Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "User:Trep/32bit syscall table"

From NetSec
Jump to: navigation, search
Line 1,087: Line 1,087:
 
341,sys_process_vm_writev, pid_t pid,
 
341,sys_process_vm_writev, pid_t pid,
 
</tab>
 
</tab>
 +
 +
 +
 +
== Introduction ==
 +
 +
 +
In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls which use the kernel interrupt code '''int $0x80''' in assembly or '''\xcd\x80''' in machine byte code. By placing the required data in the proper registers and calling the interrupt the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the '''call''' command to pass control to the linked function located in the C library.
 +
 +
 +
== Unlinked System Calls for 32bit systems==
 +
 +
 +
On a 32bit system all system calls follow the same format. The system call to be made is moved into '''%eax''' and then depending on the function which you are calling the arguments go into '''%ebx, %ecx, %edx, %esx''' and '''%edi''' where '''%ebx''' would be the first argument to the system call, '''%ecx''' would be the second and so forth. Once you have all your registers set in place you can make your '''int $0x80''' interrupt call to pass program flow to the kernel to complete the function.
 +
 +
 +
  function_call(%eax) = function(%ebx,  %ecx,  %edx,  %esx,  %edi)
 +
                ^system          ^arg1  ^arg2  ^arg3  ^arg4  ^arg5
 +
                  call #
 +
 +
 +
This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in '''%eax''' and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand.
 +
 +
 +
An example of this would be '''exit()''' which is documented as '''1:sys_exit:(int error_code);'''.
 +
 +
 +
{{code|text=<source lang="asm">
 +
_start:
 +
 +
movl $1, %eax
 +
mov $0, %ebx
 +
int $0x80
 +
</source>}}
 +
 +
 +
In this call to the function '''exit()''' we placed the system interrupt call number into '''%eax''' and then the return value into the first argument '''%ebx''' and then made the interrupt call. Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for '''%eax''' for the system call number itself.
 +
 +
== Linked System Calls for 32bit systems ==
 +
 +
 +
Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows:
 +
 +
 +
  as exit-lib.s -o exit-lib.o
 +
  ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc
 +
 +
 +
By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a '''call''' instruction to the function you wish to invoke. An example is as follows:
 +
 +
 +
{{code|text=<source lang="asm">
 +
_start:
 +
 +
pushl $0
 +
call exit
 +
</source>}}
 +
 +
 +
As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others.
 +
 +
 +
== Other Code Comparisons ==
 +
 +
 +
Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call.
 +
 +
'''Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)'''
 +
 +
{{code|text=<source lang="asm">
 +
.section .data
 +
hello:
 +
  .ascii "hello world\n"
 +
hello_end:
 +
 +
.equ hello_len, hello_end - hello
 +
 +
.section .text
 +
 +
.global _start
 +
 +
_start:
 +
movl $1, %ebx
 +
movl $hello, $ecx
 +
movl $hello_len, %edx
 +
movl $4, %eax
 +
int $0x80
 +
 +
movl $1, %eax
 +
movl $0, %ebx
 +
int $0x80
 +
</source>}}
 +
 +
 +
{{code|text=<source lang="asm">
 +
.section .data
 +
hello:
 +
  .ascii "hello world\n"
 +
 +
.section .text
 +
 +
.global _start
 +
 +
_start:
 +
pushl $hello
 +
call printf
 +
 +
pushl $0
 +
call exit
 +
</source>}}
 +
 +
 +
'''Making A Directory 39:sys_mkdir(const char *pathname, int mode)'''
 +
 +
 +
{{code|text=<source lang="asm">
 +
.section .data
 +
dir:
 +
  .ascii "/root/Desktop/lol/"
 +
 +
.section .text
 +
 +
.global _start
 +
 +
_start:
 +
movl $dir, %ebx
 +
movl $777, $ecx
 +
movl $39, %eax
 +
int $0x80
 +
 +
movl $1, %eax
 +
movl $0, %ebx
 +
int $0x80
 +
</source>}}
 +
 +
 +
{{code|text=<source lang="asm">
 +
.section .data
 +
dir:
 +
  .ascii "/root/Desktop/lol/"
 +
 +
.section .text
 +
 +
.global _start
 +
 +
_start:
 +
pushl $777
 +
pushl $dir
 +
call mkdir
 +
 +
pushl $0
 +
call exit
 +
</source>}}

Revision as of 09:09, 5 May 2012

Wikitable Format

 %eax Name  %ebx  %ecx  %edx  %esx  %edi
1 sys_exit
 int error_code
2 sys_fork
 struct pt_regs *
3 sys_read
 unsigned int fd 
 char *buf 
 size_t count  
4 sys_write
 unsigned int fd
 const char *buf
 size_t count 
5 sys_open
 const char *filename 
 int flags 
 mode_t mode 
6 sys_close
 unsigned int fd 
7 sys_restart_syscall
 void
8 sys_creat
  const char *pathname
  int mode
9 sys_link
  const char *oldname
  const char *newname
10 sys_unlink
  const char *pathname
11 long sys_execve
 const char *filename
  char *const argv[]
  char *const envp[]
12 sys_chdir
  const char *path
13 sys_time
  time_t *tloc
14 sys_mknod
  const char *filename
  mode_t mode
  dev_t dev
15 sys_chmod
  const char *filename
  mode_t mode
16 sys_lchown16
  const char *path
  old_uid_t owner
  old_gid_t group
19 sys_lseek
  int fd
  off_t offset
  int whence
20 sys_getpid
  void
21 sys_mount
  char *dev
  char *dir
22 sys_oldmount
  char *name
23 sys_setuid16
  old_uid_t uid
24 sys_getuid16
 void 
25 sys_stime
 time_t *tptr 
26 sys_ptrace
 long request 
 long pid 
 unsigned long addr 
 unsigned long data 
27 sys_alarm unsigned int seconds
29 sys_pause void
30 sys_utime char *filename
33 sys_access const char *filename int mode
34 sys_nice int increment
36 sys_sync void
37 sys_kill int pid int sig
38 sys_rename const char *oldname const char *newname
39 sys_mkdir const char *pathname int mode
40 sys_rmdir const char *pathname
41 sys_dup unsigned int filedes
42 sys_pipe int sys_fork(struct pt_regs *
43 sys_times struct tms *tbuf
45 sys_brk unsigned long brk
46 sys_setgid16 old_git_t gid
47 sys_getgid16 void
48 sys_signal int sig __sighandler_t handler
49 sys_geteuid16 void
50 sys_getegid16 void
51 sys_acct const char *name
52 sys_umount char *name int flags
54 sys_ioctl unsigned int fd insigned int cmd
55 sys_fcntl unsigned int fd unsigned int cmd unsigned long arg
57 sys_getpgid pid_t pid pid_t pgid
60 sys_umask int mask
61 sys_chroot const char *filename
62 sys_ustat unsigned dev struct ustat *ubuf
63 sys_dup2 int sys_fork(struct pt_regs *)
64 sys_getppid void
65 sys_getpgrp void
66 sys_setsid void
67 sys_sigaction

