Difference between revisions of "Linux assembly"
(→64 bit syscall table) |
(Updated 64-bit syscall table. Needs some sytax formatting.) |
||
(22 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | = 32 bit syscall table = | + | {{inprog}} |
+ | {{immediate|content consolidation for unlinked calls and properly formatted syscall tables -- get at hatter for more info}} | ||
+ | |||
+ | == Introduction == | ||
+ | In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls (usually referred to as syscalls) which use the interrupt code '''int $0x80''' in x86 32 bit assembly or '''\xcd\x80''' in machine byte code. By placing the required data in the proper registers and calling the interrupt, the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way to make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the '''call''' command to pass control to the linked function located in the C library. | ||
+ | |||
+ | == Unlinked System Calls for x86 32 bit systems == | ||
+ | On a 32bit system all system calls follow the same format. The system call to be made is moved into '''%eax''' and then depending on the function which you are calling the arguments go into '''%ebx, %ecx, %edx, %esx''' and '''%edi''' where '''%ebx''' would be the first argument to the system call, '''%ecx''' would be the second and so forth. Once you have all your registers set in place you can make your '''int $0x80''' interrupt call to pass program flow to the kernel to complete the function. | ||
+ | |||
+ | |||
+ | function_call(%eax) = function(%ebx, %ecx, %edx, %esx, %edi) | ||
+ | ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 | ||
+ | call # | ||
+ | |||
+ | |||
+ | This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in '''%eax''' and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand. | ||
+ | |||
+ | |||
+ | An example of this would be '''exit()''' which is documented as '''1:sys_exit:(int error_code)'''. | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | _start: | ||
+ | |||
+ | movl $1, %eax | ||
+ | mov $0, %ebx | ||
+ | int $0x80 | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | In this call to the function '''exit()''' we placed the system interrupt call number into '''%eax''' and then the return value into the first argument '''%ebx''' and then made the interrupt call. | ||
+ | Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for '''%eax''' for the system call number itself. | ||
+ | |||
+ | == Unlinked system calls for x86_64 (amd64) bit systems == | ||
+ | |||
+ | function_call(%rax) = function(%rdi, %rsi, %rdx, %r10, %r8, %r9) | ||
+ | ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 ^arg6 | ||
+ | call # | ||
+ | |||
+ | If more than 6 arguments are required, the 7th and further are pushed to the stack. | ||
+ | |||
+ | |||
+ | * '''Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);''' | ||
+ | {{info|<center>This often times won't work as shellcode due to the fact that it is not null-free. See [[null-free shellcode]] for more information.</center>}} | ||
+ | {{code|text=<source lang="asm"> | ||
+ | .section .data | ||
+ | .section .text | ||
+ | .globl _start | ||
+ | _start: | ||
+ | mov $0, %rdi | ||
+ | mov $105, %rax | ||
+ | syscall | ||
+ | |||
+ | mov $59, %rax | ||
+ | # execve(filename, argv, envp) | ||
+ | push $0x00 | ||
+ | mov %rsp, %rdx # envp is null | ||
+ | mov %rsp, %rsi # argv is null | ||
+ | mov $0x0068732f6e69622f, %r10 | ||
+ | push %r10 | ||
+ | mov %rsp, %rdi # filename is '/bin/sh\0' | ||
+ | syscall | ||
+ | |||
+ | mov $60, %rax | ||
+ | mov $0, %rdi | ||
+ | syscall | ||
+ | </source>}} | ||
+ | |||
+ | == Linked System Calls for x86 32bit systems == | ||
+ | |||
+ | |||
+ | Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows: | ||
+ | |||
+ | |||
+ | as exit-lib.s -o exit-lib.o | ||
+ | ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc | ||
+ | |||
+ | |||
+ | By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a '''call''' instruction to the function you wish to invoke. An example is as follows: | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | _start: | ||
+ | |||
+ | pushl $0 | ||
+ | call exit | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others. | ||
+ | |||
+ | == Other Code Comparisons == | ||
+ | |||
+ | |||
+ | Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call. | ||
+ | |||
+ | '''Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)''' | ||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | .section .data | ||
+ | hello: | ||
+ | .ascii "hello world\n" | ||
+ | hello_end: | ||
+ | |||
+ | .equ hello_len, hello_end - hello | ||
+ | |||
+ | .section .text | ||
+ | |||
+ | .global _start | ||
+ | |||
+ | _start: | ||
+ | movl $1, %ebx | ||
+ | movl $hello, $ecx | ||
+ | movl $hello_len, %edx | ||
+ | movl $4, %eax | ||
+ | int $0x80 | ||
+ | |||
+ | movl $1, %eax | ||
+ | movl $0, %ebx | ||
+ | int $0x80 | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | .section .data | ||
+ | hello: | ||
+ | .ascii "hello world\n" | ||
+ | |||
+ | .section .text | ||
+ | |||
+ | .global _start | ||
+ | |||
+ | _start: | ||
+ | pushl $hello | ||
+ | call printf | ||
+ | |||
+ | pushl $0 | ||
+ | call exit | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | '''Making A Directory 39:sys_mkdir(const char *pathname, int mode)''' | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | .section .data | ||
+ | dir: | ||
+ | .ascii "/root/Desktop/lol/" | ||
+ | |||
+ | .section .text | ||
+ | |||
+ | .global _start | ||
+ | |||
+ | _start: | ||
+ | movl $dir, %ebx | ||
+ | movl $777, $ecx | ||
+ | movl $39, %eax | ||
+ | int $0x80 | ||
+ | |||
+ | movl $1, %eax | ||
+ | movl $0, %ebx | ||
+ | int $0x80 | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="asm"> | ||
+ | .section .data | ||
+ | dir: | ||
+ | .ascii "/root/Desktop/lol/" | ||
+ | |||
+ | .section .text | ||
+ | |||
+ | .global _start | ||
+ | |||
+ | _start: | ||
+ | pushl $777 | ||
+ | pushl $dir | ||
+ | call mkdir | ||
+ | |||
+ | pushl $0 | ||
+ | call exit | ||
+ | </source>}} | ||
+ | |||
+ | |||
+ | = x86 32 bit syscall table = | ||
{{protip|Set the %eax register value to the appropriate integer to invoke the function when invoking '''int $0x80''' or '''\xcd\x80'''.}} | {{protip|Set the %eax register value to the appropriate integer to invoke the function when invoking '''int $0x80''' or '''\xcd\x80'''.}} | ||
1:sys_exit:(int error_code); | 1:sys_exit:(int error_code); | ||
Line 305: | Line 489: | ||
340:sys_process_vm_readv:(pid_t pid, | 340:sys_process_vm_readv:(pid_t pid, | ||
341:sys_process_vm_writev:(pid_t pid, | 341:sys_process_vm_writev:(pid_t pid, | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= 64 bit syscall table = | = 64 bit syscall table = | ||
− | {{protip|Set the %rax register value to the appropriate integer to invoke the function when invoking '''syscall''' or '''\ | + | {{protip|Set the %rax register value to the appropriate integer to invoke the function when invoking '''syscall''' or '''\x0f\x05'''.}} |
− | 0: | + | 0:'''sys_read''':(unsigned int fd, char *buf size_t count) |
− | 1: | + | 1:'''sys_write''':(unsigned int fd, const char *buf size_t count) |
− | 2: | + | 2:'''sys_open''':(const char *filename int flags, int mode) |
− | 3: | + | 3:'''sys_close''':(unsigned int fd) |
− | 4:stat | + | 4:'''sys_stat''':(const char *filename struct stat *statbuf) |
− | 5: | + | 5:'''sys_fstat''':(unsigned int fd, struct stat *statbuf) |
− | 6: | + | 6:'''sys_lstat''':(fconst, char *filename struct stat *statbuf) |
− | 7: | + | 7:'''sys_poll''':(struct poll_fd *ufds unsigned int nfds, long timeout_msecs) |
− | 8: | + | 8:'''sys_lseek''':(unsigned int fd, off_t, offset, unsigned int origin) |
− | 9: | + | 9:'''sys_mmap''':(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long off) |
− | 10: | + | 10:'''sys_mprotect''':(unsigned long start, size_t len, unsigned long prot) |
− | 11: | + | 11:'''sys_munmap''':(unsigned long addr, size_t len) |
− | 12:brk | + | 12:'''sys_brk''':(unsigned long brk) |
− | 13: | + | 13:'''sys_rt_sigaction''':(int sig, const struct sigaction *act struct sigaction *oact size_t sigsetsize) |
− | 14: | + | 14:'''sys_rt_sigprocmask''':(int how, sigset_t, *nset sigset_t, *oset size_t sigsetsize) |
− | 15: | + | 15:'''sys_rt_sigreturn''':(unsigned long __unused) |
− | 16: | + | 16:'''sys_ioctl''':(unsigned int fd, unsigned int cmd, unsigned long arg) |
− | 17: | + | 17:'''sys_pread64''':(unsigned long fd, char *buf size_t count, loff_t, pos) |
− | 18: | + | 18:'''sys_pwrite64''':(unsigned int fd, const char *buf size_t count, loff_t, pos) |
− | 19: | + | 19:'''sys_readv''':(unsigned long fd, const struct iovec *vec unsigned long vlen) |
− | 20: | + | 20:'''sys_writev''':(unsigned long fd, const struct iovec *vec unsigned long vlen) |
− | 21: | + | 21:'''sys_access''':(const char *filename int mode) |
− | 22: | + | 22:'''sys_pipe''':(int *filedes) |
− | 23: | + | 23:'''sys_select''':(int n, fd_set *inp fd_set *outp fd_set*exp, struct timeval *tvp) |
− | 24: | + | 24:'''sys_sched_yield''':() |
− | 25: | + | 25:'''sys_mremap''':(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flags, unsigned long new_addr) |
− | 26: | + | 26:'''sys_msync''':(unsigned long start, size_t len, int flags) |
− | 27: | + | 27:'''sys_mincore''':(unsigned long start, size_t len, unsigned char *vec) |
− | 28: | + | 28:'''sys_madvise''':(unsigned long start, size_t len_in, int behavior) |
