Re: winedbg: analyse far calls in be_i386_is_func_call

Jeff L wrote:

This patch came about when I was looking at why single stepping seemed to stuff up after a call. It breaks down the calls for 32 bit mode calls but not necessarily 16 and not 64 bit calls. It is a fairly messy area of knowledge and I could do with assistance as to how the 16/32/64 bit modes work.

Change log: Add code to analyse far calls in be_i386_is_func_call instead of only near calls.

Jeff Latimer

•   switch (rm)
  

•       {
  

•           case 0x00:
  

•             segment = dbg_context.Eax;
  

•             break;
  

•           case 0x01:
  

•             segment = dbg_context.Ecx;
  

•             break;
  

•           case 0x02:
  

•             segment = dbg_context.Edx;
  

•             break;
  

•           case 0x03:
  

•             segment = dbg_context.Ebx;
  

•             break;
  

•           case 0x04:
  

•             break;
  

•           case 0x05:
  

•             segment = dbg_context.Ebp;
  

•             break;
  

•           case 0x06:
  

•             segment = dbg_context.Esi;
  

•             break;
  

•           case 0x07:
  

•             segment = dbg_context.Edi;
  

•             break;
  

•       }
  

this is wrong... this is part of the offset computation, not the segment (as it's an intra-segment call)

•    callee->Mode = AddrModeFlat;
  

•    callee->Segment = segment;
  

•    callee->Offset = delta;              /* absolute address not an offset */
  

here you should use a callee->Mode of AddrMode1632 or AddrMode1616, not a flat one

basically, you can tell if it's a 16 or 32 bit call depending whether the current cs refers to a 16 or 32 bit selector

A+