List Format


 1:sys_exit:(int error_code);
 2:sys_fork:int sys_fork(struct pt_regs *);
 3:sys_read:(unsigned int fd, char __user *buf, size_t count);
 4:sys_write:(unsigned int fd, const char __user *buf,
 5:sys_open:(const char __user *filename,
 6:sys_close:(unsigned int fd);
 7:sys_restart_syscall:(void);
 8:sys_creat:(const char __user *pathname, int mode);
 9:sys_link:(const char __user *oldname,
 10:sys_unlink:(const char __user *pathname);
 11:sys_execve:long sys_execve(const char __user *,
 12:sys_chdir:(const char __user *filename)
 13:sys_time:(time_t __user *tloc);
 14:sys_mknod:(const char __user *filename, int mode,
 15:sys_chmod:(const char __user *filename, mode_t mode);
 16:sys_lchown16:(const char __user *filename,
 19:sys_lseek:(unsigned int fd, off_t offset,
 20:sys_getpid:(void);
 21:sys_mount:(char __user *dev_name, char __user *dir_name,
 22:sys_oldumount:(char __user *name)
 23:sys_setuid16:(old_uid_t uid);
 24:sys_getuid16:(void);
 25:sys_stime:(time_t __user *tptr);
 26:sys_ptrace:(long request, long pid, unsigned long addr,
 27:sys_alarm:(unsigned int seconds);
 29:sys_pause:(void);
 30:sys_utime:(char __user *filename,
 33:sys_access:(const char __user *filename, int mode);
 34:sys_nice:(int increment);
 36:sys_sync:(void);
 37:sys_kill:(int pid, int sig);
 38:sys_rename:(const char __user *oldname,
 39:sys_mkdir:(const char __user *pathname, int mode);
 40:sys_rmdir:(const char __user *pathname);
 41:sys_dup:(unsigned int fildes);
 42:sys_pipe:int sys_fork(struct pt_regs *);
 43:sys_times:(struct tms __user *tbuf);
 45:sys_brk:(unsigned long brk);
 46:sys_setgid16:(old_gid_t gid);
 47:sys_getgid16:(void);
 48:sys_signal:(int sig, __sighandler_t handler);
 49:sys_geteuid16:(void);
 50:sys_getegid16:(void);
 51:sys_acct:(const char __user *name);
 52:sys_umount:(char __user *name, int flags)
 54:sys_ioctl:(unsigned int fd, unsigned int cmd,
 55:sys_fcntl:(unsigned int fd, unsigned int cmd, unsigned long arg);
 57:sys_setpgid:(pid_t pid, pid_t pgid);
 60:sys_umask:(int mask);
 61:sys_chroot:(const char __user *filename);
 62:sys_ustat:(unsigned dev, struct ustat __user *ubuf)
 63:sys_dup2:int sys_fork(struct pt_regs *);
 64:sys_getppid:(void);
 65:sys_getpgrp:(void);
 66:sys_setsid:(void);
 67:sys_sigaction:asmlinkage int sys_sigaction(int, const struct old_sigaction __user *,
 70:sys_setreuid16:(old_uid_t ruid, old_uid_t euid);
 71:sys_setregid16:(old_gid_t rgid, old_gid_t egid);
 72:sys_sigsuspend:asmlinkage int sys_sigsuspend(int, int, old_sigset_t);
 73:sys_sigpending:(old_sigset_t __user *set);
 74:sys_sethostname:(char __user *name, int len);
 75:sys_setrlimit:(unsigned int resource,
 76:sys_old_getrlimit:(unsigned int resource, struct rlimit __user *rlim);
 77:sys_getrusage:(int who, struct rusage __user *ru);
 78:sys_gettimeofday:(struct timeval __user *tv,
 79:sys_settimeofday:(struct timeval __user *tv,
 80:sys_getgroups16:(int gidsetsize, old_gid_t __user *grouplist);
 81:sys_setgroups16:(int gidsetsize, old_gid_t __user *grouplist);
 83:sys_symlink:(const char __user *old, const char __user *new);
 85:sys_readlink:(const char __user *path,
 86:sys_uselib:(const char __user *library);
 87:sys_swapon:(const char __user *specialfile, int swap_flags);
 88:sys_reboot:(int magic1, int magic2, unsigned int cmd,
 89:sys_ni_syscall:(void);
 90:sys_old_mmap:(struct mmap_arg_struct __user *arg);
 91:sys_munmap:(unsigned long addr, size_t len);
 92:sys_truncate:(const char __user *path, loff_t length);
 93:sys_ftruncate:(unsigned int fd, unsigned long length);
 94:sys_fchmod:(unsigned int fd, mode_t mode);
 95:sys_fchown16:(unsigned int fd, old_uid_t user, old_gid_t group);
 96:sys_getpriority:(int which, int who);
 97:sys_setpriority:(int which, int who, int niceval);
 99:sys_statfs:(const char __user * path,
 100:sys_fstatfs:(unsigned int fd, struct statfs __user *buf);
 102:sys_socketcall:(int call, unsigned long __user *args)
 103:sys_syslog:(int type, char __user *buf, int len);
 104:sys_setitimer:(int which,
 105:sys_getitimer:(int which, struct itimerval __user *value);
 106:sys_newstat:(const char __user *filename,
 107:sys_newlstat:(const char __user *filename,
 108:sys_newfstat:(unsigned int fd, struct stat __user *statbuf);
 110:sys_lookup_dcookie:(u64 cookie64, char __user *buf, size_t len);
 111:sys_vhangup:(void)
 114:sys_wait4:(pid_t pid, int __user *stat_addr,
 115:sys_swapoff:(const char __user *specialfile);
 116:sys_sysinfo:(struct sysinfo __user *info);
 117:sys_s390_ipc:
 118:sys_fsync:(unsigned int fd);
 119:sys_sigreturn:unsigned long sys_sigreturn(struct pt_regs *);
 120:sys_clone:long sys_clone(unsigned long, unsigned long, void __user *,
 121:sys_setdomainname:(char __user *name, int len);
 122:sys_newuname:(struct new_utsname __user *name)
 124:sys_adjtimex:(struct timex __user *txc_p);
 125:sys_mprotect:(unsigned long start, size_t len,
 126:sys_sigprocmask:(int how, old_sigset_t __user *set,
 128:sys_init_module:(void __user *umod, unsigned long len,
 129:sys_delete_module:(const char __user *name_user,