− | 29: | + | 29:'''sys_shmget''':(key_t, key, size_t size, int shmflg) |
− | 30: | + | 30:'''sys_shmat''':(int shmid, char *shmaddr int shmflg) |
− | 31: | + | 31:'''sys_shmctl''':(int shmid, int cmd, struct shmid_ds *buf) |
− | 32: | + | 32:'''sys_dup''':(unsigned int fildes) |
− | 33: | + | 33:'''sys_dup2''':(unsigned int oldfd, unsigned int newfd) |
− | 34: | + | 34:'''sys_pause''':() |
− | 35: | + | 35:'''sys_nanosleep''':(struct timespec *rqtp struct timespec *rmtp) |
− | 36: | + | 36:'''sys_getitimer''':(int which, struct itimerval *value) |
− | 37: | + | 37:'''sys_alarm''':(unsigned int seconds) |
− | 38: | + | 38:'''sys_setitimer''':(int which, struct itimerval *value struct itimerval *ovalue) |
− | 39: | + | 39:'''sys_getpid''':() |
− | 40: | + | 40:'''sys_sendfile''':(int out_fd, int in_fd, off_t, *offset size_t count) |
− | 41: | + | 41:'''sys_socket''':(int family, int type, int protocol) |
− | 42: | + | 42:'''sys_connect''':(int fd, struct sockaddr *uservaddr int addrlen) |
− | 43: | + | 43:'''sys_accept''':(int fd, struct sockaddr *upeer_sockaddr int *upeer_addrlen) |
− | 44: | + | 44:'''sys_sendto''':(int fd, void *buff size_t len, unsigned flags, struct sockaddr *addr int addr_len) |
− | 45: | + | 45:'''sys_recvfrom''':(int fd, void *ubuf size_t size, unsigned flags, struct sockaddr *addr int *addr_len) |
− | 46: | + | 46:'''sys_sendmsg''':(int fd, struct msghdr *msg unsigned flags) |
− | 47: | + | 47:'''sys_recvmsg''':(int fd, struct msghdr *msg unsigned int flags) |
− | 48: | + | 48:'''sys_shutdown''':(int fd, int how) |
− | 49: | + | 49:'''sys_bind''':(int fd, struct sokaddr *umyaddr int addrlen) |
− | 50: | + | 50:'''sys_listen''':(int fd, int backlog) |
− | 51: | + | 51:'''sys_getsockname''':(int fd, struct sockaddr *usockaddr int *usockaddr_len) |
− | 52: | + | 52:'''sys_getpeername''':(int fd, struct sockaddr *usockaddr int *usockaddr_len) |
− | 53: | + | 53:'''sys_socketpair''':(int family, int type, int protocol, int *usockvec) |
− | 54: | + | 54:'''sys_setsockopt''':(int fd, int level, int optname, char *optval int optlen) |
− | 55: | + | 55:'''sys_getsockopt''':(int fd, int level, int optname, char *optval int *optlen) |
− | 56: | + | 56:'''sys_clone''':(unsigned long clone_flags, unsigned long newsp, void *parent_tid void *child_tid) |
− | 57: | + | 57:'''sys_fork''':() |
− | 58: | + | 58:'''sys_vfork''':() |
− | 59: | + | 59:'''sys_execve''':(const char *filename const char *const argv[], const char *const envp[]) |
− | 60: | + | 60:'''sys_exit''':(int error_code) |
− | 61: | + | 61:'''sys_wait4''':(pid_t, upid, int *stat_addr int options, struct rusage *ru) |
− | 62: | + | 62:'''sys_kill''':(pid_t, pid, int sig) |
− | 63: | + | 63:'''sys_uname''':(struct old_utsname *name) |
− | 64: | + | 64:'''sys_semget''':(key_t, key, int nsems, int semflg) |
− | 65: | + | 65:'''sys_semop''':(int semid, struct sembuf *tsops unsigned nsops) |
− | 66: | + | 66:'''sys_semctl''':(int semid, int semnum, int cmd, union, semun, arg) |
− | 67: | + | 67:'''sys_shmdt''':(char *shmaddr) |
− | 68: | + | 68:'''sys_msgget''':(key_t, key, int msgflg) |
− | 69: | + | 69:'''sys_msgsnd''':(int msqid, struct msgbuf *msgp size_t msgsz, int msgflg) |
− | 70: | + | 70:'''sys_msgrcv''':(int msqid, struct msgbuf *msgp size_t msgsz, long msgtyp, int msgflg) |
− | 71: | + | 71:'''sys_msgctl''':(int msqid, int cmd, struct msqid_ds *buf) |
− | 72: | + | 72:'''sys_fcntl''':(unsigned int fd, unsigned int cmd, unsigned long arg) |
− | 73: | + | 73:'''sys_flock''':(unsigned int fd, unsigned int cmd) |
− | 74: | + | 74:'''sys_fsync''':(unsigned int fd) |
− | 75: | + | 75:'''sys_fdatasync''':(unsigned int fd) |
− | 76: | + | 76:'''sys_truncate''':(const char *path long length) |
− | 77: | + | 77:'''sys_ftruncate''':(unsigned int fd, unsigned long length) |
− | 78: | + | 78:'''sys_getdents''':(unsigned int fd, struct linux_dirent *dirent unsigned int count) |
− | 79: | + | 79:'''sys_getcwd''':(char *buf unsigned long size) |
− | 80: | + | 80:'''sys_chdir''':(const char *filename) |
− | 81: | + | 81:'''sys_fchdir''':(unsigned int fd) |
− | 82: | + | 82:'''sys_rename''':(const char *oldname const char *newname) |
− | 83: | + | 83:'''sys_mkdir''':(const char *pathname int mode) |
− | 84: | + | 84:'''sys_rmdir''':(const char *pathname) |
− | 85: | + | 85:'''sys_creat''':(const char *pathname int mode) |
− | 86: | + | 86:'''sys_link''':(const char *oldname const char *newname) |
− | 87: | + | 87:'''sys_unlink''':(const char *pathname) |
− | 88: | + | 88:'''sys_symlink''':(const char *oldname const char *newname) |
− | 89: | + | 89:'''sys_readlink''':(const char *path char *buf int bufsiz) |
− | 90: | + | 90:'''sys_chmod''':(const char *filename mode_t, mode) |
− | 91: | + | 91:'''sys_fchmod''':(unsigned int fd, mode_t, mode) |
− | 92: | + | 92:'''sys_chown''':(const char *filename uid_t, user, git_t, group) |
− | 93: | + | 93:'''sys_fchown''':(unsigned int fd, uid_t, user, git_t, group) |
− | 94: | + | 94:'''sys_lchown''':(const char *filename uid_t, user, git_t, group) |
− | 95: | + | 95:'''sys_umask''':(int mask) |
− | 96: | + | 96:'''sys_gettimeofday''':(struct timeval *tv struct timezone *tz) |
− | 97: | + | 97:'''sys_getrlimit''':(unsigned int resource, struct rlimit *rlim) |
− | 98: | + | 98:'''sys_getrusage''':(int who, struct rusage *ru) |
− | 99:sysinfo | + | 99:'''sys_sysinfo''':(struct sysinfo *info) |
− | 100: | + | 100:'''sys_times''':(struct sysinfo *info) |
− | 101: | + | 101:'''sys_ptrace''':(long request, long pid, unsigned long addr, unsigned long data) |
− | 102: | + | 102:'''sys_getuid''':() |
− | 103: | + | 103:'''sys_syslog''':(int type, char *buf int len) |
− | 104: | + | 104:'''sys_getgid''':() |
− | 105: | + | 105:'''sys_setuid''':(uid_t, uid) |
− | 106: | + | 106:'''sys_setgid''':(git_t, gid) |
− | 107: | + | 107:'''sys_geteuid''':() |
− | 108: | + | 108:'''sys_getegid''':() |
− | 109: | + | 109:'''sys_setpgid''':(pid_t, pid, pid_t, pgid) |
− | 110: | + | 110:'''sys_getppid''':() |
− | 111: | + | 111:'''sys_getpgrp''':() |
− | 112: | + | 112:'''sys_setsid''':() |
− | 113: | + | 113:'''sys_setreuid''':(uid_t, ruid, uid_t, euid) |
− | 114: | + | 114:'''sys_setregid''':(git_t, rgid, gid_t, egid) |
− | 115: | + | 115:'''sys_getgroups''':(int gidsetsize, gid_t, *grouplist) |
− | 116: | + | 116:'''sys_setgroups''':(int gidsetsize, gid_t, *grouplist) |
− | 117: | + | 117:'''sys_setresuid''':(uid_t, *ruid uid_t, *euid uid_t, *suid) |
− | 118: | + | 118:'''sys_getresuid''':(uid_t, *ruid uid_t, *euid uid_t, *suid) |
− | 119: | + | 119:'''sys_setresgid''':(gid_t, rgid, gid_t, egid, gid_t, sgid) |
− | 120: | + | 120:'''sys_getresgid''':(git_t, *rgid git_t, *egid git_t, *sgid) |
− | 121: | + | 121:'''sys_getpgid''':(pid_t, pid) |
− | 122: | + | 122:'''sys_setfsuid''':(uid_t, uid) |
− | 123: | + | 123:'''sys_setfsgid''':(gid_t, gid) |
− | 124: | + | 124:'''sys_getsid''':(pid_t, pid) |
− | 125: | + | 125:'''sys_capget''':(cap_user_header_t, header, cap_user_data_t, dataptr) |
− | 126: | + | 126:'''sys_capset''':(cap_user_header_t, header, const cap_user_data_t, data) |
− | 127: | + | 127:'''sys_rt_sigpending''':(sigset_t, *set size_t sigsetsize) |
− | 128: | + | 128:'''sys_rt_sigtimedwait''':(const sigset_t, *uthese siginfo_t, *uinfo const struct timespec *uts size_t sigsetsize) |
− | 129: | + | 129:'''sys_rt_sigqueueinfo''':(pid_t, pid, int sig, siginfo_t, *uinfo) |
− | 130: | + | 130:'''sys_rt_sigsuspend''':(sigset_t, *unewset size_t sigsetsize) |
− | 131: | + | 131:'''sys_sigaltstack''':(const stack_t, *uss stack_t, *uoss) |
− | 132: | + | 132:'''sys_utime''':(char *filename struct utimbuf *times) |
− | 133: | + | 133:'''sys_mknod''':(const char *filename int mode, unsigned dev) |
− | 134: | + | 134:'''sys_uselib''':(NOT, IMPLEMENTED) |
− | 135:personality | + | 135:'''sys_personality''':(unsigned int personality) |
− | 136:ustat | + | 136:'''sys_ustat''':(unsigned dev, struct ustat *ubuf) |
− | 137:statfs | + | 137:'''sys_statfs''':(const char *pathname struct statfs *buf) |
− | 138: | + | 138:'''sys_fstatfs''':(unsigned int fd, struct statfs *buf) |
− | 139: | + | 139:'''sys_sysfs''':(int option, unsigned long arg1, unsigned long arg2) |
− | 140: | + | 140:'''sys_getpriority''':(int which, int who) |
− | 141: | + | 141:'''sys_setpriority''':(int which, int who, int niceval) |
− | 142: | + | 142:'''sys_sched_setparam''':(pid_t, pid, struct sched_param *param) |
− | 143: | + | 143:'''sys_sched_getparam''':(pid_t, pid, struct sched_param *param) |
− | 144: | + | 144:'''sys_sched_setscheduler''':(pid_t, pid, int policy, struct sched_param *param) |
− | 145: | + | 145:'''sys_sched_getscheduler''':(pid_t, pid) |
− | 146: | + | 146:'''sys_sched_get_priority_max''':(int policy) |
− | 147: | + | 147:'''sys_sched_get_priority_min''':(int policy) |
− | 148: | + | 148:'''sys_sched_rr_get_interval''':(pid_t, pid, struct timespec *interval) |
− | 149: | + | 149:'''sys_mlock''':(unsigned long start, size_t len) |
− | 150: | + | 150:'''sys_munlock''':(unsigned long start, size_t len) |
− | 151: | + | 151:'''sys_mlockall''':(int flags) |
− | 152: | + | 152:'''sys_munlockall''':() |
− | 153: | + | 153:'''sys_vhangup''':() |
− | 154: | + | 154:'''sys_modify_ldt''':(int func, void *ptr unsigned long bytecount) |
− | 155: | + | 155:'''sys_pivot_root''':(const char *new_root const char *put_old) |
− | 156: | + | 156:'''sys__sysctl''':(struct __sysctl_args *args) |
