On Thu, Jan 24, 2008 at 03:11:16PM +0100, sha0 sha0 wrote: > Hi, > > I think it will be useful to say the called syscall name like this: > > 0x08048329 8d1d61830408 lea ebx, [0x8048361] > 0x0804832F b900000000 ecx = 0x0 > 0x08048334 baff010000 edx = 0x1ff ; eax+0x1fa > 0x08048339 cd80 int 0x80 ;sys_open :)
How do you know this is a sys_open? no eax defined anywhere.. well.. there's a reference in edx ..so eax should be 0x1ff-0x1fa aka 5 aka open.. Theres a script called syscall-flag from pof that does that statically. To do this dinamically I should analyze code and registers and append a dinamic comment at the right of "int" opcode showing which syscall is going to be called. Analyzing the code is hard to do, and not always is possible statically, dinamically you only know the value for eax *now*..so it's not clean at all about how to detect which syscall is going to be called. btw did you know the existence of "!contsc" command? --pancake _______________________________________________ radare mailing list [email protected] https://lists.nopcode.org/mailman/listinfo/radare