 131:sys_quotactl:(unsigned int cmd, const char __user *special,
 132:sys_getpgid:(pid_t pid)
 133:sys_fchdir:(unsigned int fd);
 134:sys_bdflush:(int func, long data);
 135:sys_sysfs:(int option,
 136:sys_personality:(unsigned int personality);
 138:sys_setfsuid16:(old_uid_t uid);
 139:sys_setfsgid16:(old_gid_t gid);
 140:sys_llseek:(unsigned int fd, unsigned long offset_high,
 141:sys_getdents:(unsigned int fd,
 142:sys_select:
 143:sys_flock:(unsigned int fd, unsigned int cmd);
 144:sys_msync:(unsigned long start, size_t len, int flags);
 145:sys_readv:(unsigned long fd,
 146:sys_writev:(unsigned long fd,
 147:sys_getsid:(pid_t pid);
 148:sys_fdatasync:(unsigned int fd);
 149:sys_sysctl:(struct __sysctl_args __user *args);
 150:sys_mlock:(unsigned long start, size_t len);
 151:sys_munlock:(unsigned long start, size_t len);
 152:sys_mlockall:(int flags)
 153:sys_munlockall:(void);
 154:sys_sched_setparam:(pid_t pid,
 155:sys_sched_getparam:(pid_t pid,
 156:sys_sched_setscheduler:(pid_t pid, int policy,
 157:sys_sched_getscheduler:(pid_t pid);
 158:sys_sched_yield:(void);
 159:sys_sched_get_priority_max:(int policy);
 160:sys_sched_get_priority_min:(int policy);
 161:sys_sched_rr_get_interval:(pid_t pid,
 162:sys_nanosleep:(struct timespec __user *rqtp, struct timespec __user *rmtp)
 163:sys_mremap:(unsigned long addr,
 164:sys_setresuid16:(old_uid_t ruid, old_uid_t euid, old_uid_t suid);
 165:sys_getresuid16:(old_uid_t __user *ruid,
 168:sys_poll:(struct pollfd __user *ufds, unsigned int nfds,
 170:sys_setresgid16:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid);
 171:sys_getresgid16:(old_gid_t __user *rgid,
 172:sys_prctl:
 173:sys_rt_sigreturn:long sys_rt_sigreturn(struct pt_regs *);
 174:sys_rt_sigaction:long sys_rt_action(int, const struct sigaction __user *, struct sigaction __user *, size_t);
 175:sys_rt_sigprocmask:(int how, sigset_t __user *set,
 176:sys_rt_sigpending:(sigset_t __user *set, size_t sigsetsize);
 177:sys_rt_sigtimedwait:(const sigset_t __user *uthese,
 178:sys_rt_sigqueueinfo:(int pid, int sig, siginfo_t __user *uinfo);
 179:sys_rt_sigsuspend:
 180:sys_pread64:(unsigned int fd, char __user *buf,
 181:sys_pwrite64:(unsigned int fd, const char __user *buf,
 182:sys_chown16:
 183:sys_getcwd:(char __user *buf, unsigned long size);
 184:sys_capget:(cap_user_header_t header,
 185:sys_capset:(cap_user_header_t header,
 186:sys_sigaltstack:long sys_sigaltstack(const stack_t __user *, stack_t __user *,
 187:sys_sendfile:(int out_fd, int in_fd,
 190:sys_vfork:int sys_vfork(struct pt_regs *regs)
 191:sys_getrlimit:(unsigned int resource,
 192:sys_mmap2:
 193:sys_truncate64:(const char __user *path, loff_t length);
 194:sys_ftruncate64:(unsigned int fd, loff_t length);
 195:sys_stat64:(const char __user *filename,
 196:sys_lstat64:(const char __user *filename,
 197:sys_fstat64:(unsigned long fd, struct stat64 __user *statbuf);
 198:sys_lchown:(const char __user *filename,
 199:sys_getuid:(void);
 200:sys_getgid:(void);
 201:sys_geteuid:(void);
 202:sys_getegid:(void);
 203:sys_setreuid:(old_uid_t ruid, old_uid_t euid);
 204:sys_setregid:(old_gid_t rgid, old_gid_t egid);
 205:sys_getgroups:(int gidsetsize, old_gid_t __user *grouplist);
 206:sys_setgroups:(int gidsetsize, old_gid_t __user *grouplist);
 207:sys_fchown:(unsigned int fd, old_uid_t user, old_gid_t group);
 208:sys_setresuid:(old_uid_t ruid, old_uid_t euid, old_uid_t suid);
 209:sys_getresuid:(old_uid_t __user *ruid,
 210:sys_setresgid:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid);
 211:sys_getresgid:(old_gid_t __user *rgid,
 212:sys_chown:
 213:sys_setuid:(old_uid_t uid);
 214:sys_setgid:(old_gid_t gid);
 215:sys_setfsuid:(old_uid_t uid);
 216:sys_setfsgid:(old_gid_t gid);
 217:sys_pivot_root:(const char __user *new_root,
 218:sys_mincore:(unsigned long start, size_t len,
 219:sys_madvise:(unsigned long start, size_t len, int behavior);
 220:sys_getdents64:(unsigned int fd,
 221:sys_fcntl64:(unsigned int fd,
 222:sys_readahead:(int fd, loff_t offset, size_t count)
 223:sys_sendfile64:(int out_fd, int in_fd,
 224:sys_setxattr:(const char __user *path, const char __user *name,
 225:sys_lsetxattr:(const char __user *path, const char __user *name,
 226:sys_fsetxattr:(int fd, const char __user *name,
 227:sys_getxattr:(const char __user *path, const char __user *name,
 228:sys_lgetxattr:(const char __user *path, const char __user *name,
 229:sys_fgetxattr:(int fd, const char __user *name,
 230:sys_listxattr:(const char __user *path, char __user *list,
 231:sys_llistxattr:(const char __user *path, char __user *list,
 232:sys_flistxattr:(int fd, char __user *list, size_t size)
 233:sys_removexattr:(const char __user *path,
 234:sys_lremovexattr:(const char __user *path,
 235:sys_fremovexattr:(int fd, const char __user *name);
 236:sys_gettid:(void);
 237:sys_tkill:(int pid, int sig);
 238:sys_futex:(u32 __user *uaddr, int op, u32 val,
 239:sys_sched_setaffinity:(pid_t pid, unsigned int len,
 240:sys_sched_getaffinity:(pid_t pid, unsigned int len,
