[FEATURE] Log indirect syscall even if the syscalls table is not fill…

…ed. Enable it for Windows only
hasherezade · Dec 6, 2024 · 42b6404 · 42b6404
1 parent 591f5ea
commit 42b6404
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/TinyTracer.cpp b/TinyTracer.cpp
@@ -303,20 +303,25 @@ std::string resolve_func_name(const ADDRINT addrTo, const std::string& dll_name,
     // it doesn't start at the beginning of the routine:
     std::ostringstream sstr;
     sstr << "[" << name << "+" << std::hex << diff << "]*";
-
-    if (ctx && m_Settings.syscallsTable.count()
+#ifdef _WIN32
+    if (ctx
         && SyscallsTable::isSyscallFuncName(name)
         && SyscallsTable::isSyscallDll(util::getDllName(dll_name))
         )
     { 
         //possibly a proxy to the indirect syscall
+        g_IsIndirectSyscall = true;
         const ADDRINT eax = (ADDRINT)PIN_GetContextReg(ctx, REG_GAX);
         const std::string realName = m_Settings.syscallsTable.getName(eax);
+        sstr << " -> ";
         if (realName.length()) {
-            sstr << " -> " << realName;
-            g_IsIndirectSyscall = true;
+            sstr << realName;
+        }
+        else {
+            sstr << "SYSCALL:0x" << eax;
         }
     }
+#endif //_WIN32
     return sstr.str();
 }