Trace Over System Calls Not Working

[dhucul]

Operating System

Windows 11

x64dbg Version

latest

Describe the issue

Now that the switch condition is gone from trace into window, please post some instructions on how to trace over system calls. Tried various examples from internet and nothing worked. What is the equivalent of mod.party(dis.branchdest(cip)) ==1 which worked perfectly. Why was this option removed?

Steps to reproduce

1. None

Attachments

No response

[mrexodia]

This functionality was removed because specific commands were added to step to the next user/system instruction. This functionality hasn't been added to the trace UI yet. Likely the implementation would be a new TraceSetParty command, which will be used to configure the STEPFUNCTION. Help is welcome there!

[vaibhavshukla06]

I am quite interested in this project and here's my idea
To trace over system calls in x64dbg

1. We can set a breakpoint at the beginning of the system call. We can do this by right-clicking on the address in the disassembly window and selecting "Toggle Breakpoint".

2. Next, we need to write a script that will be executed when the breakpoint is hit. This script will perform the following steps:

   • Save the current context (registers, flags, etc.)
   • Execute the system call
   • Restore the saved context
   • Continue execution

[mrexodia]

The key issue with that idea is that control flow might reach user code while running the system function (most notably for callbacks).

To solve this issue it’s enough to reuse the existing stepping functionality and expose it to the user as I explained in my previous comment.

[xiaoyaod]

main:
issystemcall = dis.iscallsystem(eip)
cmp issystemcall,1
je label1
Stepinto
goto main
label1 :
StepOver
goto main

This is a script I wrote hoping to skip the system call but the f2 breakpoint I set after running it won't break