 241:sys_tgkill:(int tgid, int pid, int sig);
 243:sys_io_setup:(unsigned nr_reqs, aio_context_t __user *ctx);
 244:sys_io_destroy:(aio_context_t ctx);
 245:sys_io_getevents:(aio_context_t ctx_id,
 246:sys_io_submit:(aio_context_t, long,
 247:sys_io_cancel:(aio_context_t ctx_id, struct iocb __user *iocb,
 248:sys_exit_group:(int error_code);
 249:sys_epoll_create:(int size);
 250:sys_epoll_ctl:(int epfd, int op, int fd,
 251:sys_epoll_wait:(int epfd, struct epoll_event __user *events,
 252:sys_set_tid_address:(int __user *tidptr)
 253:sys_s390_fadvise64:
 254:sys_timer_create:(clockid_t which_clock,
 255:sys_timer_settime:(timer_t timer_id, int flags,
 256:sys_timer_gettime:(timer_t timer_id,
 257:sys_timer_getoverrun:(timer_t timer_id);
 258:sys_timer_delete:(timer_t timer_id);
 259:sys_clock_settime:(clockid_t which_clock,
 260:sys_clock_gettime:(clockid_t which_clock,
 261:sys_clock_getres:(clockid_t which_clock,
 262:sys_clock_nanosleep:
 264:sys_s390_fadvise64_64:
 265:sys_statfs64:(const char __user *path, size_t sz,
 266:sys_fstatfs64:(unsigned int fd, size_t sz,
 267:sys_remap_file_pages:
 271:sys_mq_open:(const char __user *name, int oflag, mode_t mode, struct mq_attr __user *attr);
 272:sys_mq_unlink:(const char __user *name)
 273:sys_mq_timedsend:(mqd_t mqdes, const char __user *msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *abs_timeout);
 274:sys_mq_timedreceive:(mqd_t mqdes, char __user *msg_ptr, size_t msg_len, unsigned int __user *msg_prio, const struct timespec __user *abs_timeout);
 275:sys_mq_notify:(mqd_t mqdes, const struct sigevent __user *notification);
 276:sys_mq_getsetattr:(mqd_t mqdes, const struct mq_attr __user *mqstat, struct mq_attr __user *omqstat);
 277:sys_kexec_load:(unsigned long entry, unsigned long nr_segments,
 278:sys_add_key:(const char __user *_type,
 279:sys_request_key:(const char __user *_type,
 280:sys_keyctl:(int cmd, unsigned long arg2, unsigned long arg3,
 281:sys_waitid:(int which, pid_t pid,
 282:sys_ioprio_set:(int which, int who, int ioprio)
 283:sys_ioprio_get:(int which, int who);
 284:sys_inotify_init:(void);
 285:sys_inotify_add_watch:(int fd, const char __user *path,
 286:sys_inotify_rm_watch:(int fd, __s32 wd);
 288:sys_openat:(int dfd, const char __user *filename, int flags,
 289:sys_mkdirat:(int dfd, const char __user * pathname, int mode);
 290:sys_mknodat:(int dfd, const char __user * filename, int mode,
 291:sys_fchownat:(int dfd, const char __user *filename, uid_t user,
 292:sys_futimesat:
 293:sys_fstatat64:(int dfd, const char __user *filename,
 294:sys_unlinkat:(int dfd, const char __user * pathname, int flag);
 295:sys_renameat:(int olddfd, const char __user * oldname,
 296:sys_linkat:(int olddfd, const char __user *oldname,
 297:sys_symlinkat:(const char __user * oldname,
 298:sys_readlinkat:(int dfd, const char __user *path, char __user *buf,
 299:sys_fchmodat:(int dfd, const char __user * filename,
 300:sys_faccessat:(int dfd, const char __user *filename, int mode);
 301:sys_pselect6:(int, fd_set __user *, fd_set __user *,
 302:sys_ppoll:
 303:sys_unshare:(unsigned long unshare_flags);
 304:sys_set_robust_list:(struct robust_list_head __user *head,
 305:sys_get_robust_list:(int pid,
 306:sys_splice:(int fd_in, loff_t __user *off_in,
 307:sys_sync_file_range:(int fd, loff_t offset, loff_t nbytes,
 308:sys_tee:(int fdin, int fdout, size_t len, unsigned int flags);
 309:sys_vmsplice:(int fd, const struct iovec __user *iov,
 311:sys_getcpu:(unsigned __user *cpu, unsigned __user *node, struct getcpu_cache __user *cache)
 312:sys_epoll_pwait:
 313:sys_utimes:(char __user *filename,
 314:sys_s390_fallocate:
 315:sys_utimensat:(int dfd, const char __user *filename,
 316:sys_signalfd:(int ufd, sigset_t __user *user_mask, size_t sizemask);
 318:sys_eventfd:(unsigned int count);
 319:sys_timerfd_create:(int clockid, int flags);
 320:sys_timerfd_settime:(int ufd, int flags,
 321:sys_timerfd_gettime:(int ufd, struct itimerspec __user *otmr);
 322:sys_signalfd4:(int ufd, sigset_t __user *user_mask, size_t sizemask, int flags)
 323:sys_eventfd2:int sys_fork(struct pt_regs *);
 324:sys_inotify_init1:(int flags);
 325:sys_pipe2:int sys_fork(struct pt_regs *);
 326:sys_dup3:(unsigned int oldfd, unsigned int newfd, int flags);
 327:sys_epoll_create1:(int flags);
 328:sys_preadv:(unsigned long fd, const struct iovec __user *vec,
 329:sys_pwritev:(unsigned long fd, const struct iovec __user *vec,
 330:sys_rt_tgsigqueueinfo:(pid_t tgid, pid_t  pid, int sig,
 331:sys_perf_event_open:(
 332:sys_fanotify_init:(unsigned int flags, unsigned int event_f_flags)
 333:sys_fanotify_mark:(int fanotify_fd, unsigned int flags,
 334:sys_prlimit64:(pid_t pid, unsigned int resource,
 335:sys_name_to_handle_at:(int dfd, const char __user *name,
 336:sys_open_by_handle_at:(int mountdirfd,
 337:sys_clock_adjtime:(clockid_t which_clock,
 338:sys_syncfs:(int fd);
 339:sys_setns:(int fd, int nstype);
 340:sys_process_vm_readv:(pid_t pid,
 341:sys_process_vm_writev:(pid_t pid,


