[x86] Fixes #6628: "sysret should be considered a terminator #6628" by lifting XED_ICLASS_SYSRET* instructions as returns to RCX

galenbwill · galenbwill · commit 155eb8ba6700 · 2025-06-30T15:42:16.000-04:00
diff --git a/arch/x86/il.cpp b/arch/x86/il.cpp
@@ -3552,11 +3552,19 @@ bool GetLowLevelILForInstruction(Architecture* arch, const uint64_t addr, LowLev
 		break;
 
 	case XED_ICLASS_SYSEXIT:
-	case XED_ICLASS_SYSRET:
 	case XED_ICLASS_HLT:
 		il.AddInstruction(il.Trap(TRAP_GPF));
 		return false;
 
+	case XED_ICLASS_SYSRET:
+		il.AddInstruction(il.Return(il.Register(addrSize, XED_REG_ECX)));
+		break;
+
+	case XED_ICLASS_SYSRET64:
+	case XED_ICLASS_SYSRET_AMD:
+		il.AddInstruction(il.Return(il.Register(addrSize, XED_REG_RCX)));
+		break;
+
 	case XED_ICLASS_FLD:
 		il.AddInstruction(
 			il.RegisterStackPush(10,
