From 1b109ab5aaa718b7db33b41b0a299b84aed5f2cf Mon Sep 17 00:00:00 2001
From: Pascal Zittlau <pascal.zittlau@gmail.com>
Date: Mon, 15 Dec 2025 11:32:28 +0100
Subject: [PATCH] save return address to patch

---
 src/syscalls.zig | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/syscalls.zig b/src/syscalls.zig
index f417183..5e16105 100644
--- a/src/syscalls.zig
+++ b/src/syscalls.zig
@@ -21,6 +21,9 @@ pub const UserRegs = extern struct {
     r13: u64,
     r14: u64,
     r15: u64,
+    /// This one isn't pushed on the stack by `syscall_entry`. It's pushed by the `call r11` to get
+    /// to the `syscall_entry`
+    return_address: u64,
 };
 
 /// The main entry point for intercepted syscalls.
@@ -124,7 +127,6 @@ pub fn syscall_entry() callconv(.naked) void {
         \\     push %rbx
         \\     push %rax
         \\     pushfq # Save Flags
-        \\     # TODO: save return_address
         \\
         \\     # Align stack
         \\     # Current pushes: 16 * 8 = 128 bytes.