Difference between revisions of "Linux assembly"
m (moved User:Hatter/Linux Assembly to Linux assembly) |
|||
Line 1: | Line 1: | ||
+ | {{inprog}} | ||
= 32 bit syscall table = | = 32 bit syscall table = | ||
{{protip|Set the %eax register value to the appropriate integer to invoke the function when invoking '''int $0x80''' or '''\xcd\x80'''.}} | {{protip|Set the %eax register value to the appropriate integer to invoke the function when invoking '''int $0x80''' or '''\xcd\x80'''.}} |
Revision as of 22:59, 15 May 2012
Contents
32 bit syscall table
1:sys_exit:(int error_code); 2:sys_fork:int sys_fork(struct pt_regs *); 3:sys_read:(unsigned int fd, char __user *buf, size_t count); 4:sys_write:(unsigned int fd, const char __user *buf, 5:sys_open:(const char __user *filename, 6:sys_close:(unsigned int fd); 7:sys_restart_syscall:(void); 8:sys_creat:(const char __user *pathname, int mode); 9:sys_link:(const char __user *oldname, 10:sys_unlink:(const char __user *pathname); 11:sys_execve:long sys_execve(const char __user *, 12:sys_chdir:(const char __user *filename) 13:sys_time:(time_t __user *tloc); 14:sys_mknod:(const char __user *filename, int mode, 15:sys_chmod:(const char __user *filename, mode_t mode); 16:sys_lchown16:(const char __user *filename, 19:sys_lseek:(unsigned int fd, off_t offset, 20:sys_getpid:(void); 21:sys_mount:(char __user *dev_name, char __user *dir_name, 22:sys_oldumount:(char __user *name) 23:sys_setuid16:(old_uid_t uid); 24:sys_getuid16:(void); 25:sys_stime:(time_t __user *tptr); 26:sys_ptrace:(long request, long pid, unsigned long addr, 27:sys_alarm:(unsigned int seconds); 29:sys_pause:(void); 30:sys_utime:(char __user *filename, 33:sys_access:(const char __user *filename, int mode); 34:sys_nice:(int increment); 36:sys_sync:(void); 37:sys_kill:(int pid, int sig); 38:sys_rename:(const char __user *oldname, 39:sys_mkdir:(const char __user *pathname, int mode); 40:sys_rmdir:(const char __user *pathname); 41:sys_dup:(unsigned int fildes); 42:sys_pipe:int sys_fork(struct pt_regs *); 43:sys_times:(struct tms __user *tbuf); 45:sys_brk:(unsigned long brk); 46:sys_setgid16:(old_gid_t gid); 47:sys_getgid16:(void); 48:sys_signal:(int sig, __sighandler_t handler); 49:sys_geteuid16:(void); 50:sys_getegid16:(void); 51:sys_acct:(const char __user *name); 52:sys_umount:(char __user *name, int flags) 54:sys_ioctl:(unsigned int fd, unsigned int cmd, 55:sys_fcntl:(unsigned int fd, unsigned int cmd, unsigned long arg); 57:sys_setpgid:(pid_t pid, pid_t pgid); 60:sys_umask:(int mask); 61:sys_chroot:(const char __user *filename); 62:sys_ustat:(unsigned dev, struct ustat __user *ubuf) 63:sys_dup2:int sys_fork(struct pt_regs *); 64:sys_getppid:(void); 65:sys_getpgrp:(void); 66:sys_setsid:(void); 67:sys_sigaction:asmlinkage int sys_sigaction(int, const struct old_sigaction __user *, 70:sys_setreuid16:(old_uid_t ruid, old_uid_t euid); 71:sys_setregid16:(old_gid_t rgid, old_gid_t egid); 72:sys_sigsuspend:asmlinkage int sys_sigsuspend(int, int, old_sigset_t); 73:sys_sigpending:(old_sigset_t __user *set); 74:sys_sethostname:(char __user *name, int len); 75:sys_setrlimit:(unsigned int resource, 