− | 157: | + | 157:'''sys_prctl''':(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) |
− | 158: | + | 158:'''sys_arch_prctl''':(struct task_struct *task int code, unsigned long *addr) |
− | 159: | + | 159:'''sys_adjtimex''':(struct timex *txc_p) |
− | 160: | + | 160:'''sys_setrlimit''':(unsigned int resource, struct rlimit *rlim) |
− | 161: | + | 161:'''sys_chroot''':(const char *filename) |
− | 162: | + | 162:'''sys_sync''':() |
− | 163: | + | 163:'''sys_acct''':(const char *name) |
− | 164: | + | 164:'''sys_settimeofday''':(struct timeval *tv struct timezone *tz) |
− | 165: | + | 165:'''sys_mount''':(char *dev_name char *dir_name char *type unsigned long flags, void *data) |
− | 166: | + | 166:'''sys_umount2''':(const char *target int flags) |
− | 167: | + | 167:'''sys_swapon''':(const char *specialfile int swap_flags) |
− | 168: | + | 168:'''sys_swapoff''':(const char *specialfile) |
− | 169: | + | 169:'''sys_reboot''':(int magic1, int magic2, unsigned int cmd, void *arg) |
− | 170: | + | 170:'''sys_sethostname''':(char *name int len) |
− | 171: | + | 171:'''sys_setdomainname''':(char *name int len) |
− | 172: | + | 172:'''sys_iopl''':(unsigned int level, struct pt_regs *regs) |
− | 173: | + | 173:'''sys_ioperm''':(unsigned long from, unsigned long num, int turn_on) |
− | 174: | + | 174:'''sys_create_module''':(REMOVED, IN, Linux, 2.6) |
− | 175: | + | 175:'''sys_init_module''':(void *umod unsigned long len, const char *uargs) |
− | 176: | + | 176:'''sys_delete_module''':(const chat, *name_user unsigned int flags) |
− | 177: | + | 177:'''sys_get_kernel_syms''':(REMOVED, IN, Linux, 2.6) |
− | 178: | + | 178:'''sys_query_module''':(REMOVED, IN, Linux, 2.6) |
− | 179: | + | 179:'''sys_quotactl''':(unsigned int cmd, const char *special qid_t, id, void *addr) |
− | 180: | + | 180:'''sys_nfsservctl''':(NOT, IMPLEMENTED) |
− | 181: | + | 181:'''sys_getpmsg''':(NOT, IMPLEMENTED) |
− | 182: | + | 182:'''sys_putpmsg''':(NOT, IMPLEMENTED) |
− | 183: | + | 183:'''sys_afs_syscall''':(NOT, IMPLEMENTED) |
− | 184: | + | 184:'''sys_tuxcall''':(NOT, IMPLEMENTED) |
− | 185: | + | 185:'''sys_security''':(NOT, IMPLEMENTED) |
− | 186: | + | 186:'''sys_gettid''':() |
− | 187: | + | 187:'''sys_readahead''':(int fd, loff_t, offset, size_t count) |
− | 188: | + | 188:'''sys_setxattr''':(const char *pathname const char *name const void *value size_t size, int flags) |
− | 189: | + | 189:'''sys_lsetxattr''':(const char *pathname const char *name const void *value size_t size, int flags) |
− | 190: | + | 190:'''sys_fsetxattr''':(int fd, const char *name const void *value size_t size, int flags) |
− | 191: | + | 191:'''sys_getxattr''':(const char *pathname const char *name void *value size_t size) |
− | 192: | + | 192:'''sys_lgetxattr''':(const char *pathname const char *name void *value size_t size) |
− | 193: | + | 193:'''sys_fgetxattr''':(int fd, const har, *name void *value size_t size) |
− | 194: | + | 194:'''sys_listxattr''':(const char *pathname char *list size_t size) |
− | 195: | + | 195:'''sys_llistxattr''':(const char *pathname char *list size_t size) |
− | 196: | + | 196:'''sys_flistxattr''':(int fd, char *list size_t size) |
− | 197: | + | 197:'''sys_removexattr''':(const char *pathname const char *name) |
− | 198: | + | 198:'''sys_lremovexattr''':(const char *pathname const char *name) |
− | 199: | + | 199:'''sys_fremovexattr''':(int fd, const char *name) |
− | 200: | + | 200:'''sys_tkill''':(pid_t, pid, ing, sig) |
− | 201: | + | 201:'''sys_time''':(time_t, *tloc) |
− | 202: | + | 202:'''sys_futex''':(u32, *uaddr int op, u32, val, struct timespec *utime u32, *uaddr2 u32, val3) |
− | 203: | + | 203:'''sys_sched_setaffinity''':(pid_t, pid, unsigned int len, unsigned long *user_mask_ptr) |
− | 204: | + | 204:'''sys_sched_getaffinity''':(pid_t, pid, unsigned int len, unsigned long *user_mask_ptr) |
− | 205: | + | 205:'''sys_set_thread_area''':(NOT, IMPLEMENTED., Use, arch_prctl) |
− | 206: | + | 206:'''sys_io_setup''':(unsigned nr_events, aio_context_t, *ctxp) |
− | 207: | + | 207:'''sys_io_destroy''':(aio_context_t, ctx) |
− | 208: | + | 208:'''sys_io_getevents''':(aio_context_t, ctx_id, long min_nr, long nr, struct io_event *events) |
− | 209: | + | 209:'''sys_io_submit''':(aio_context_t, ctx_id, long nr, struct iocb **iocbpp) |
− | 210: | + | 210:'''sys_io_cancel''':(aio_context_t, ctx_id, struct iocb *iocb struct io_event *result) |
− | 211: | + | 211:'''sys_get_thread_area''':(NOT, IMPLEMENTED., Use, arch_prctl) |
− | 212: | + | 212:'''sys_lookup_dcookie''':(u64, cookie64, long buf, long len) |
− | 213: | + | 213:'''sys_epoll_create''':(int size) |
− | 214: | + | 214:'''sys_epoll_ctl_old''':(NOT, IMPLEMENTED) |
− | 215: | + | 215:'''sys_epoll_wait_old''':(NOT, IMPLEMENTED) |
− | 216: | + | 216:'''sys_remap_file_pages''':(unsigned long start, unsigned long size, unsigned long prot, unsigned long pgoff, unsigned long flags) |
− | 217: | + | 217:'''sys_getdents64''':(unsigned int fd, struct linux_dirent64 *dirent unsigned int count) |
− | 218: | + | 218:'''sys_set_tid_address''':(int *tidptr) |
− | 219: | + | 219:'''sys_restart_syscall''':() |
− | 220: | + | 220:'''sys_semtimedop''':(int semid, struct sembuf *tsops unsigned nsops, const struct timespec *timeout) |
− | 221: | + | 221:'''sys_fadvise64''':(int fd, loff_t, offset, size_t len, int advice) |
− | 222: | + | 222:'''sys_timer_create''':(const clockid_t, which_clock, struct sigevent *timer_event_spec timer_t, *created_timer_id) |
− | 223: | + | 223:'''sys_timer_settime''':(timer_t, timer_id, int flags, const struct itimerspec *new_setting struct itimerspec *old_setting) |
− | 224: | + | 224:'''sys_timer_gettime''':(timer_t, timer_id, struct itimerspec *setting) |
− | 225: | + | 225:'''sys_timer_getoverrun''':(timer_t, timer_id) |
− | 226: | + | 226:'''sys_timer_delete''':(timer_t, timer_id) |
− | 227: | + | 227:'''sys_clock_settime''':(const clockid_t, which_clock, const struct timespec *tp) |
− | 228: | + | 228:'''sys_clock_gettime''':(const clockid_t, which_clock, struct timespec *tp) |
− | 229: | + | 229:'''sys_clock_getres''':(const clockid_t, which_clock, struct timespec *tp) |
− | 230: | + | 230:'''sys_clock_nanosleep''':(const clockid_t, which_clock, int flags, const struct timespec *rqtp struct timespec *rmtp) |
− | 231: | + | 231:'''sys_exit_group''':(int error_code) |
− | 232: | + | 232:'''sys_epoll_wait''':(int epfd, struct epoll_event *events int maxevents, int timeout) |
− | 233: | + | 233:'''sys_epoll_ctl''':(int epfd, int op, int fd, struct epoll_event *event) |
− | 234: | + | 234:'''sys_tgkill''':(pid_t, tgid, pid_t, pid, int sig) |
− | 235:utimes | + | 235:'''sys_utimes''':(char *filename struct timeval *utimes) |
− | 236: | + | 236:'''sys_vserver''':(NOT, IMPLEMENTED) |
− | 237: | + | 237:'''sys_mbind''':(unsigned long start, unsigned long len, unsigned long mode, unsigned long *nmask unsigned long maxnode, unsigned flags) |
− | 238: | + | 238:'''sys_set_mempolicy''':(int mode, unsigned long *nmask unsigned long maxnode) |
− | 239: | + | 239:'''sys_get_mempolicy''':(int *policy unsigned long *nmask unsigned long maxnode, unsigned long addr, unsigned long flags) |
− | 240: | + | 240:'''sys_mq_open''':(const char *u_name int oflag, mode_t, mode, struct mq_attr *u_attr) |
− | 241: | + | 241:'''sys_mq_unlink''':(const char *u_name) |
− | 242: | + | 242:'''sys_mq_timedsend''':(mqd_t, mqdes, const char *u_msg_ptr size_t msg_len, unsigned int msg_prio, const stuct, timespec, *u_abs_timeout) |
− | 243: | + | 243:'''sys_mq_timedreceive''':(mqd_t, mqdes, char *u_msg_ptr size_t msg_len, unsigned int *u_msg_prio const struct timespec *u_abs_timeout) |
− | 244: | + | 244:'''sys_mq_notify''':(mqd_t, mqdes, const struct sigevent *u_notification) |
− | 245: | + | 245:'''sys_mq_getsetattr''':(mqd_t, mqdes, const struct mq_attr *u_mqstat struct mq_attr *u_omqstat) |
− | 246: | + | 246:'''sys_kexec_load''':(unsigned long entry, unsigned long nr_segments, struct kexec_segment *segments unsigned long flags) |
− | 247: | + | 247:'''sys_waitid''':(int which, pid_t, upid, struct siginfo *infop int options, struct rusage *ru) |
− | 248: | + | 248:'''sys_add_key''':(const char *_type const char *_description const void *_payload size_t plen) |
− | 249: | + | 249:'''sys_request_key''':(const char *_type const char *_description const char *_callout_info key_serial_t, destringid) |
− | 250: | + | 250:'''sys_keyctl''':(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) |
− | 251: | + | 251:'''sys_ioprio_set''':(int which, int who, int ioprio) |
− | 252: | + | 252:'''sys_ioprio_get''':(int which, int who) |
− | 253: | + | 253:'''sys_inotify_init''':() |
− | 254: | + | 254:'''sys_inotify_add_watch''':(int fd, const char *pathname u32, mask) |
− | 255: | + | 255:'''sys_inotify_rm_watch''':(int fd, __s32 wd) |
− | 256: | + | 256:'''sys_migrate_pages''':(pid_t, pid, unsigned long maxnode, const unsigned long *old_nodes const unsigned long *new_nodes) |
− | 257: | + | 257:'''sys_openat''':(int dfd, const char *filename int flags, int mode) |
− | 258: | + | 258:'''sys_mkdirat''':(int dfd, const char *pathname int mode) |
− | 259: | + | 259:'''sys_mknodat''':(int dfd, const char *filename int mode, unsigned dev) |
− | 260: | + | 260:'''sys_fchownat''':(int dfd, const char *filename uid_t, user, gid_t, group, int flag) |
− | 261: | + | 261:'''sys_futimesat''':(int dfd, const char *filename struct timeval *utimes) |