Comma Delimited List

<tab class=wikitable sep=comma head=top> 1,sys_exit, int error_code 2,sys_fork,int sys_fork struct pt_regs * 3,sys_read, unsigned int fd, char __user *buf, size_t count 4,sys_write, unsigned int fd, const char __user *buf, 5,sys_open, const char __user *filename, 6,sys_close, unsigned int fd 7,sys_restart_syscall, void 8,sys_creat, const char __user *pathname, int mode 9,sys_link, const char __user *oldname, 10,sys_unlink, const char __user *pathname 11,sys_execve,long sys_execve const char __user *, 12,sys_chdir, const char __user *filename 13,sys_time, time_t __user *tloc 14,sys_mknod, const char __user *filename, int mode, 15,sys_chmod, const char __user *filename, mode_t mode 16,sys_lchown16, const char __user *filename, 19,sys_lseek, unsigned int fd, off_t offset, 20,sys_getpid, void 21,sys_mount, char __user *dev_name, char __user *dir_name, 22,sys_oldumount, char __user *name 23,sys_setuid16, old_uid_t uid 24,sys_getuid16, void 25,sys_stime, time_t __user *tptr 26,sys_ptrace, long request, long pid, unsigned long addr, 27,sys_alarm, unsigned int seconds 29,sys_pause, void 30,sys_utime, char __user *filename, 33,sys_access, const char __user *filename, int mode 34,sys_nice, int increment 36,sys_sync, void 37,sys_kill, int pid, int sig 38,sys_rename, const char __user *oldname, 39,sys_mkdir, const char __user *pathname, int mode 40,sys_rmdir, const char __user *pathname 41,sys_dup, unsigned int fildes 42,sys_pipe,int sys_fork struct pt_regs * 43,sys_times, struct tms __user *tbuf 45,sys_brk, unsigned long brk 46,sys_setgid16, old_gid_t gid 47,sys_getgid16, void 48,sys_signal, int sig, __sighandler_t handler 49,sys_geteuid16, void 50,sys_getegid16, void 51,sys_acct, const char __user *name 52,sys_umount, char __user *name, int flags 54,sys_ioctl, unsigned int fd, unsigned int cmd, 55,sys_fcntl, unsigned int fd, unsigned int cmd, unsigned long arg 57,sys_setpgid, pid_t pid, pid_t pgid 60,sys_umask, int mask 61,sys_chroot, const char __user *filename 62,sys_ustat, unsigned dev, struct ustat __user *ubuf 63,sys_dup2,int sys_fork struct pt_regs * 64,sys_getppid, void 65,sys_getpgrp, void 66,sys_setsid, void 67,sys_sigaction,asmlinkage int sys_sigaction int, const struct old_sigaction __user *, 70,sys_setreuid16, old_uid_t ruid, old_uid_t euid 71,sys_setregid16, old_gid_t rgid, old_gid_t egid 72,sys_sigsuspend,asmlinkage int sys_sigsuspend int, int, old_sigset_t 73,sys_sigpending, old_sigset_t __user *set 74,sys_sethostname, char __user *name, int len 75,sys_setrlimit, unsigned int resource, 76,sys_old_getrlimit, unsigned int resource, struct rlimit __user *rlim 77,sys_getrusage, int who, struct rusage __user *ru 78,sys_gettimeofday, struct timeval __user *tv, 79,sys_settimeofday, struct timeval __user *tv, 80,sys_getgroups16, int gidsetsize, old_gid_t __user *grouplist 81,sys_setgroups16, int gidsetsize, old_gid_t __user *grouplist 83,sys_symlink, const char __user *old, const char __user *new 85,sys_readlink, const char __user *path, 86,sys_uselib, const char __user *library 87,sys_swapon, const char __user *specialfile, int swap_flags 88,sys_reboot, int magic1, int magic2, unsigned int cmd, 89,sys_ni_syscall, void 90,sys_old_mmap, struct mmap_arg_struct __user *arg 91,sys_munmap, unsigned long addr, size_t len 92,sys_truncate, const char __user *path, loff_t length 93,sys_ftruncate, unsigned int fd, unsigned long length 94,sys_fchmod, unsigned int fd, mode_t mode 95,sys_fchown16, unsigned int fd, old_uid_t user, old_gid_t group 96,sys_getpriority, int which, int who 97,sys_setpriority, int which, int who, int niceval 99,sys_statfs, const char __user * path, 100,sys_fstatfs, unsigned int fd, struct statfs __user *buf 102,sys_socketcall, int call, unsigned long __user *args 103,sys_syslog, int type, char __user *buf, int len 104,sys_setitimer, int which, 105,sys_getitimer, int which, struct itimerval __user *value 106,sys_newstat, const char __user *filename, 107,sys_newlstat, const char __user *filename, 108,sys_newfstat, unsigned int fd, struct stat __user *statbuf 110,sys_lookup_dcookie, u64 cookie64, char __user *buf, size_t len 111,sys_vhangup, void 114,sys_wait4, pid_t pid, int __user *stat_addr, 115,sys_swapoff, const char __user *specialfile 116,sys_sysinfo, struct sysinfo __user *info 117,sys_s390_ipc, 118,sys_fsync, unsigned int fd 119,sys_sigreturn,unsigned long sys_sigreturn struct pt_regs * 120,sys_clone,long sys_clone unsigned long, unsigned long, void __user *, 121,sys_setdomainname, char __user *name, int len 122,sys_newuname, struct new_utsname __user *name 124,sys_adjtimex, struct timex __user *txc_p 125,sys_mprotect, unsigned long start, size_t len, 126,sys_sigprocmask, int how, old_sigset_t __user *set, 128,sys_init_module, void __user *umod, unsigned long len, 129,sys_delete_module, const char __user *name_user, 131,sys_quotactl, unsigned int cmd, const char __user *special, 132,sys_getpgid, pid_t pid 133,sys_fchdir, unsigned int fd 134,sys_bdflush, int func, long data 135,sys_sysfs, int option, 136,sys_personality, unsigned int personality 138,sys_setfsuid16, old_uid_t uid 139,sys_setfsgid16, old_gid_t gid 140,sys_llseek, unsigned int fd, unsigned long offset_high, 141,sys_getdents, unsigned int fd, 142,sys_select, 143,sys_flock, unsigned int fd, unsigned int cmd 144,sys_msync, unsigned long start, size_t len, int flags 145,sys_readv, unsigned long fd, 146,sys_writev, unsigned long fd, 147,sys_getsid, pid_t pid 148,sys_fdatasync, unsigned int fd 149,sys_sysctl, struct __sysctl_args __user *args 150,sys_mlock, unsigned long start, size_t len 151,sys_munlock, unsigned long start, size_t len 152,sys_mlockall, int flags 153,sys_munlockall, void 154,sys_sched_setparam, pid_t pid, 155,sys_sched_getparam, pid_t pid, 156,sys_sched_setscheduler, pid_t pid, int policy, 157,sys_sched_getscheduler, pid_t pid 158,sys_sched_yield, void 159,sys_sched_get_priority_max, int policy 160,sys_sched_get_priority_min, int policy 161,sys_sched_rr_get_interval, pid_t pid, 162,sys_nanosleep, struct timespec __user *rqtp, struct timespec __user *rmtp 163,sys_mremap, unsigned long addr, 164,sys_setresuid16, old_uid_t ruid, old_uid_t euid, old_uid_t suid 165,sys_getresuid16, old_uid_t __user *ruid, 168,sys_poll, struct pollfd __user *ufds, unsigned int nfds, 170,sys_setresgid16, old_gid_t rgid, old_gid_t egid, old_gid_t sgid 171,sys_getresgid16, old_gid_t __user *rgid, 172,sys_prctl, 173,sys_rt_sigreturn,long sys_rt_sigreturn struct pt_regs * 174,sys_rt_sigaction,long sys_rt_action int, const struct sigaction __user *, struct sigaction __user *, size_t 175,sys_rt_sigprocmask, int how, sigset_t __user *set, 176,sys_rt_sigpending, sigset_t __user *set, size_t sigsetsize 177,sys_rt_sigtimedwait, const sigset_t __user *uthese, 178,sys_rt_sigqueueinfo, int pid, int sig, siginfo_t __user *uinfo 179,sys_rt_sigsuspend, 180,sys_pread64, unsigned int fd, char __user *buf, 181,sys_pwrite64, unsigned int fd, const char __user *buf, 182,sys_chown16, 183,sys_getcwd, char __user *buf, unsigned long size 184,sys_capget, cap_user_header_t header, 185,sys_capset, cap_user_header_t header, 186,sys_sigaltstack,long sys_sigaltstack const stack_t __user *, stack_t __user *, 187,sys_sendfile, int out_fd, int in_fd, 190,sys_vfork,int sys_vfork struct pt_regs *regs 191,sys_getrlimit, unsigned int resource, 192,sys_mmap2, 193,sys_truncate64, const char __user *path, loff_t length 194,sys_ftruncate64, unsigned int fd, loff_t length 195,sys_stat64, const char __user *filename, 196,sys_lstat64, const char __user *filename, 197,sys_fstat64, unsigned long fd, struct stat64 __user *statbuf 198,sys_lchown, const char __user *filename, 199,sys_getuid, void 200,sys_getgid, void 201,sys_geteuid, void 202,sys_getegid, void 203,sys_setreuid, old_uid_t ruid, old_uid_t euid 204,sys_setregid, old_gid_t rgid, old_gid_t egid 205,sys_getgroups, int gidsetsize, old_gid_t __user *grouplist 206,sys_setgroups, int gidsetsize, old_gid_t __user *grouplist 207,sys_fchown, unsigned int fd, old_uid_t user, old_gid_t group 208,sys_setresuid, old_uid_t ruid, old_uid_t euid, old_uid_t suid 209,sys_getresuid, old_uid_t __user *ruid, 210,sys_setresgid, old_gid_t rgid, old_gid_t egid, old_gid_t sgid 211,sys_getresgid, old_gid_t __user *rgid, 212,sys_chown, 213,sys_setuid, old_uid_t uid 214,sys_setgid, old_gid_t gid 215,sys_setfsuid, old_uid_t uid 216,sys_setfsgid, old_gid_t gid 217,sys_pivot_root, const char __user *new_root, 218,sys_mincore, unsigned long start, size_t len, 219,sys_madvise, unsigned long start, size_t len, int behavior 220,sys_getdents64, unsigned int fd, 221,sys_fcntl64, unsigned int fd, 222,sys_readahead, int fd, loff_t offset, size_t count 223,sys_sendfile64, int out_fd, int in_fd, 224,sys_setxattr, const char __user *path, const char __user *name, 225,sys_lsetxattr, const char __user *path, const char __user *name, 226,sys_fsetxattr, int fd, const char __user *name, 227,sys_getxattr, const char __user *path, const char __user *name, 228,sys_lgetxattr, const char __user *path, const char __user *name, 229,sys_fgetxattr, int fd, const char __user *name, 230,sys_listxattr, const char __user *path, char __user *list, 231,sys_llistxattr, const char __user *path, char __user *list, 232,sys_flistxattr, int fd, char __user *list, size_t size 233,sys_removexattr, const char __user *path, 234,sys_lremovexattr, const char __user *path, 235,sys_fremovexattr, int fd, const char __user *name 236,sys_gettid, void 237,sys_tkill, int pid, int sig 238,sys_futex, u32 __user *uaddr, int op, u32 val, 239,sys_sched_setaffinity, pid_t pid, unsigned int len, 240,sys_sched_getaffinity, pid_t pid, unsigned int len, 241,sys_tgkill, int