March 9, 2026
9:41 p.m.
Probably pure rsp-based detection can't be fully correct for any place of interruption in syscall dispatcher. Note that, to be fully correct, we also should not leak Rip inside syscall dispatcher and should only ever report the one at syscall return. Maybe this needs a more sophisticated 'is_inside_syscall()' check which will also mind 'Rip' position inside syscall / unixcall dispatchers. But that is probably not entirely trivial to do right and nice (not like I have a ready suggestion for details)> -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10232#note_131631