            "__NR_kexec_load",
-            "__NR_waitid",
-            "__NR_sys_setaltroot",
-            "__NR_add_key",
-            "__NR_request_key",
-            "__NR_keyctl",
-            "__NR_ioprio_set",
-            "__NR_ioprio_get",
-            "__NR_inotify_init",
-            "__NR_inotify_add_watch",
-            "__NR_inotify_rm_watch",
-            "__NR_migrate_pages",
-            "__NR_openat",
-            "__NR_mkdirat",
-            "__NR_mknodat",
-            "__NR_fchownat",
-            "__NR_futimesat",
-            "__NR_fstatat64",
-            "__NR_unlinkat",
-            "__NR_renameat",
-            "__NR_linkat",
-            "__NR_symlinkat",
-            "__NR_readlinkat",
-            "__NR_fchmodat",
-            "__NR_faccessat",
-            "__NR_pselect6",
-            "__NR_ppoll",
-            "__NR_unshare",
-            "__NR_set_robust_list",
-            "__NR_get_robust_list",
-            "__NR_splice",
-            "__NR_sync_file_range",
-            "__NR_tee",
-            "__NR_vmsplice",
-            "__NR_move_pages",
-            "__NR_getcpu",
-            "__NR_epoll_pwait",
-            "__NR_utimensat",
-            "__NR_signalfd",
-            "__NR_timerfd_create",
-            "__NR_eventfd",
-            "__NR_fallocate",
-            "__NR_timerfd_settime",
-            "__NR_timerfd_gettime",
-            "__NR_signalfd4",
-            "__NR_eventfd2",
-            "__NR_epoll_create1",
-            "__NR_dup3",
-            "__NR_pipe2",
-            "__NR_inotify_init1",
-            "__NR_preadv",
-            "__NR_pwritev",
-            "__NR_rt_tgsigqueueinfo",
-            "__NR_perf_event_open"
-        ]
-
-        self.__args = {
-            "sys_restart_syscall" : [],
-            "sys_exit" : ["int error_code"],
-            "sys_write" : ["unsigned int fd", "const char __user *buf", "size_t count"]
-        }
-
-    def get_syscall_name(self, index):
-        """Convert a syscall index into a human name."""
-
-        return self.__syscalls[index]
-
-
-    def get_syscall_args(self, name):
-        """Provide the function name, the needed registers and the used arguments of a syscall."""
-
-        name = name.replace("__NR_", "sys_")
-
-        try:
-            args = self.__args[name]
-        except:
-            return None
-
-        targets = {}
-
-        if len(args) >= 4:
-
-            pass
-
-        else:
-
-            registers = ["ebx", "ecx", "edx", "esi", "edi"]
-
-            i = 0
-
-            for val in args:
-                targets[registers[i]] = val
-                i = i + 1
-
-        return [name, targets]
-
-
-
-
-class LinuxSysCallsPlugin(Plugin):
-    """A simple example class"""
-
-
-
-    def __rendering_options(self, binary):
-        """Build the options needed to get the ASM code only."""
-
-        exe = binary.get_format()
-
-        ropts = RenderingOptions(exe)
-
-        ropts.show_code(True)
-        ropts.show_address = False
-
-        return ropts
-
-    def __is_syscall(self, code):
-        """Tell weither the ASM line of code is a syscall or not."""
-
-        result = False
-
-        if code.find("int") != -1:
-
-            list = code.split("\t")
-
-            if len(list) == 2:
-                result = list == ["int", "0x80"]
-
-        return result
-
-    def __find_used_register(self, ropts, start, target):
-        """Look for a given register used to supply argument for a syscall."""
-
-        for found in reversed(start):
-
-            code = found.get_text(ropts)
-            parts = code.expandtabs(1).replace(",", "").split(" ")
-
-            # Next registers are used by a new interruption
-            if parts[0] == "int":
-                continue
-
-            # No operand
-            if len(parts) == 1:
-                continue
-
-            # Only simple cases are processed...
-            if parts[1] == target:
-                if len(parts) == 2:
-                    return None
-                else:
-                    return [found, parts[2]]
-
-        return None
-
-    def run(self, binary):
-        """Resolve all registers / interruptions involved in a syscall."""
-
-        db = SysCallDB()
-
-        ropts = self.__rendering_options(binary)
-
-        lines = binary.get_lines()
-
-        for line in lines:
-            code = line.get_text(ropts)
-            if self.__is_syscall(code):
-
-                # What kind of syscall ?
-
-                line_eax = self.__find_used_register(ropts, line, "eax")
-
-                if line_eax is None:
-                    line.comment = "== UNIX Syscall =="
-                    continue
-
-                index = int(line_eax[1], 16)
-                name = db.get_syscall_name(index)
-
-                line_eax[0].comment = name
-
-                # What function / arguments ?
-
-                targets = db.get_syscall_args(name)
-
-                if targets == None:
-
-                    line.comment = "== UNIX Syscall =="
-                    continue
-
-                else:
-
-                    line.comment = "== UNIX Syscall to %s() ==" % (targets[0])
-
-                    for reg, arg in targets[1].items():
-
-                        found = self.__find_used_register(ropts, line, reg)
-
-                        if found != None:
-                            found[0].comment = arg
-
-
-
-
-
-
-def get_instance(binary):
-
-    print " --- toto from Python ---"
-
-
-
-    a = LinuxSysCallsPlugin()
-
-    a.run(binary)
-
-    return Plugin.PGA_CODE_PROCESS
-
-
-
-
-- 
cgit v0.11.2-87-g4458