I attended the 37c3 Tor meetup talk on this project and thought of a potential issue that this tool might not handle, and I was asked to file an issue to test it.
On x64_64, a 64-bit process is still able to make 32-bit int 0x80 syscalls. This will use different syscall numbers and requires a separate table. See this as an example, and this on detecting and handling this situation with ptrace.
A cursory skim of the code in u-root looks like it does not handle this.
Hi,
I attended the 37c3 Tor meetup talk on this project and thought of a potential issue that this tool might not handle, and I was asked to file an issue to test it.
On x64_64, a 64-bit process is still able to make 32-bit
int 0x80syscalls. This will use different syscall numbers and requires a separate table. See this as an example, and this on detecting and handling this situation with ptrace.A cursory skim of the code in u-root looks like it does not handle this.