int 0x80 in 64-bit code is annotated wrongly

Question

int 0x80 in 64-bit code is annotated wrongly

Opened this issue 9 years ago · 0 comments

Current code in analyze_syscall depends on debuggee bitness, this is wrong. It should instead check the syscall instruction. This would be different for all: int 0x80 is 32-bit completely, syscall is 64-bit completely, sysenter is 32 bit and needs special handling for 6th parameter.