tgid, int pid, int sig 243,sys_io_setup, unsigned nr_reqs, aio_context_t __user *ctx 244,sys_io_destroy, aio_context_t ctx 245,sys_io_getevents, aio_context_t ctx_id, 246,sys_io_submit, aio_context_t, long, 247,sys_io_cancel, aio_context_t ctx_id, struct iocb __user *iocb, 248,sys_exit_group, int error_code 249,sys_epoll_create, int size 250,sys_epoll_ctl, int epfd, int op, int fd, 251,sys_epoll_wait, int epfd, struct epoll_event __user *events, 252,sys_set_tid_address, int __user *tidptr 253,sys_s390_fadvise64, 254,sys_timer_create, clockid_t which_clock, 255,sys_timer_settime, timer_t timer_id, int flags, 256,sys_timer_gettime, timer_t timer_id, 257,sys_timer_getoverrun, timer_t timer_id 258,sys_timer_delete, timer_t timer_id 259,sys_clock_settime, clockid_t which_clock, 260,sys_clock_gettime, clockid_t which_clock, 261,sys_clock_getres, clockid_t which_clock, 262,sys_clock_nanosleep, 264,sys_s390_fadvise64_64, 265,sys_statfs64, const char __user *path, size_t sz, 266,sys_fstatfs64, unsigned int fd, size_t sz, 267,sys_remap_file_pages, 271,sys_mq_open, const char __user *name, int oflag, mode_t mode, struct mq_attr __user *attr 272,sys_mq_unlink, const char __user *name 273,sys_mq_timedsend, mqd_t mqdes, const char __user *msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *abs_timeout 274,sys_mq_timedreceive, mqd_t mqdes, char __user *msg_ptr, size_t msg_len, unsigned int __user *msg_prio, const struct timespec __user *abs_timeout 275,sys_mq_notify, mqd_t mqdes, const struct sigevent __user *notification 276,sys_mq_getsetattr, mqd_t mqdes, const struct mq_attr __user *mqstat, struct mq_attr __user *omqstat 277,sys_kexec_load, unsigned long entry, unsigned long nr_segments, 278,sys_add_key, const char __user *_type, 279,sys_request_key, const char __user *_type, 280,sys_keyctl, int cmd, unsigned long arg2, unsigned long arg3, 281,sys_waitid, int which, pid_t pid, 282,sys_ioprio_set, int which, int who, int ioprio 283,sys_ioprio_get, int which, int who 284,sys_inotify_init, void 285,sys_inotify_add_watch, int fd, const char __user *path, 286,sys_inotify_rm_watch, int fd, __s32 wd 288,sys_openat, int dfd, const char __user *filename, int flags, 289,sys_mkdirat, int dfd, const char __user * pathname, int mode 290,sys_mknodat, int dfd, const char __user * filename, int mode, 291,sys_fchownat, int dfd, const char __user *filename, uid_t user, 292,sys_futimesat, 293,sys_fstatat64, int dfd, const char __user *filename, 294,sys_unlinkat, int dfd, const char __user * pathname, int flag 295,sys_renameat, int olddfd, const char __user * oldname, 296,sys_linkat, int olddfd, const char __user *oldname, 297,sys_symlinkat, const char __user * oldname, 298,sys_readlinkat, int dfd, const char __user *path, char __user *buf, 299,sys_fchmodat, int dfd, const char __user * filename, 300,sys_faccessat, int dfd, const char __user *filename, int mode 301,sys_pselect6, int, fd_set __user *, fd_set __user *, 302,sys_ppoll, 303,sys_unshare, unsigned long unshare_flags 304,sys_set_robust_list, struct robust_list_head __user *head, 305,sys_get_robust_list, int pid, 306,sys_splice, int fd_in, loff_t __user *off_in, 307,sys_sync_file_range, int fd, loff_t offset, loff_t nbytes, 308,sys_tee, int fdin, int fdout, size_t len, unsigned int flags 309,sys_vmsplice, int fd, const struct iovec __user *iov, 311,sys_getcpu, unsigned __user *cpu, unsigned __user *node, struct getcpu_cache __user *cache 312,sys_epoll_pwait, 313,sys_utimes, char __user *filename, 314,sys_s390_fallocate, 315,sys_utimensat, int dfd, const char __user *filename, 316,sys_signalfd, int ufd, sigset_t __user *user_mask, size_t sizemask 318,sys_eventfd, unsigned int count 319,sys_timerfd_create, int clockid, int flags 320,sys_timerfd_settime, int ufd, int flags, 321,sys_timerfd_gettime, int ufd, struct itimerspec __user *otmr 322,sys_signalfd4, int ufd, sigset_t __user *user_mask, size_t sizemask, int flags 323,sys_eventfd2,int sys_fork struct pt_regs * 324,sys_inotify_init1, int flags 325,sys_pipe2,int sys_fork struct pt_regs * 326,sys_dup3, unsigned int oldfd, unsigned int newfd, int flags 327,sys_epoll_create1, int flags 328,sys_preadv, unsigned long fd, const struct iovec __user *vec, 329,sys_pwritev, unsigned long fd, const struct iovec __user *vec, 330,sys_rt_tgsigqueueinfo, pid_t tgid, pid_t pid, int sig, 331,sys_perf_event_open, 332,sys_fanotify_init, unsigned int flags, unsigned int event_f_flags 333,sys_fanotify_mark, int fanotify_fd, unsigned int flags, 334,sys_prlimit64, pid_t pid, unsigned int resource, 335,sys_name_to_handle_at, int dfd, const char __user *name, 336,sys_open_by_handle_at, int mountdirfd, 337,sys_clock_adjtime, clockid_t which_clock, 338,sys_syncfs, int fd 339,sys_setns, int fd, int nstype 340,sys_process_vm_readv, pid_t pid, 341,sys_process_vm_writev, pid_t pid, </tab>


