binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard

Published 20 hours ago verified publisher icon Vector35

`sysret` should be considered a terminator

Open whitequark opened this issue 7 months ago • 1 comments

Version and Platform (required):

  • Binary Ninja Version: 5.0.7208-dev Personal (9967e4cb)
  • OS: Windows
  • OS Version: 10
  • CPU Architecture: x64

Bug Description: sysret sets RIP to RCX and so it should be considered a function terminator (not merely a basic block terminator, as it currently is, with a fallthrough to the next instruction).

Steps To Reproduce:

  1. Open sysret.bin
  2. Create an x86_64 function at offset 0

Expected Behavior: A function with two instructions: swapgs; sysret.

Screenshots/Video Recording: This is what it currently looks like:

Image

Binary: sysret.zip

whitequark avatar Apr 12 '25 00:04 whitequark

Ok this actually looks like its implemented as an intrinsic that sets RIP this is clearly wrong.

plafosse avatar May 20 '25 14:05 plafosse

Thank you!

whitequark avatar Jun 30 '25 19:06 whitequark