hasherezade
commented
2 years ago Thank you, it looks nice! I was planning to implement it in the future, but I was busy with other things. I appreciate your contribution.
Closed ergrelet closed 2 years ago
hasherezade
commented
2 years ago Thank you, it looks nice! I was planning to implement it in the future, but I was busy with other things. I appreciate your contribution.
Hi,
Here's a small PR that adds an option to trace inline system calls instructions (
syscall,sysenterandint 2Eh). This feature can be useful when analyzing some samples. The implementation is very similar to what existed for thecpuidinstruction tracing.I tested the feature on Windows 10 x64 with 32-bit and 64-bit PEs. A small trick is used to have meaningful addresses when tracing WoW64 processes (because inspecting the 64-bit context isn't practical).
Only the syscall number is traced at the moment, but parameters tracing shouldn't be too complex to implement later with
PIN_GetSyscallArgumentif needed/wanted.Feel free to close the PR if you don't want to merge that feature into your project.
Best regards.