Introduction

In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls which use the kernel interrupt code int $0x80 in assembly or \xcd\x80 in machine byte code. By placing the required data in the proper registers and calling the interrupt the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the call command to pass control to the linked function located in the C library.


Unlinked System Calls for 32bit systems

On a 32bit system all system calls follow the same format. The system call to be made is moved into %eax and then depending on the function which you are calling the arguments go into %ebx, %ecx, %edx, %esx and %edi where %ebx would be the first argument to the system call, %ecx would be the second and so forth. Once you have all your registers set in place you can make your int $0x80 interrupt call to pass program flow to the kernel to complete the function.


  function_call(%eax) = function(%ebx,  %ecx,  %edx,  %esx,  %edi)
                ^system          ^arg1  ^arg2  ^arg3  ^arg4  ^arg5
                 call #


This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in %eax and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand.


An example of this would be exit() which is documented as 1:sys_exit:(int error_code);.


 
_start:
 
movl $1, %eax
mov $0, %ebx
int $0x80
 


In this call to the function exit() we placed the system interrupt call number into %eax and then the return value into the first argument %ebx and then made the interrupt call. Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for %eax for the system call number itself.

Linked System Calls for 32bit systems

Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows:


  as exit-lib.s -o exit-lib.o
  ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc


By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a call instruction to the function you wish to invoke. An example is as follows:


 
_start:
 
pushl $0
call exit
 


As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others.


Other Code Comparisons

Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call.

Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)

 
.section .data
hello:
   .ascii "hello world\n"
hello_end:
 
.equ hello_len, hello_end - hello
 
.section .text
 
.global _start
 
_start:
movl $1, %ebx
movl $hello, $ecx
movl $hello_len, %edx
movl $4, %eax
int $0x80
 
movl $1, %eax
movl $0, %ebx
int $0x80
 


 
.section .data
hello:
   .ascii "hello world\n"
 
.section .text
 
.global _start
 
_start:
pushl $hello
call printf
 
pushl $0
call exit
 


Making A Directory 39:sys_mkdir(const char *pathname, int mode)


 
.section .data
dir:
   .ascii "/root/Desktop/lol/"
 
.section .text
 
.global _start
 
_start:
movl $dir, %ebx
movl $777, $ecx
movl $39, %eax
int $0x80
 
movl $1, %eax
movl $0, %ebx
int $0x80
 


 
.section .data
dir:
   .ascii "/root/Desktop/lol/"
 
.section .text
 
.global _start
 
_start:
pushl $777
pushl $dir
call mkdir
 
pushl $0
call exit