− | 262: | + | 262:'''sys_newfstatat''':(int dfd, const char *filename struct stat *statbuf int flag) |
− | 263: | + | 263:'''sys_unlinkat''':(int dfd, const char *pathname int flag) |
− | 264: | + | 264:'''sys_renameat''':(int oldfd, const char *oldname int newfd, const char *newname) |
− | 265: | + | 265:'''sys_linkat''':(int oldfd, const char *oldname int newfd, const char *newname int flags) |
− | 266: | + | 266:'''sys_symlinkat''':(const char *oldname int newfd, const char *newname) |
− | 267: | + | 267:'''sys_readlinkat''':(int dfd, const char *pathname char *buf int bufsiz) |
− | 268: | + | 268:'''sys_fchmodat''':(int dfd, const char *filename mode_t, mode) |
− | 269: | + | 269:'''sys_faccessat''':(int dfd, const char *filename int mode) |
− | 270: | + | 270:'''sys_pselect6''':(int n, fd_set *inp fd_set *outp fd_set *exp struct timespec *tsp void *sig) |
− | 271: | + | 271:'''sys_ppoll''':(struct pollfd *ufds unsigned int nfds, struct timespec *tsp const sigset_t, *sigmask size_t sigsetsize) |
− | 272: | + | 272:'''sys_unshare''':(unsigned long unshare_flags) |
− | 273: | + | 273:'''sys_set_robust_list''':(struct robust_list_head *head size_t len) |
− | 274: | + | 274:'''sys_get_robust_list''':(int pid, struct robust_list_head **head_ptr size_t *len_ptr) |
− | 275: | + | 275:'''sys_splice''':(int fd_in, loff_t, *off_in int fd_out, loff_t, *off_out size_t len, unsigned int flags) |
− | 276: | + | 276:'''sys_tee''':(int fdin, int fdout, size_t len, unsigned int flags) |
− | 277: | + | 277:'''sys_sync_file_range''':(long fd, loff_t, offset, loff_t, bytes, long flags) |
− | 278: | + | 278:'''sys_vmsplice''':(int fd, const struct iovec *iov unsigned long nr_segs, unsigned int flags) |
− | 279: | + | 279:'''sys_move_pages''':(pid_t, pid, unsigned long nr_pages, const void **pages const int *nodes int *status int flags) |
− | 280: | + | 280:'''sys_utimensat''':(int dfd, const char *filename struct timespec *utimes int flags) |
− | 281: | + | 281:'''sys_epoll_pwait''':(int epfd, struct epoll_event *events int maxevents, int timeout, const sigset_t, *sigmask size_t sigsetsize) |
− | 282: | + | 282:'''sys_signalfd''':(int ufd, sigset_t, *user_mask size_t sizemask) |
− | 283: | + | 283:'''sys_timerfd_create''':(int clockid, int flags) |
− | 284: | + | 284:'''sys_eventfd''':(unsigned int count) |
− | 285: | + | 285:'''sys_fallocate''':(long fd, long mode, loff_t, offset, loff_t, len) |
− | 286: | + | 286:'''sys_timerfd_settime''':(int ufd, int flags, const struct itimerspec *utmr struct itimerspec *otmr) |
− | 287: | + | 287:'''sys_timerfd_gettime''':(int ufd, struct itimerspec *otmr) |
− | 288: | + | 288:'''sys_accept4''':(int fd, struct sockaddr *upeer_sockaddr int *upeer_addrlen int flags) |
− | 289: | + | 289:'''sys_signalfd4''':(int ufd, sigset_t, *user_mask size_t sizemask, int flags) |
− | 290: | + | 290:'''sys_eventfd2''':(unsigned int count, int flags) |
− | 291: | + | 291:'''sys_epoll_create1''':(int flags) |
− | 292: | + | 292:'''sys_dup3''':(unsigned int oldfd, unsigned int newfd, int flags) |
− | 293: | + | 293:'''sys_pipe2''':(int *filedes int flags) |
− | 294: | + | 294:'''sys_inotify_init1''':(int flags) |
− | 295: | + | 295:'''sys_preadv''':(unsigned long fd, const struct iovec *vec unsigned long vlen, unsigned long pos_l, unsigned long pos_h) |
− | 296: | + | 296:'''sys_pwritev''':(unsigned long fd, const struct iovec *vec unsigned long vlen, unsigned long pos_l, unsigned long pos_h) |
− | 297: | + | 297:'''sys_rt_tgsigqueueinfo''':(pid_t, tgid, pid_t, pid, int sig, siginfo_t, *uinfo) |
− | 298: | + | 298:'''sys_perf_event_open''':(struct perf_event_attr *attr_uptr pid_t, pid, int cpu, int group_fd, unsigned long flags) |
− | 299: | + | 299:'''sys_recvmmsg''':(int fd, struct msghdr *mmsg unsigned int vlen, unsigned int flags, struct timespec *timeout) |
− | 300: | + | 300:'''sys_fanotify_init''':(unsigned int flags, unsigned int event_f_flags) |
− | 301: | + | 301:'''sys_fanotify_mark''':(long fanotify_fd, long flags, __u64 mask, long dfd, long pathname) |
− | 302: | + | 302:'''sys_prlimit64''':(pid_t, pid, unsigned int resource, const struct rlimit64 *new_rlim struct rlimit64 *old_rlim) |
− | 303: | + | 303:'''sys_name_to_handle_at''':(int dfd, const char *name struct file_handle *handle int *mnt_id int flag) |
− | 304: | + | 304:'''sys_open_by_handle_at''':(int dfd, const char *name struct file_handle *handle int *mnt_id int flags) |
− | 305: | + | 305:'''sys_clock_adjtime''':(clockid_t, which_clock, struct timex *tx) |
− | 306: | + | 306:'''sys_syncfs''':(int fd) |
− | 307: | + | 307:'''sys_sendmmsg''':(int fd, struct mmsghdr *mmsg unsigned int vlen, unsigned int flags) |
− | 308: | + | 308:'''sys_setns''':(int fd, int nstype) |
− | 309: | + | 309:'''sys_getcpu''':(unsigned *cpup unsigned *nodep struct getcpu_cache *unused) |
− | 310: | + | 310:'''sys_process_vm_readv''':(pid_t, pid, const struct iovec *lvec unsigned long liovcnt, const struct iovec *rvec unsigned long riovcnt, unsigned long flags) |
− | 311: | + | 311:'''sys_process_vm_writev''':(pid_t, pid, const struct iovec *lvec unsigned long liovcnt, const struct iovcc *rvec unsigned long riovcnt, unsigned long flags) |
− | + | 312:'''sys_kcmp''':(pid_t, pid1, pid_t, pid2, int type, unsigned long idx1, unsigned long idx2) | |
− | + | 313:'''sys_finit_module''':(int fd, const char __user *uargs int flags) | |
− | + | 314:'''sys_sched_setattr''':(pid_t, pid, struct sched_attr __user *attr unsigned int flags) | |
− | + | 315:'''sys_sched_getattr''':(pid_t, pid, struct sched_attr __user *attr unsigned int size, unsigned int flags) | |
− | + | 316:'''sys_renameat2''':(int olddfd, const char __user *oldname int newdfd,, const char __user *newname unsigned int flags) | |
− | + | 317:'''sys_seccomp''':(unsigned int op, unsigned int flags, const char __user *uargs) | |
− | + | 318:'''sys_getrandom''':(char __user *buf size_t count, unsigned int flags) | |
− | + | 319:'''sys_memfd_create''':(const char __user *uname_ptr unsigned int flags) | |
− | + | 320:'''sys_kexec_file_load''':(int kernel_fd, int initrd_fd, unsigned long cmdline_len, const char __user *cmdline_ptr unsigned long flags) | |
− | + | 321:'''sys_bpf''':(int cmd, union, bpf_attr, *attr unsigned int size) | |
− | + | 322:stub_execveat, int dfd, const char __user *filename const char __user *const __user *argv const char __user *const __user *envp int flags) | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + |
Latest revision as of 22:22, 12 July 2016
This article needs immediate attention, and is in desperate need of content consolidation for unlinked calls and properly formatted syscall tables -- get at hatter for more info. |
Contents
Introduction
In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls (usually referred to as syscalls) which use the interrupt code int $0x80 in x86 32 bit assembly or \xcd\x80 in machine byte code. By placing the required data in the proper registers and calling the interrupt, the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way to make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the call command to pass control to the linked function located in the C library.
Unlinked System Calls for x86 32 bit systems
On a 32bit system all system calls follow the same format. The system call to be made is moved into %eax and then depending on the function which you are calling the arguments go into %ebx, %ecx, %edx, %esx and %edi where %ebx would be the first argument to the system call, %ecx would be the second and so forth. Once you have all your registers set in place you can make your int $0x80 interrupt call to pass program flow to the kernel to complete the function.
function_call(%eax) = function(%ebx, %ecx, %edx, %esx, %edi) ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 call #
This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in %eax and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand.
An example of this would be exit() which is documented as 1:sys_exit:(int error_code).
_start: movl $1, %eax mov $0, %ebx int $0x80 |
In this call to the function exit() we placed the system interrupt call number into %eax and then the return value into the first argument %ebx and then made the interrupt call.
Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for %eax for the system call number itself.
Unlinked system calls for x86_64 (amd64) bit systems
function_call(%rax) = function(%rdi, %rsi, %rdx, %r10, %r8, %r9) ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 ^arg6 call #
If more than 6 arguments are required, the 7th and further are pushed to the stack.
- Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
.section .data .section .text .globl _start _start: mov $0, %rdi mov $105, %rax syscall mov $59, %rax # execve(filename, argv, envp) push $0x00 mov %rsp, %rdx # envp is null mov %rsp, %rsi # argv is null mov $0x0068732f6e69622f, %r10 push %r10 mov %rsp, %rdi # filename is '/bin/sh\0' syscall mov $60, %rax mov $0, %rdi syscall |
Linked System Calls for x86 32bit systems
Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows:
as exit-lib.s -o exit-lib.o ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc
By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a call instruction to the function you wish to invoke. An example is as follows:
_start: pushl $0 call exit |
As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others.
