syscalls: rework syscall arguments processing

[1ndahous3]

Reworked static information about syscall arguments, each argument type is now associated with an exact size (to remove extra bytes in values ​​obtained from registers/stack) and other characteristics.

(size bug was detected for type FS_INFORMATION_CLASS: FsInformationClass=0x4500000003)

Removed previous workarounds for certain types (see #1302).

Bonus: pointer types are now associated with the types they point to - this is in preparation for the upcoming feature to reflectively print arguments by pointers (not just for PPVOID in transform_value), see #1756.

A few syscalls have also been implemented (usually using Windows *_CLASS class enums, this is an attempt to cover all existing *_CLASS types.

Implemented a check test suite for "syscalls": it checks if information for all argument types is present (to prevent a runtime fail).

[drakvuf-jenkins]

Can one of the admins verify this patch?

[tklengyel]

@drakvuf-jenkins Test this please

[tklengyel]

@drakvuf-jenkins Retest this please

[tklengyel]

On Linux we get

drakvuf: ../src/plugins/syscalls/syscalls.cpp:189: uint64_t syscalls_base::mask_value(const arg_t &, uint64_t): Assertion `false && "Unknown size for type"' failed.`

[1ndahous3]

Yes, the assert worked as I expected - it found a bug: printing a Linux syscall with an argument defined as VOID.

Also I missed the point that Linux syscalls were also described by arguments with uppercase names, but I specified them for Windows OS.

I am going to add primitive types for Linux syscalls and not mix them with Windows types - this will also help to better understand what their real type and size are. And of course, replace void types with real ones.

[tklengyel]

@drakvuf-jenkins Test this please

[1ndahous3]

@tklengyel all done, but it seems that "check" tests are not run during CI (*check.cpp files).

[tklengyel]

@tklengyel all done, but it seems that "check" tests are not run during CI (*check.cpp files).

Feel free to add a ci step for that

[1ndahous3]

@tklengyel all done:

make  check-TESTS
make[3]: Entering directory '/home/runner/work/drakvuf/drakvuf/src/plugins'
make[4]: Entering directory '/home/runner/work/drakvuf/drakvuf/src/plugins'
PASS: plugin_utils_check
PASS: syscalls/check
PASS: procmon/check
PASS: output_format/check
============================================================================
Testsuite summary for DRAKVUF 1.1-git20240918093834+0cc7657-1
============================================================================
# TOTAL: 4
# PASS:  4
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

[tklengyel]

@drakvuf-jenkins Test this please

[tklengyel]

@drakvuf-jenkins Test this please

[tklengyel]

Thanks!