pyplugins.interventions.lifeguard module¶

Lifeguard: Signal Blocking Plugin¶

This module provides a plugin for the Penguin framework to block specified Linux signals by replacing them with a harmless SIGCONT. It is useful for preventing certain signals from terminating or interrupting processes during analysis or emulation.

Features¶

Block user-specified signals (e.g., SIGKILL, SIGTERM) for target processes.
Log all signal delivery attempts to a CSV file.
Optionally enable verbose logging for debugging.

Usage¶

To use this plugin, specify the signals to block in the configuration:

{
    "blocked_signals": [9, 15]  # Block SIGKILL and SIGTERM
}

The plugin will log all signal attempts to lifeguard.csv in the specified output directory.

class pyplugins.interventions.lifeguard.Lifeguard[source]¶

Bases: Plugin

Plugin to block specified signals by replacing them with SIGCONT.

Attributes - outdir (str): Output directory for logs. - blocked_signals (list[int]): List of blocked signal numbers.

blocked_signals: list[int]¶

on_sys_kill_enter(pt_regs, proto, syscall, *args)[source]¶

Handler for the kill syscall. Blocks signals if configured.

Args - pt_regs (object): The CPU registers at syscall entry. - proto (object): The syscall prototype. - syscall (object): The syscall event object. - args (tuple): The arguments passed to the syscall.

Returns - None

outdir: str¶