Other Code Comparisons
Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call.
Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)
.section .data hello: .ascii "hello world\n" hello_end: .equ hello_len, hello_end - hello .section .text .global _start _start: movl $1, %ebx movl $hello, $ecx movl $hello_len, %edx movl $4, %eax int $0x80 movl $1, %eax movl $0, %ebx int $0x80 |
.section .data hello: .ascii "hello world\n" .section .text .global _start _start: pushl $hello call printf pushl $0 call exit |
Making A Directory 39:sys_mkdir(const char *pathname, int mode)
.section .data dir: .ascii "/root/Desktop/lol/" .section .text .global _start _start: movl $dir, %ebx movl $777, $ecx movl $39, %eax int $0x80 movl $1, %eax movl $0, %ebx int $0x80 |
.section .data dir: .ascii "/root/Desktop/lol/" .section .text .global _start _start: pushl $777 pushl $dir call mkdir pushl $0 call exit |
x86 32 bit syscall table
1:sys_exit:(int error_code); 2:sys_fork:int sys_fork(struct pt_regs *); 3:sys_read:(unsigned int fd, char __user *buf, size_t count); 4:sys_write:(unsigned int fd, const char __user *buf, 5:sys_open:(const char __user *filename, 6:sys_close:(unsigned int fd); 7:sys_restart_syscall:(void); 8:sys_creat:(const char __user *pathname, int mode); 9:sys_link:(const char __user *oldname, 10:sys_unlink:(const char __user *pathname); 11:sys_execve:long sys_execve(const char __user *, 12:sys_chdir:(const char __user *filename) 13:sys_time:(time_t __user *tloc); 14:sys_mknod:(const char __user *filename, int mode, 15:sys_chmod:(const char __user *filename, mode_t mode); 16:sys_lchown16:(const char __user *filename, 19:sys_lseek:(unsigned int fd, off_t offset, 20:sys_getpid:(void); 21:sys_mount:(char __user *dev_name, char __user *dir_name, 22:sys_oldumount:(char __user *name) 23:sys_setuid16:(old_uid_t uid); 24:sys_getuid16:(void); 25:sys_stime:(time_t __user *tptr); 26:sys_ptrace:(long request, long pid, unsigned long addr, 27:sys_alarm:(unsigned int seconds); 29:sys_pause:(void); 30:sys_utime:(char __user *filename, 33:sys_access:(const char __user *filename, int mode); 34:sys_nice:(int increment); 36:sys_sync:(void); 37:sys_kill:(int pid, int sig); 38:sys_rename:(const char __user *oldname, 39:sys_mkdir:(const char __user *pathname, int mode); 40:sys_rmdir:(const char __user *pathname); 41:sys_dup:(unsigned int fildes); 42:sys_pipe:int sys_fork(struct pt_regs *); 43:sys_times:(struct tms __user *tbuf); 45:sys_brk:(unsigned long brk); 46:sys_setgid16:(old_gid_t gid); 47:sys_getgid16:(void); 48:sys_signal:(int sig, __sighandler_t handler); 49:sys_geteuid16:(void); 50:sys_getegid16:(void); 51:sys_acct:(const char __user *name); 52:sys_umount:(char __user *name, int flags) 54:sys_ioctl:(unsigned int fd, unsigned int cmd, 55:sys_fcntl:(unsigned int fd, unsigned int cmd, unsigned long arg); 57:sys_setpgid:(pid_t pid, pid_t pgid); 60:sys_umask:(int mask); 61:sys_chroot:(const char __user *filename); 62:sys_ustat:(unsigned dev, struct ustat __user *ubuf) 63:sys_dup2:int sys_fork(struct pt_regs *); 64:sys_getppid:(void); 65:sys_getpgrp:(void); 66:sys_setsid:(void); 67:sys_sigaction:asmlinkage int sys_sigaction(int, const struct old_sigaction __user *, 70:sys_setreuid16:(old_uid_t ruid, old_uid_t euid); 71:sys_setregid16:(old_gid_t rgid, old_gid_t egid); 72:sys_sigsuspend:asmlinkage int sys_sigsuspend(int, int, old_sigset_t); 73:sys_sigpending:(old_sigset_t __user *set); 74:sys_sethostname:(char __user *name, int len); 75:sys_setrlimit:(unsigned int resource, 76:sys_old_getrlimit:(unsigned int resource, struct rlimit __user *rlim); 77:sys_getrusage:(int who, struct rusage __user *ru); 78:sys_gettimeofday:(struct timeval __user *tv, 79:sys_settimeofday:(struct timeval __user *tv, 80:sys_getgroups16:(int gidsetsize, old_gid_t __user *grouplist); 81:sys_setgroups16:(int gidsetsize, old_gid_t __user *grouplist); 83:sys_symlink:(const char __user *old, const char __user *new); 85:sys_readlink:(const char __user *path, 86:sys_uselib:(const char __user *library); 87:sys_swapon:(const char __user *specialfile, int swap_flags); 88:sys_reboot:(int magic1, int magic2, unsigned int cmd, 89:sys_ni_syscall:(void); 90:sys_old_mmap:(struct mmap_arg_struct __user *arg); 91:sys_munmap:(unsigned long addr, size_t len); 92:sys_truncate:(const char __user *path, loff_t length); 93:sys_ftruncate:(unsigned int fd, unsigned long length); 94:sys_fchmod:(unsigned int fd, mode_t mode); 95:sys_fchown16:(unsigned int fd, old_uid_t user, old_gid_t group); 96:sys_getpriority:(int which, int who); 97:sys_setpriority:(int which, int who, int niceval); 99:sys_statfs:(const char __user * path, 100:sys_fstatfs:(unsigned int fd, struct statfs __user *buf); 102:sys_socketcall:(int call, unsigned long __user *args) 103:sys_syslog:(int type, char __user *buf, int len); 104:sys_setitimer:(int which, 105:sys_getitimer:(int which, struct itimerval __user *value); 106:sys_newstat:(const char __user *filename, 107:sys_newlstat:(const char __user *filename, 108:sys_newfstat:(unsigned int fd, struct stat __user *statbuf); 110:sys_lookup_dcookie:(u64 cookie64, char __user *buf, size_t len); 111:sys_vhangup:(void) 114:sys_wait4:(pid_t pid, int __user *stat_addr, 115:sys_swapoff:(const char __user *specialfile); 116:sys_sysinfo:(struct sysinfo __user *info); 117:sys_s390_ipc: 118:sys_fsync:(unsigned int fd); 119:sys_sigreturn:unsigned long sys_sigreturn(struct pt_regs *); 120:sys_clone:long sys_clone(unsigned long, unsigned long, void __user *, 121:sys_setdomainname:(char __user *name, int len); 122:sys_newuname:(struct new_utsname __user *name) 124:sys_adjtimex:(struct timex __user *txc_p); 125:sys_mprotect:(unsigned long start, size_t len, 126:sys_sigprocmask:(int how, old_sigset_t __user *set, 128:sys_init_module:(void __user *umod, unsigned long len, 129:sys_delete_module:(const char __user *name_user, 131:sys_quotactl:(unsigned int cmd, const char __user *special, 132:sys_getpgid:(pid_t pid) 133:sys_fchdir:(unsigned int fd); 134:sys_bdflush:(int func, long data); 135:sys_sysfs:(int option, 136:sys_personality:(unsigned int personality); 138:sys_setfsuid16:(old_uid_t uid); 139:sys_setfsgid16:(old_gid_t gid); 140:sys_llseek:(unsigned int fd, unsigned long offset_high, 141:sys_getdents:(unsigned int fd, 142:sys_select: 143:sys_flock:(unsigned int fd, unsigned int cmd); 144:sys_msync:(unsigned long start, size_t len, int flags); 145:sys_readv:(unsigned long fd, 146:sys_writev:(unsigned long fd, 147:sys_getsid:(pid_t pid); 148:sys_fdatasync:(unsigned int fd); 149:sys_sysctl:(struct __sysctl_args __user *args); 150:sys_mlock:(unsigned long start, size_t len); 151:sys_munlock:(unsigned long start, size_t len); 152:sys_mlockall:(int flags) 153:sys_munlockall:(void); 154:sys_sched_setparam:(pid_t pid, 155:sys_sched_getparam:(pid_t pid, 156:sys_sched_setscheduler:(pid_t pid, int policy, 157:sys_sched_getscheduler:(pid_t pid); 158:sys_sched_yield:(void); 159:sys_sched_get_priority_max:(int policy); 160:sys_sched_get_priority_min:(int policy); 161:sys_sched_rr_get_interval:(pid_t pid, 162:sys_nanosleep:(struct timespec __user *rqtp, struct timespec __user *rmtp) 163:sys_mremap:(unsigned long addr, 164:sys_setresuid16:(old_uid_t ruid, old_uid_t euid, old_uid_t suid); 165:sys_getresuid16:(old_uid_t __user *ruid, 168:sys_poll:(struct pollfd __user *ufds, unsigned int nfds, 170:sys_setresgid16:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid); 171:sys_getresgid16:(old_gid_t __user *rgid, 172:sys_prctl: 173:sys_rt_sigreturn:long sys_rt_sigreturn(struct pt_regs *); 174:sys_rt_sigaction:long sys_rt_action(int, const struct sigaction __user *, struct sigaction __user *, size_t); 175:sys_rt_sigprocmask:(int how, sigset_t __user *set, 176:sys_rt_sigpending:(sigset_t __user *set, size_t sigsetsize); 177:sys_rt_sigtimedwait:(const sigset_t __user *uthese, 178:sys_rt_sigqueueinfo:(int pid, int sig, siginfo_t __user *uinfo); 179:sys_rt_sigsuspend: 180:sys_pread64:(unsigned int fd, char __user *buf, 181:sys_pwrite64:(unsigned int fd, const char __user *buf, 182:sys_chown16: 183:sys_getcwd:(char __user *buf, unsigned long size); 184:sys_capget:(cap_user_header_t header, 185:sys_capset:(cap_user_header_t header, 186:sys_sigaltstack:long sys_sigaltstack(const stack_t __user *, stack_t __user *, 187:sys_sendfile:(int out_fd, int in_fd, 190:sys_vfork:int sys_vfork(struct pt_regs *regs) 191:sys_getrlimit:(unsigned int resource, 192:sys_mmap2: 193:sys_truncate64:(const char __user *path, loff_t length); 194:sys_ftruncate64:(unsigned int fd, loff_t length); 195:sys_stat64:(const char __user *filename, 196:sys_lstat64:(const char __user *filename, 197:sys_fstat64:(unsigned long fd, struct stat64 __user *statbuf); 198:sys_lchown:(const char __user *filename, 199:sys_getuid:(void); 200:sys_getgid:(void); 201:sys_geteuid:(void); 202:sys_getegid:(void); 203:sys_setreuid:(old_uid_t ruid, old_uid_t euid); 204:sys_setregid:(old_gid_t rgid, old_gid_t egid); 205:sys_getgroups:(int gidsetsize, old_gid_t __user *grouplist); 206:sys_setgroups:(int