76:sys_old_getrlimit:(unsigned int resource, struct rlimit __user *rlim); 77:sys_getrusage:(int who, struct rusage __user *ru); 78:sys_gettimeofday:(struct timeval __user *tv, 79:sys_settimeofday:(struct timeval __user *tv, 80:sys_getgroups16:(int gidsetsize, old_gid_t __user *grouplist); 81:sys_setgroups16:(int gidsetsize, old_gid_t __user *grouplist); 83:sys_symlink:(const char __user *old, const char __user *new); 85:sys_readlink:(const char __user *path, 86:sys_uselib:(const char __user *library); 87:sys_swapon:(const char __user *specialfile, int swap_flags); 88:sys_reboot:(int magic1, int magic2, unsigned int cmd, 89:sys_ni_syscall:(void); 90:sys_old_mmap:(struct mmap_arg_struct __user *arg); 91:sys_munmap:(unsigned long addr, size_t len); 92:sys_truncate:(const char __user *path, loff_t length); 93:sys_ftruncate:(unsigned int fd, unsigned long length); 94:sys_fchmod:(unsigned int fd, mode_t mode); 95:sys_fchown16:(unsigned int fd, old_uid_t user, old_gid_t group); 96:sys_getpriority:(int which, int who); 97:sys_setpriority:(int which, int who, int niceval); 99:sys_statfs:(const char __user * path, 100:sys_fstatfs:(unsigned int fd, struct statfs __user *buf); 102:sys_socketcall:(int call, unsigned long __user *args) 103:sys_syslog:(int type, char __user *buf, int len); 104:sys_setitimer:(int which, 105:sys_getitimer:(int which, struct itimerval __user *value); 106:sys_newstat:(const char __user *filename, 107:sys_newlstat:(const char __user *filename, 108:sys_newfstat:(unsigned int fd, struct stat __user *statbuf); 110:sys_lookup_dcookie:(u64 cookie64, char __user *buf, size_t len); 111:sys_vhangup:(void) 114:sys_wait4:(pid_t pid, int __user *stat_addr, 115:sys_swapoff:(const char __user *specialfile); 116:sys_sysinfo:(struct sysinfo __user *info); 117:sys_s390_ipc: 118:sys_fsync:(unsigned int fd); 119:sys_sigreturn:unsigned long sys_sigreturn(struct pt_regs *); 120:sys_clone:long sys_clone(unsigned long, unsigned long, void __user *, 121:sys_setdomainname:(char __user *name, int len); 122:sys_newuname:(struct new_utsname __user *name) 124:sys_adjtimex:(struct timex __user *txc_p); 125:sys_mprotect:(unsigned long start, size_t len, 126:sys_sigprocmask:(int how, old_sigset_t __user *set, 128:sys_init_module:(void __user *umod, unsigned long len, 129:sys_delete_module:(const char __user *name_user, 131:sys_quotactl:(unsigned int cmd, const char __user *special, 132:sys_getpgid:(pid_t pid) 133:sys_fchdir:(unsigned int fd); 134:sys_bdflush:(int func, long data); 135:sys_sysfs:(int option, 136:sys_personality:(unsigned int personality); 138:sys_setfsuid16:(old_uid_t uid); 139:sys_setfsgid16:(old_gid_t gid); 140:sys_llseek:(unsigned int fd, unsigned long offset_high, 141:sys_getdents:(unsigned int fd, 142:sys_select: 143:sys_flock:(unsigned int fd, unsigned int cmd); 144:sys_msync:(unsigned long start, size_t len, int flags); 145:sys_readv:(unsigned long fd, 146:sys_writev:(unsigned long fd, 147:sys_getsid:(pid_t pid); 148:sys_fdatasync:(unsigned int fd); 149:sys_sysctl:(struct __sysctl_args __user *args); 150:sys_mlock:(unsigned long start, size_t len); 151:sys_munlock:(unsigned long