Interface StalkerOptions

Options to customize Stalker's instrumentation.

Note that the callbacks provided have a significant impact on performance. If you only need periodic call summaries but do not care about the raw events, or the other way around, make sure you omit the callback that you don't need; i.e. avoid putting your logic in onCallSummary and leaving onReceive in there as an empty callback.

Hierarchy

  • StalkerOptions

Properties

data? events? onCallSummary? onEvent? onReceive? transform?

Properties

Optional data

data?: NativePointerValue

User data to be passed to StalkerNativeEventCallback and StalkerNativeTransformCallback.

Optional events

events?: {
    block?: boolean;
    call?: boolean;
    compile?: boolean;
    exec?: boolean;
    ret?: boolean;
}

Which events, if any, should be generated and periodically delivered to onReceive() and/or onCallSummary().

Type declaration

  • Optional block?: boolean

    Whether to generate an event whenever a basic block is executed.

    Useful to record a coarse execution trace.

  • Optional call?: boolean

    Whether to generate events for CALL/BLR instructions.

  • Optional compile?: boolean

    Whether to generate an event whenever a basic block is compiled.

    Useful for coverage.

  • Optional exec?: boolean

    Whether to generate events for all instructions.

    Not recommended as it's potentially a lot of data.

  • Optional ret?: boolean

    Whether to generate events for RET instructions.

Optional onCallSummary

onCallSummary?: ((summary: StalkerCallSummary) => void)

Type declaration

    • (summary: StalkerCallSummary): void

    • Callback that periodically receives a summary of call events that happened in each time window.

      You would typically implement this instead of onReceive() for efficiency, i.e. when you only want to know which targets were called and how many times, but don't care about the order that the calls happened in.

      Parameters

      • summary: StalkerCallSummary

        Key-value mapping of call target to number of calls, in the current time window.

      Returns void

Optional onEvent

onEvent?: NativePointer

C callback that processes events as they occur, allowing synchronous processing of events in native code – typically implemented using CModule.

This is useful when wanting to implement custom filtering and/or queuing logic to improve performance, or sacrifice performance in exchange for reliable event delivery.

Note that this precludes usage of onReceive() and onCallSummary().

Optional onReceive

onReceive?: ((events: ArrayBuffer) => void)

Type declaration

    • (events: ArrayBuffer): void

    • Callback that periodically receives batches of events.

      Parameters

      • events: ArrayBuffer

        Binary blob comprised of one or more Gum.Event structs. See gumevent.h for details about the format. Use Stalker.parse() to examine the data.

      Returns void

Optional transform

transform?: StalkerTransformCallback

Callback that transforms each basic block compiled whenever Stalker wants to recompile a basic block of the code that's about to be executed by the stalked thread.

Settings

Member Visibility

Theme

Generated using TypeDoc