gidsetsize, old_gid_t __user *grouplist); 207:sys_fchown:(unsigned int fd, old_uid_t user, old_gid_t group); 208:sys_setresuid:(old_uid_t ruid, old_uid_t euid, old_uid_t suid); 209:sys_getresuid:(old_uid_t __user *ruid, 210:sys_setresgid:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid); 211:sys_getresgid:(old_gid_t __user *rgid, 212:sys_chown: 213:sys_setuid:(old_uid_t uid); 214:sys_setgid:(old_gid_t gid); 215:sys_setfsuid:(old_uid_t uid); 216:sys_setfsgid:(old_gid_t gid); 217:sys_pivot_root:(const char __user *new_root, 218:sys_mincore:(unsigned long start, size_t len, 219:sys_madvise:(unsigned long start, size_t len, int behavior); 220:sys_getdents64:(unsigned int fd, 221:sys_fcntl64:(unsigned int fd, 222:sys_readahead:(int fd, loff_t offset, size_t count) 223:sys_sendfile64:(int out_fd, int in_fd, 224:sys_setxattr:(const char __user *path, const char __user *name, 225:sys_lsetxattr:(const char __user *path, const char __user *name, 226:sys_fsetxattr:(int fd, const char __user *name, 227:sys_getxattr:(const char __user *path, const char __user *name, 228:sys_lgetxattr:(const char __user *path, const char __user *name, 229:sys_fgetxattr:(int fd, const char __user *name, 230:sys_listxattr:(const char __user *path, char __user *list, 231:sys_llistxattr:(const char __user *path, char __user *list, 232:sys_flistxattr:(int fd, char __user *list, size_t size) 233:sys_removexattr:(const char __user *path, 234:sys_lremovexattr:(const char __user *path, 235:sys_fremovexattr:(int fd, const char __user *name); 236:sys_gettid:(void); 237:sys_tkill:(int pid, int sig); 238:sys_futex:(u32 __user *uaddr, int op, u32 val, 239:sys_sched_setaffinity:(pid_t pid, unsigned int len, 240:sys_sched_getaffinity:(pid_t pid, unsigned int len, 241:sys_tgkill:(int tgid, int pid, int sig); 243:sys_io_setup:(unsigned nr_reqs, aio_context_t __user *ctx); 244:sys_io_destroy:(aio_context_t ctx); 245:sys_io_getevents:(aio_context_t ctx_id, 246:sys_io_submit:(aio_context_t, long, 247:sys_io_cancel:(aio_context_t ctx_id, struct iocb __user *iocb, 248:sys_exit_group:(int error_code); 249:sys_epoll_create:(int size); 250:sys_epoll_ctl:(int epfd, int op, int fd, 251:sys_epoll_wait:(int epfd, struct epoll_event __user *events, 252:sys_set_tid_address:(int __user *tidptr) 253:sys_s390_fadvise64: 254:sys_timer_create:(clockid_t which_clock, 255:sys_timer_settime:(timer_t timer_id, int flags, 256:sys_timer_gettime:(timer_t timer_id, 257:sys_timer_getoverrun:(timer_t timer_id); 258:sys_timer_delete:(timer_t timer_id); 259:sys_clock_settime:(clockid_t which_clock, 260:sys_clock_gettime:(clockid_t which_clock, 261:sys_clock_getres:(clockid_t which_clock, 262:sys_clock_nanosleep: 264:sys_s390_fadvise64_64: 265:sys_statfs64:(const char __user *path, size_t sz, 266:sys_fstatfs64:(unsigned int fd, size_t sz, 267:sys_remap_file_pages: 271:sys_mq_open:(const char __user *name, int oflag, mode_t mode, struct mq_attr __user *attr); 272:sys_mq_unlink:(const char __user *name) 273:sys_mq_timedsend:(mqd_t mqdes, const char __user *msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *abs_timeout); 274:sys_mq_timedreceive:(mqd_t mqdes, char __user *msg_ptr, size_t msg_len, unsigned int __user *msg_prio, const struct timespec __user *abs_timeout); 275:sys_mq_notify:(mqd_t mqdes, const struct sigevent __user *notification); 276:sys_mq_getsetattr:(mqd_t mqdes, const struct mq_attr __user *mqstat, struct mq_attr __user *omqstat); 277:sys_kexec_load:(unsigned long entry, unsigned long nr_segments, 278:sys_add_key:(const char __user *_type, 279:sys_request_key:(const char __user *_type, 280:sys_keyctl:(int cmd, unsigned long arg2, unsigned long arg3, 281:sys_waitid:(int which, pid_t pid, 282:sys_ioprio_set:(int which, int who, int ioprio) 283:sys_ioprio_get:(int which, int who); 284:sys_inotify_init:(void); 285:sys_inotify_add_watch:(int fd, const char __user *path, 286:sys_inotify_rm_watch:(int fd, __s32 wd); 288:sys_openat:(int dfd, const char __user *filename, int flags, 289:sys_mkdirat:(int dfd, const char __user * pathname, int mode); 290:sys_mknodat:(int dfd, const char __user * filename, int mode, 291:sys_fchownat:(int dfd, const char __user *filename, uid_t user, 292:sys_futimesat: 293:sys_fstatat64:(int dfd, const char __user *filename, 294:sys_unlinkat:(int dfd, const char __user * pathname, int flag); 295:sys_renameat:(int olddfd, const char __user * oldname, 296:sys_linkat:(int olddfd, const char __user *oldname, 297:sys_symlinkat:(const char __user * oldname, 298:sys_readlinkat:(int dfd, const char __user *path, char __user *buf, 299:sys_fchmodat:(int dfd, const char __user * filename, 300:sys_faccessat:(int dfd, const char __user *filename, int mode); 301:sys_pselect6:(int, fd_set __user *, fd_set __user *, 302:sys_ppoll: 303:sys_unshare:(unsigned long unshare_flags); 304:sys_set_robust_list:(struct robust_list_head __user *head, 305:sys_get_robust_list:(int pid, 306:sys_splice:(int fd_in, loff_t __user *off_in, 307:sys_sync_file_range:(int fd, loff_t offset, loff_t nbytes, 308:sys_tee:(int fdin, int fdout, size_t len, unsigned int flags); 309:sys_vmsplice:(int fd, const struct iovec __user *iov, 311:sys_getcpu:(unsigned __user *cpu, unsigned __user *node, struct getcpu_cache __user *cache) 312:sys_epoll_pwait: 313:sys_utimes:(char __user *filename, 314:sys_s390_fallocate: 315:sys_utimensat:(int dfd, const char __user *filename, 316:sys_signalfd:(int ufd, sigset_t __user *user_mask, size_t sizemask); 318:sys_eventfd:(unsigned int count); 319:sys_timerfd_create:(int clockid, int flags); 320:sys_timerfd_settime:(int ufd, int flags, 321:sys_timerfd_gettime:(int ufd, struct itimerspec __user *otmr); 322:sys_signalfd4:(int ufd, sigset_t __user *user_mask, size_t sizemask, int flags) 323:sys_eventfd2:int sys_fork(struct pt_regs *); 324:sys_inotify_init1:(int flags); 325:sys_pipe2:int sys_fork(struct pt_regs *); 326:sys_dup3:(unsigned int oldfd, unsigned int newfd, int flags); 327:sys_epoll_create1:(int flags); 328:sys_preadv:(unsigned long fd, const struct iovec __user *vec, 329:sys_pwritev:(unsigned long fd, const struct iovec __user *vec, 330:sys_rt_tgsigqueueinfo:(pid_t tgid, pid_t pid, int sig, 331:sys_perf_event_open:( 332:sys_fanotify_init:(unsigned int flags, unsigned int event_f_flags) 333:sys_fanotify_mark:(int fanotify_fd, unsigned int flags, 334:sys_prlimit64:(pid_t pid, unsigned int resource, 335:sys_name_to_handle_at:(int dfd, const char __user *name, 336:sys_open_by_handle_at:(int mountdirfd, 337:sys_clock_adjtime:(clockid_t which_clock, 338:sys_syncfs:(int fd); 339:sys_setns:(int fd, int nstype); 340:sys_process_vm_readv:(pid_t pid, 341:sys_process_vm_writev:(pid_t pid,
64 bit syscall table
0:sys_read:(unsigned int fd, char *buf size_t count) 1:sys_write:(unsigned int fd, const char *buf size_t count) 2:sys_open:(const char *filename int flags, int mode) 3:sys_close:(unsigned int fd) 4:sys_stat:(const char *filename struct stat *statbuf) 5:sys_fstat:(unsigned int fd, struct stat *statbuf) 6:sys_lstat:(fconst, char *filename struct stat *statbuf) 7:sys_poll:(struct poll_fd *ufds unsigned int nfds, long timeout_msecs) 8:sys_lseek:(unsigned int fd, off_t, offset, unsigned int origin) 9:sys_mmap:(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long off) 10:sys_mprotect:(unsigned long start, size_t len, unsigned long prot) 11:sys_munmap:(unsigned long addr, size_t len) 12:sys_brk:(unsigned long brk) 13:sys_rt_sigaction:(int sig, const struct sigaction *act struct sigaction *oact size_t sigsetsize) 14:sys_rt_sigprocmask:(int how, sigset_t, *nset sigset_t, *oset size_t sigsetsize) 15:sys_rt_sigreturn:(unsigned long __unused) 16:sys_ioctl:(unsigned int fd, unsigned int cmd, unsigned long arg) 17:sys_pread64:(unsigned long fd, char *buf size_t count, loff_t, pos) 18:sys_pwrite64:(unsigned int fd, const char *buf size_t count, loff_t, pos) 19:sys_readv:(unsigned long fd, const struct iovec *vec unsigned long vlen) 20:sys_writev:(unsigned long fd, const struct iovec *vec unsigned long vlen) 21:sys_access:(const char *filename int mode) 22:sys_pipe:(int *filedes) 23:sys_select:(int n, fd_set *inp fd_set *outp fd_set*exp, struct timeval *tvp) 24:sys_sched_yield:() 25:sys_mremap:(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flags, unsigned long new_addr) 26:sys_msync:(unsigned long start, size_t len, int flags) 27:sys_mincore:(unsigned long start, size_t len, unsigned char *vec) 28:sys_madvise:(unsigned long start, size_t len_in, int behavior) 29:sys_shmget:(key_t, key, size_t size, int shmflg) 30:sys_shmat:(int shmid, char *shmaddr int shmflg) 31:sys_shmctl:(int shmid, int cmd, struct shmid_ds *buf) 32:sys_dup:(unsigned int fildes) 33:sys_dup2:(unsigned int oldfd, unsigned int newfd) 34:sys_pause:() 35:sys_nanosleep:(struct timespec *rqtp struct timespec *rmtp) 36:sys_getitimer:(int which, struct itimerval *value) 37:sys_alarm:(unsigned int seconds) 38:sys_setitimer:(int which, struct itimerval *value struct itimerval *ovalue) 39:sys_getpid:() 40:sys_sendfile:(int out_fd, int