hook_syscall
Intercept system calls during emulation to log activity or halt execution, enabling analysis of program behavior in isolated sessions.
Instructions
Install a syscall hook to intercept system calls.
Modes: skip: Log the syscall and return default_return (continue execution). stop: Log the syscall and stop emulation.
Idempotent — replaces existing hook.
Args: session_id: The session ID. mode: Hook mode — "skip" (default) or "stop". default_return: Return value for skip mode (default 0).
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| session_id | Yes | ||
| mode | No | skip | |
| default_return | No |