start, size_t len); 152:sys_mlockall:(int flags) 153:sys_munlockall:(void); 154:sys_sched_setparam:(pid_t pid, 155:sys_sched_getparam:(pid_t pid, 156:sys_sched_setscheduler:(pid_t pid, int policy, 157:sys_sched_getscheduler:(pid_t pid); 158:sys_sched_yield:(void); 159:sys_sched_get_priority_max:(int policy); 160:sys_sched_get_priority_min:(int policy); 161:sys_sched_rr_get_interval:(pid_t pid, 162:sys_nanosleep:(struct timespec __user *rqtp, struct timespec __user *rmtp) 163:sys_mremap:(unsigned long addr, 164:sys_setresuid16:(old_uid_t ruid, old_uid_t euid, old_uid_t suid); 165:sys_getresuid16:(old_uid_t __user *ruid, 168:sys_poll:(struct pollfd __user *ufds, unsigned int nfds, 170:sys_setresgid16:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid); 171:sys_getresgid16:(old_gid_t __user *rgid, 172:sys_prctl: 173:sys_rt_sigreturn:long sys_rt_sigreturn(struct pt_regs *); 174:sys_rt_sigaction:long sys_rt_action(int, const struct sigaction __user *, struct sigaction __user *, size_t); 175:sys_rt_sigprocmask:(int how, sigset_t __user *set, 176:sys_rt_sigpending:(sigset_t __user *set, size_t sigsetsize); 177:sys_rt_sigtimedwait:(const sigset_t __user *uthese, 178:sys_rt_sigqueueinfo:(int pid, int sig, siginfo_t __user *uinfo); 179:sys_rt_sigsuspend: 180:sys_pread64:(unsigned int fd, char __user *buf, 181:sys_pwrite64:(unsigned int fd, const char __user *buf, 182:sys_chown16: 183:sys_getcwd:(char __user *buf, unsigned long size); 184:sys_capget:(cap_user_header_t header, 185:sys_capset:(cap_user_header_t header, 186:sys_sigaltstack:long sys_sigaltstack(const stack_t __user *, stack_t __user *, 187:sys_sendfile:(int out_fd, int in_fd, 190:sys_vfork:int sys_vfork(struct pt_regs *regs) 191:sys_getrlimit:(unsigned int resource, 192:sys_mmap2: 193:sys_truncate64:(const char __user *path, loff_t length); 194:sys_ftruncate64:(unsigned int fd, loff_t length); 195:sys_stat64:(const char __user *filename, 196:sys_lstat64:(const char __user *filename, 197:sys_fstat64:(unsigned long fd, struct stat64 __user *statbuf); 198:sys_lchown:(const char __user *filename, 199:sys_getuid:(void); 200:sys_getgid:(void); 201:sys_geteuid:(void); 202:sys_getegid:(void); 203:sys_setreuid:(old_uid_t ruid, old_uid_t euid); 204:sys_setregid:(old_gid_t rgid, old_gid_t egid); 205:sys_getgroups:(int gidsetsize, old_gid_t __user *grouplist); 206:sys_setgroups:(int gidsetsize, old_gid_t __user *grouplist); 207:sys_fchown:(unsigned int fd, old_uid_t user, old_gid_t group); 208:sys_setresuid:(old_uid_t ruid, old_uid_t euid, old_uid_t suid); 209:sys_getresuid:(old_uid_t __user *ruid, 210:sys_setresgid:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid); 211:sys_getresgid:(old_gid_t __user *rgid, 212:sys_chown: 213:sys_setuid:(old_uid_t uid); 214:sys_setgid:(old_gid_t gid); 215:sys_setfsuid:(old_uid_t uid); 216:sys_setfsgid:(old_gid_t gid); 217:sys_pivot_root:(const char __user *new_root, 218:sys_mincore:(unsigned long start, size_t len, 219:sys_madvise:(unsigned long start, size_t len, int behavior); 220:sys_getdents64:(unsigned int fd, 221:sys_fcntl64:(unsigned int fd, 222:sys_readahead:(int fd, loff_t offset, size_t