in_fd, off_t, *offset size_t count) 41:sys_socket:(int family, int type, int protocol) 42:sys_connect:(int fd, struct sockaddr *uservaddr int addrlen) 43:sys_accept:(int fd, struct sockaddr *upeer_sockaddr int *upeer_addrlen) 44:sys_sendto:(int fd, void *buff size_t len, unsigned flags, struct sockaddr *addr int addr_len) 45:sys_recvfrom:(int fd, void *ubuf size_t size, unsigned flags, struct sockaddr *addr int *addr_len) 46:sys_sendmsg:(int fd, struct msghdr *msg unsigned flags) 47:sys_recvmsg:(int fd, struct msghdr *msg unsigned int flags) 48:sys_shutdown:(int fd, int how) 49:sys_bind:(int fd, struct sokaddr *umyaddr int addrlen) 50:sys_listen:(int fd, int backlog) 51:sys_getsockname:(int fd, struct sockaddr *usockaddr int *usockaddr_len) 52:sys_getpeername:(int fd, struct sockaddr *usockaddr int *usockaddr_len) 53:sys_socketpair:(int family, int type, int protocol, int *usockvec) 54:sys_setsockopt:(int fd, int level, int optname, char *optval int optlen) 55:sys_getsockopt:(int fd, int level, int optname, char *optval int *optlen) 56:sys_clone:(unsigned long clone_flags, unsigned long newsp, void *parent_tid void *child_tid) 57:sys_fork:() 58:sys_vfork:() 59:sys_execve:(const char *filename const char *const argv[], const char *const envp[]) 60:sys_exit:(int error_code) 61:sys_wait4:(pid_t, upid, int *stat_addr int options, struct rusage *ru) 62:sys_kill:(pid_t, pid, int sig) 63:sys_uname:(struct old_utsname *name) 64:sys_semget:(key_t, key, int nsems, int semflg) 65:sys_semop:(int semid, struct sembuf *tsops unsigned nsops) 66:sys_semctl:(int semid, int semnum, int cmd, union, semun, arg) 67:sys_shmdt:(char *shmaddr) 68:sys_msgget:(key_t, key, int msgflg) 69:sys_msgsnd:(int msqid, struct msgbuf *msgp size_t msgsz, int msgflg) 70:sys_msgrcv:(int msqid, struct msgbuf *msgp size_t msgsz, long msgtyp, int msgflg) 71:sys_msgctl:(int msqid, int cmd, struct msqid_ds *buf) 72:sys_fcntl:(unsigned int fd, unsigned int cmd, unsigned long arg) 73:sys_flock:(unsigned int fd, unsigned int cmd) 74:sys_fsync:(unsigned int fd) 75:sys_fdatasync:(unsigned int fd) 76:sys_truncate:(const char *path long length) 77:sys_ftruncate:(unsigned int fd, unsigned long length) 78:sys_getdents:(unsigned int fd, struct linux_dirent *dirent unsigned int count) 79:sys_getcwd:(char *buf unsigned long size) 80:sys_chdir:(const char *filename) 81:sys_fchdir:(unsigned int fd) 82:sys_rename:(const char *oldname const char *newname) 83:sys_mkdir:(const char *pathname int mode) 84:sys_rmdir:(const char *pathname) 85:sys_creat:(const char *pathname int mode) 86:sys_link:(const char *oldname const char *newname) 87:sys_unlink:(const char *pathname) 88:sys_symlink:(const char *oldname const char *newname) 89:sys_readlink:(const char *path char *buf int bufsiz) 90:sys_chmod:(const char *filename mode_t, mode) 91:sys_fchmod:(unsigned int fd, mode_t, mode) 92:sys_chown:(const char *filename uid_t, user, git_t, group) 93:sys_fchown:(unsigned int fd, uid_t, user, git_t, group) 94:sys_lchown:(const char *filename uid_t, user, git_t, group) 95:sys_umask:(int mask) 96:sys_gettimeofday:(struct timeval *tv struct timezone *tz) 97:sys_getrlimit:(unsigned int resource, struct rlimit *rlim) 98:sys_getrusage:(int who, struct rusage *ru) 99:sys_sysinfo:(struct sysinfo *info) 100:sys_times:(struct sysinfo *info) 101:sys_ptrace:(long request, long pid, unsigned long addr, unsigned long data) 102:sys_getuid:() 103:sys_syslog:(int type, char *buf int len) 104:sys_getgid:() 105:sys_setuid:(uid_t, uid) 106:sys_setgid:(git_t, gid) 107:sys_geteuid:() 108:sys_getegid:() 109:sys_setpgid:(pid_t, pid, pid_t, pgid) 110:sys_getppid:() 111:sys_getpgrp:() 112:sys_setsid:() 113:sys_setreuid:(uid_t, ruid, uid_t, euid) 114:sys_setregid:(git_t, rgid, gid_t, egid) 115:sys_getgroups:(int gidsetsize, gid_t, *grouplist) 116:sys_setgroups:(int gidsetsize, gid_t, *grouplist) 117:sys_setresuid:(uid_t, *ruid uid_t, *euid uid_t, *suid) 118:sys_getresuid:(uid_t, *ruid uid_t, *euid uid_t, *suid) 119:sys_setresgid:(gid_t, rgid, gid_t, egid, gid_t, sgid) 120:sys_getresgid:(git_t, *rgid git_t, *egid git_t, *sgid) 121:sys_getpgid:(pid_t, pid) 122:sys_setfsuid:(uid_t, uid) 123:sys_setfsgid:(gid_t, gid) 124:sys_getsid:(pid_t, pid) 125:sys_capget:(cap_user_header_t, header, cap_user_data_t, dataptr) 126:sys_capset:(cap_user_header_t, header, const cap_user_data_t, data) 127:sys_rt_sigpending:(sigset_t, *set size_t sigsetsize) 128:sys_rt_sigtimedwait:(const sigset_t, *uthese siginfo_t, *uinfo const struct timespec *uts size_t sigsetsize) 129:sys_rt_sigqueueinfo:(pid_t, pid, int sig, siginfo_t, *uinfo) 130:sys_rt_sigsuspend:(sigset_t, *unewset size_t sigsetsize) 131:sys_sigaltstack:(const stack_t, *uss stack_t, *uoss) 132:sys_utime:(char *filename struct utimbuf *times) 133:sys_mknod:(const char *filename int mode, unsigned dev) 134:sys_uselib:(NOT, IMPLEMENTED) 135:sys_personality:(unsigned int personality) 136:sys_ustat:(unsigned dev, struct ustat *ubuf) 137:sys_statfs:(const char *pathname struct statfs *buf) 138:sys_fstatfs:(unsigned int fd, struct statfs *buf) 139:sys_sysfs:(int option, unsigned long arg1, unsigned long arg2) 140:sys_getpriority:(int which, int who) 141:sys_setpriority:(int which, int who, int niceval) 142:sys_sched_setparam:(pid_t, pid, struct sched_param *param) 143:sys_sched_getparam:(pid_t, pid, struct sched_param *param) 144:sys_sched_setscheduler:(pid_t, pid, int policy, struct sched_param *param) 145:sys_sched_getscheduler:(pid_t, pid) 146:sys_sched_get_priority_max:(int policy) 147:sys_sched_get_priority_min:(int policy) 148:sys_sched_rr_get_interval:(pid_t, pid, struct timespec *interval) 149:sys_mlock:(unsigned long start, size_t len) 150:sys_munlock:(unsigned long start, size_t len) 151:sys_mlockall:(int flags) 152:sys_munlockall:() 153:sys_vhangup:() 154:sys_modify_ldt:(int func, void *ptr unsigned long bytecount) 155:sys_pivot_root:(const char *new_root const char *put_old) 156:sys__sysctl:(struct __sysctl_args *args) 157:sys_prctl:(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) 158:sys_arch_prctl:(struct task_struct *task int code, unsigned long *addr) 159:sys_adjtimex:(struct timex *txc_p) 160:sys_setrlimit:(unsigned int resource, struct rlimit *rlim) 161:sys_chroot:(const char *filename) 162:sys_sync:() 163:sys_acct:(const char *name) 164:sys_settimeofday:(struct timeval *tv struct timezone *tz) 165:sys_mount:(char *dev_name char *dir_name char *type unsigned long flags, void *data) 166:sys_umount2:(const char *target int flags) 167:sys_swapon:(const char *specialfile int swap_flags) 168:sys_swapoff:(const char *specialfile) 169:sys_reboot:(int magic1, int magic2, unsigned int cmd, void *arg) 170:sys_sethostname:(char *name int len) 171:sys_setdomainname:(char *name int len) 172:sys_iopl:(unsigned int level, struct pt_regs *regs) 173:sys_ioperm:(unsigned long from, unsigned long num, int turn_on) 174:sys_create_module:(REMOVED, IN, Linux, 2.6) 175:sys_init_module:(void *umod unsigned long len, const char *uargs) 176:sys_delete_module:(const chat, *name_user unsigned int flags) 177:sys_get_kernel_syms:(REMOVED, IN, Linux, 2.6) 178:sys_query_module:(REMOVED, IN, Linux, 2.6) 179:sys_quotactl:(unsigned int cmd, const char *special qid_t, id, void *addr) 180:sys_nfsservctl:(NOT, IMPLEMENTED) 181:sys_getpmsg:(NOT, IMPLEMENTED) 182:sys_putpmsg:(NOT, IMPLEMENTED) 183:sys_afs_syscall:(NOT, IMPLEMENTED) 184:sys_tuxcall:(NOT, IMPLEMENTED) 185:sys_security:(NOT, IMPLEMENTED) 186:sys_gettid:() 187:sys_readahead:(int fd, loff_t, offset, size_t count) 188:sys_setxattr:(const char *pathname const char *name const void *value size_t size, int flags) 189:sys_lsetxattr:(const char *pathname const char *name const void *value size_t size, int flags) 190:sys_fsetxattr:(int fd, const char *name const void *value size_t size, int flags) 191:sys_getxattr:(const char *pathname const char *name void *value size_t size) 192:sys_lgetxattr:(const char *pathname const char *name void *value size_t size) 193:sys_fgetxattr:(int fd, const har, *name void *value size_t size) 194:sys_listxattr:(const char *pathname char *list size_t size) 195:sys_llistxattr:(const char *pathname char *list size_t size) 196:sys_flistxattr:(int fd, char *list size_t size) 197:sys_removexattr:(const char *pathname const char *name) 198:sys_lremovexattr:(const char *pathname const char *name) 199:sys_fremovexattr:(int fd, const char *name) 200:sys_tkill:(pid_t, pid, ing, sig) 201:sys_time:(time_t, *tloc) 202:sys_futex:(u32, *uaddr int op, u32, val, struct timespec *utime u32, *uaddr2 u32, val3) 203:sys_sched_setaffinity:(pid_t, pid, unsigned int len, unsigned long *user_mask_ptr) 204:sys_sched_getaffinity:(pid_t, pid, unsigned int len, unsigned long *user_mask_ptr) 205:sys_set_thread_area:(NOT, IMPLEMENTED., Use, arch_prctl) 206:sys_io_setup:(unsigned nr_events, aio_context_t, *ctxp) 207:sys_io_destroy:(aio_context_t, ctx) 208:sys_io_getevents:(aio_context_t, ctx_id, long min_nr, long nr, struct io_event *events) 209:sys_io_submit:(aio_context_t, ctx_id, long