Hey guys, hopefully a simple question here. Was wondering about running a trace over sysenter calls, I noticed more often then not while having the trap flag set before and then after a syscall returns, it usually generates an access violation when returning to the caller.
What is the reasoning for this?
Also, what is an efficient approach to handling this, best I could come up with was just checking ahead every instruction, then setting an int3 after the call. Only problem is, for native routines on another thread could hit this breakpoint.
First and foremost though, is keeping the trap flag set over a sysenter known to cause an access violation or am I doing something else wrong.
Thanks! ;)
What is the reasoning for this?
Also, what is an efficient approach to handling this, best I could come up with was just checking ahead every instruction, then setting an int3 after the call. Only problem is, for native routines on another thread could hit this breakpoint.
First and foremost though, is keeping the trap flag set over a sysenter known to cause an access violation or am I doing something else wrong.
Thanks! ;)