count) 223:sys_sendfile64:(int out_fd, int in_fd, 224:sys_setxattr:(const char __user *path, const char __user *name, 225:sys_lsetxattr:(const char __user *path, const char __user *name, 226:sys_fsetxattr:(int fd, const char __user *name, 227:sys_getxattr:(const char __user *path, const char __user *name, 228:sys_lgetxattr:(const char __user *path, const char __user *name, 229:sys_fgetxattr:(int fd, const char __user *name, 230:sys_listxattr:(const char __user *path, char __user *list, 231:sys_llistxattr:(const char __user *path, char __user *list, 232:sys_flistxattr:(int fd, char __user *list, size_t size) 233:sys_removexattr:(const char __user *path, 234:sys_lremovexattr:(const char __user *path, 235:sys_fremovexattr:(int fd, const char __user *name); 236:sys_gettid:(void); 237:sys_tkill:(int pid, int sig); 238:sys_futex:(u32 __user *uaddr, int op, u32 val, 239:sys_sched_setaffinity:(pid_t pid, unsigned int len, 240:sys_sched_getaffinity:(pid_t pid, unsigned int len, 241:sys_tgkill:(int tgid, int pid, int sig); 243:sys_io_setup:(unsigned nr_reqs, aio_context_t __user *ctx); 244:sys_io_destroy:(aio_context_t ctx); 245:sys_io_getevents:(aio_context_t ctx_id, 246:sys_io_submit:(aio_context_t, long, 247:sys_io_cancel:(aio_context_t ctx_id, struct iocb __user *iocb, 248:sys_exit_group:(int error_code); 249:sys_epoll_create:(int size); 250:sys_epoll_ctl:(int epfd, int op, int fd, 251:sys_epoll_wait:(int epfd, struct epoll_event __user *events, 252:sys_set_tid_address:(int __user *tidptr) 253:sys_s390_fadvise64: 254:sys_timer_create:(clockid_t which_clock, 255:sys_timer_settime:(timer_t timer_id, int flags, 256:sys_timer_gettime:(timer_t timer_id, 257:sys_timer_getoverrun:(timer_t timer_id); 258:sys_timer_delete:(timer_t timer_id); 259:sys_clock_settime:(clockid_t which_clock, 260:sys_clock_gettime:(clockid_t which_clock, 261:sys_clock_getres:(clockid_t which_clock, 262:sys_clock_nanosleep: 264:sys_s390_fadvise64_64: 265:sys_statfs64:(const char __user *path, size_t sz, 266:sys_fstatfs64:(unsigned int fd, size_t sz, 267:sys_remap_file_pages: 271:sys_mq_open:(const char __user *name, int oflag, mode_t mode, struct mq_attr __user *attr); 272:sys_mq_unlink:(const char __user *name) 273:sys_mq_timedsend:(mqd_t mqdes, const char __user *msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *abs_timeout); 274:sys_mq_timedreceive:(mqd_t mqdes, char __user *msg_ptr, size_t msg_len, unsigned int __user *msg_prio, const struct timespec __user *abs_timeout); 275:sys_mq_notify:(mqd_t mqdes, const struct sigevent __user *notification); 276:sys_mq_getsetattr:(mqd_t mqdes, const struct mq_attr __user *mqstat, struct mq_attr __user *omqstat); 277:sys_kexec_load:(unsigned long entry, unsigned long nr_segments, 278:sys_add_key:(const char __user *_type, 279:sys_request_key:(const char __user *_type, 280:sys_keyctl:(int cmd, unsigned long arg2, unsigned long arg3, 281:sys_waitid:(int which, pid_t pid, 282:sys_ioprio_set:(int which, int who, int ioprio) 283:sys_ioprio_get:(int which, int who); 284:sys_inotify_init:(void); 285:sys_inotify_add_watch:(int fd, const char __user *path, 286:sys_inotify_rm_watch:(int