这个问题已经在这里有了答案：            >            Why do x86-64 Linux system calls modify RCX, and what does the value mean?                                    1个
在书Low-Level Programming: C, Assembly, and Program Execution on Intel® 64 Architecture中说：

On system call arguments The arguments for system calls are stored in a different set of registers than those for functions. The fourth argument is stored in r10 , while a function accepts the fourth argument in rcx!

The reason is that syscall instruction implicitly uses rcx. System calls cannot accept more than six
arguments.

您可以在Stack Overflow post中看到这一点,

A system-call is done via the syscall instruction. This clobbers %rcx and %r11, as well as %rax, but other registers are preserved.

我了解破坏rax来存储返回码,但是为什么rcx和r11却被syscall破坏了？是否有Clobber rcx / r11特定系统调用的列表？是否有破坏惯例？他们在任何系统调用中都被认为是安全的吗？

解决方法:

syscall指令使用rcx存储要返回的下一条指令的地址,并使用r11保存rflags寄存器的值.然后,这些值将由sysret指令恢复.

这是在执行CPU指令时由CPU完成的,因此任何特定于OS的调用约定都需要避免使用这些寄存器将参数传递给syscall.