Jeff L wrote:

This patch came about when I was looking at why single stepping seemed to stuff up after a call. It breaks down the calls for 32 bit mode calls but not necessarily 16 and not 64 bit calls. It is a fairly messy area of knowledge and I could do with assistance as to how the 16/32/64 bit modes work.

Change log: Add code to analyse far calls in be_i386_is_func_call instead of only near calls.

Jeff Latimer + switch (rm) + { + case 0x00: + segment = dbg_context.Eax; + break; + case 0x01: + segment = dbg_context.Ecx; + break; + case 0x02: + segment = dbg_context.Edx; + break; + case 0x03: + segment = dbg_context.Ebx; + break; + case 0x04: + break; + case 0x05: + segment = dbg_context.Ebp; + break; + case 0x06: + segment = dbg_context.Esi; + break; + case 0x07: + segment = dbg_context.Edi; + break; + } this is wrong... this is part of the offset computation, not the segment (as it's an intra-segment call)

+ callee->Mode = AddrModeFlat; + callee->Segment = segment; + callee->Offset = delta; /* absolute address not an offset */ here you should use a callee->Mode of AddrMode1632 or AddrMode1616, not a flat one

basically, you can tell if it's a 16 or 32 bit call depending whether the current cs refers to a 16 or 32 bit selector A+ -- Eric Pouech