nr, struct iocb **iocbpp) 210:sys_io_cancel:(aio_context_t, ctx_id, struct iocb *iocb struct io_event *result) 211:sys_get_thread_area:(NOT, IMPLEMENTED., Use, arch_prctl) 212:sys_lookup_dcookie:(u64, cookie64, long buf, long len) 213:sys_epoll_create:(int size) 214:sys_epoll_ctl_old:(NOT, IMPLEMENTED) 215:sys_epoll_wait_old:(NOT, IMPLEMENTED) 216:sys_remap_file_pages:(unsigned long start, unsigned long size, unsigned long prot, unsigned long pgoff, unsigned long flags) 217:sys_getdents64:(unsigned int fd, struct linux_dirent64 *dirent unsigned int count) 218:sys_set_tid_address:(int *tidptr) 219:sys_restart_syscall:() 220:sys_semtimedop:(int semid, struct sembuf *tsops unsigned nsops, const struct timespec *timeout) 221:sys_fadvise64:(int fd, loff_t, offset, size_t len, int advice) 222:sys_timer_create:(const clockid_t, which_clock, struct sigevent *timer_event_spec timer_t, *created_timer_id) 223:sys_timer_settime:(timer_t, timer_id, int flags, const struct itimerspec *new_setting struct itimerspec *old_setting) 224:sys_timer_gettime:(timer_t, timer_id, struct itimerspec *setting) 225:sys_timer_getoverrun:(timer_t, timer_id) 226:sys_timer_delete:(timer_t, timer_id) 227:sys_clock_settime:(const clockid_t, which_clock, const struct timespec *tp) 228:sys_clock_gettime:(const clockid_t, which_clock, struct timespec *tp) 229:sys_clock_getres:(const clockid_t, which_clock, struct timespec *tp) 230:sys_clock_nanosleep:(const clockid_t, which_clock, int flags, const struct timespec *rqtp struct timespec *rmtp) 231:sys_exit_group:(int error_code) 232:sys_epoll_wait:(int epfd, struct epoll_event *events int maxevents, int timeout) 233:sys_epoll_ctl:(int epfd, int op, int fd, struct epoll_event *event) 234:sys_tgkill:(pid_t, tgid, pid_t, pid, int sig) 235:sys_utimes:(char *filename struct timeval *utimes) 236:sys_vserver:(NOT, IMPLEMENTED) 237:sys_mbind:(unsigned long start, unsigned long len, unsigned long mode, unsigned long *nmask unsigned long maxnode, unsigned flags) 238:sys_set_mempolicy:(int mode, unsigned long *nmask unsigned long maxnode) 239:sys_get_mempolicy:(int *policy unsigned long *nmask unsigned long maxnode, unsigned long addr, unsigned long flags) 240:sys_mq_open:(const char *u_name int oflag, mode_t, mode, struct mq_attr *u_attr) 241:sys_mq_unlink:(const char *u_name) 242:sys_mq_timedsend:(mqd_t, mqdes, const char *u_msg_ptr size_t msg_len, unsigned int msg_prio, const stuct, timespec, *u_abs_timeout) 243:sys_mq_timedreceive:(mqd_t, mqdes, char *u_msg_ptr size_t msg_len, unsigned int *u_msg_prio const struct timespec *u_abs_timeout) 244:sys_mq_notify:(mqd_t, mqdes, const struct sigevent *u_notification) 245:sys_mq_getsetattr:(mqd_t, mqdes, const struct mq_attr *u_mqstat struct mq_attr *u_omqstat) 246:sys_kexec_load:(unsigned long entry, unsigned long nr_segments, struct kexec_segment *segments unsigned long flags) 247:sys_waitid:(int which, pid_t, upid, struct siginfo *infop int options, struct rusage *ru) 248:sys_add_key:(const char *_type const char *_description const void *_payload size_t plen) 249:sys_request_key:(const char *_type const char *_description const char *_callout_info key_serial_t, destringid) 250:sys_keyctl:(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) 251:sys_ioprio_set:(int which, int who, int ioprio) 252:sys_ioprio_get:(int which, int who) 253:sys_inotify_init:() 254:sys_inotify_add_watch:(int fd, const char *pathname u32, mask) 255:sys_inotify_rm_watch:(int fd, __s32 wd) 256:sys_migrate_pages:(pid_t, pid, unsigned long maxnode, const unsigned long *old_nodes const unsigned long *new_nodes) 257:sys_openat:(int dfd, const char *filename int flags, int mode) 258:sys_mkdirat:(int dfd, const char *pathname int mode) 259:sys_mknodat:(int dfd, const char *filename int mode, unsigned dev) 260:sys_fchownat:(int dfd, const char *filename uid_t, user, gid_t, group, int flag) 261:sys_futimesat:(int dfd, const char *filename struct timeval *utimes) 262:sys_newfstatat:(int dfd, const char *filename struct stat *statbuf int flag) 263:sys_unlinkat:(int dfd, const char *pathname int flag) 264:sys_renameat:(int oldfd, const char *oldname int newfd, const char *newname) 265:sys_linkat:(int oldfd, const char *oldname int newfd, const char *newname int flags) 266:sys_symlinkat:(const char *oldname int newfd, const char *newname) 267:sys_readlinkat:(int dfd, const char *pathname char *buf int bufsiz) 268:sys_fchmodat:(int dfd, const char *filename mode_t, mode) 269:sys_faccessat:(int dfd, const char *filename int mode) 270:sys_pselect6:(int n, fd_set *inp fd_set *outp fd_set *exp struct timespec *tsp void *sig) 271:sys_ppoll:(struct pollfd *ufds unsigned int nfds, struct timespec *tsp const sigset_t, *sigmask size_t sigsetsize) 272:sys_unshare:(unsigned long unshare_flags) 273:sys_set_robust_list:(struct robust_list_head *head size_t len) 274:sys_get_robust_list:(int pid, struct robust_list_head **head_ptr size_t *len_ptr) 275:sys_splice:(int fd_in, loff_t, *off_in int fd_out, loff_t, *off_out size_t len, unsigned int flags) 276:sys_tee:(int fdin, int fdout, size_t len, unsigned int flags) 277:sys_sync_file_range:(long fd, loff_t, offset, loff_t, bytes, long flags) 278:sys_vmsplice:(int fd, const struct iovec *iov unsigned long nr_segs, unsigned int flags) 279:sys_move_pages:(pid_t, pid, unsigned long nr_pages, const void **pages const int *nodes int *status int flags) 280:sys_utimensat:(int dfd, const char *filename struct timespec *utimes int flags) 281:sys_epoll_pwait:(int epfd, struct epoll_event *events int maxevents, int timeout, const sigset_t, *sigmask size_t sigsetsize) 282:sys_signalfd:(int ufd, sigset_t, *user_mask size_t sizemask) 283:sys_timerfd_create:(int clockid, int flags) 284:sys_eventfd:(unsigned int count) 285:sys_fallocate:(long fd, long mode, loff_t, offset, loff_t, len) 286:sys_timerfd_settime:(int ufd, int flags, const struct itimerspec *utmr struct itimerspec *otmr) 287:sys_timerfd_gettime:(int ufd, struct itimerspec *otmr) 288:sys_accept4:(int fd, struct sockaddr *upeer_sockaddr int *upeer_addrlen int flags) 289:sys_signalfd4:(int ufd, sigset_t, *user_mask size_t sizemask, int flags) 290:sys_eventfd2:(unsigned int count, int flags) 291:sys_epoll_create1:(int flags) 292:sys_dup3:(unsigned int oldfd, unsigned int newfd, int flags) 293:sys_pipe2:(int *filedes int flags) 294:sys_inotify_init1:(int flags) 295:sys_preadv:(unsigned long fd, const struct iovec *vec unsigned long vlen, unsigned long pos_l, unsigned long pos_h) 296:sys_pwritev:(unsigned long fd, const struct iovec *vec unsigned long vlen, unsigned long pos_l, unsigned long pos_h) 297:sys_rt_tgsigqueueinfo:(pid_t, tgid, pid_t, pid, int sig, siginfo_t, *uinfo) 298:sys_perf_event_open:(struct perf_event_attr *attr_uptr pid_t, pid, int cpu, int group_fd, unsigned long flags) 299:sys_recvmmsg:(int fd, struct msghdr *mmsg unsigned int vlen, unsigned int flags, struct timespec *timeout) 300:sys_fanotify_init:(unsigned int flags, unsigned int event_f_flags) 301:sys_fanotify_mark:(long fanotify_fd, long flags, __u64 mask, long dfd, long pathname) 302:sys_prlimit64:(pid_t, pid, unsigned int resource, const struct rlimit64 *new_rlim struct rlimit64 *old_rlim) 303:sys_name_to_handle_at:(int dfd, const char *name struct file_handle *handle int *mnt_id int flag) 304:sys_open_by_handle_at:(int dfd, const char *name struct file_handle *handle int *mnt_id int flags) 305:sys_clock_adjtime:(clockid_t, which_clock, struct timex *tx) 306:sys_syncfs:(int fd) 307:sys_sendmmsg:(int fd, struct mmsghdr *mmsg unsigned int vlen, unsigned int flags) 308:sys_setns:(int fd, int nstype) 309:sys_getcpu:(unsigned *cpup unsigned *nodep struct getcpu_cache *unused) 310:sys_process_vm_readv:(pid_t, pid, const struct iovec *lvec unsigned long liovcnt, const struct iovec *rvec unsigned long riovcnt, unsigned long flags) 311:sys_process_vm_writev:(pid_t, pid, const struct iovec *lvec unsigned long liovcnt, const struct iovcc *rvec unsigned long riovcnt, unsigned long flags) 312:sys_kcmp:(pid_t, pid1, pid_t, pid2, int type, unsigned long idx1, unsigned long idx2) 313:sys_finit_module:(int fd, const char __user *uargs int flags) 314:sys_sched_setattr:(pid_t, pid, struct sched_attr __user *attr unsigned int flags) 315:sys_sched_getattr:(pid_t, pid, struct sched_attr __user *attr unsigned int size, unsigned int flags) 316:sys_renameat2:(int olddfd, const char __user *oldname int newdfd,, const char __user *newname unsigned int flags) 317:sys_seccomp:(unsigned int op, unsigned int flags, const char __user *uargs) 318:sys_getrandom:(char __user *buf size_t count, unsigned int flags) 319:sys_memfd_create:(const char __user *uname_ptr unsigned int flags) 320:sys_kexec_file_load:(int kernel_fd, int initrd_fd, unsigned long cmdline_len, const char __user *cmdline_ptr unsigned long flags) 321:sys_bpf:(int cmd, union, bpf_attr, *attr unsigned int size) 322:stub_execveat, int dfd, const char __user *filename const char __user *const __user *argv const char __user *const __user *envp int flags)