fd, __s32 wd); 288:sys_openat:(int dfd, const char __user *filename, int flags, 289:sys_mkdirat:(int dfd, const char __user * pathname, int mode); 290:sys_mknodat:(int dfd, const char __user * filename, int mode, 291:sys_fchownat:(int dfd, const char __user *filename, uid_t user, 292:sys_futimesat: 293:sys_fstatat64:(int dfd, const char __user *filename, 294:sys_unlinkat:(int dfd, const char __user * pathname, int flag); 295:sys_renameat:(int olddfd, const char __user * oldname, 296:sys_linkat:(int olddfd, const char __user *oldname, 297:sys_symlinkat:(const char __user * oldname, 298:sys_readlinkat:(int dfd, const char __user *path, char __user *buf, 299:sys_fchmodat:(int dfd, const char __user * filename, 300:sys_faccessat:(int dfd, const char __user *filename, int mode); 301:sys_pselect6:(int, fd_set __user *, fd_set __user *, 302:sys_ppoll: 303:sys_unshare:(unsigned long unshare_flags); 304:sys_set_robust_list:(struct robust_list_head __user *head, 305:sys_get_robust_list:(int pid, 306:sys_splice:(int fd_in, loff_t __user *off_in, 307:sys_sync_file_range:(int fd, loff_t offset, loff_t nbytes, 308:sys_tee:(int fdin, int fdout, size_t len, unsigned int flags); 309:sys_vmsplice:(int fd, const struct iovec __user *iov, 311:sys_getcpu:(unsigned __user *cpu, unsigned __user *node, struct getcpu_cache __user *cache) 312:sys_epoll_pwait: 313:sys_utimes:(char __user *filename, 314:sys_s390_fallocate: 315:sys_utimensat:(int dfd, const char __user *filename, 316:sys_signalfd:(int ufd, sigset_t __user *user_mask, size_t sizemask); 318:sys_eventfd:(unsigned int count); 319:sys_timerfd_create:(int clockid, int flags); 320:sys_timerfd_settime:(int ufd, int flags, 321:sys_timerfd_gettime:(int ufd, struct itimerspec __user *otmr); 322:sys_signalfd4:(int ufd, sigset_t __user *user_mask, size_t sizemask, int flags) 323:sys_eventfd2:int sys_fork(struct pt_regs *); 324:sys_inotify_init1:(int flags); 325:sys_pipe2:int sys_fork(struct pt_regs *); 326:sys_dup3:(unsigned int oldfd, unsigned int newfd, int flags); 327:sys_epoll_create1:(int flags); 328:sys_preadv:(unsigned long fd, const struct iovec __user *vec, 329:sys_pwritev:(unsigned long fd, const struct iovec __user *vec, 330:sys_rt_tgsigqueueinfo:(pid_t tgid, pid_t pid, int sig, 331:sys_perf_event_open:( 332:sys_fanotify_init:(unsigned int flags, unsigned int event_f_flags) 333:sys_fanotify_mark:(int fanotify_fd, unsigned int flags, 334:sys_prlimit64:(pid_t pid, unsigned int resource, 335:sys_name_to_handle_at:(int dfd, const char __user *name, 336:sys_open_by_handle_at:(int mountdirfd, 337:sys_clock_adjtime:(clockid_t which_clock, 338:sys_syncfs:(int fd); 339:sys_setns:(int fd, int nstype); 340:sys_process_vm_readv:(pid_t pid, 341:sys_process_vm_writev:(pid_t pid,
Introduction
In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls which use the kernel interrupt code int $0x80 in assembly or \xcd\x80 in machine byte code. By placing the required data in the proper registers and calling the interrupt the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the call command to pass control to the linked function located in the C library.
Unlinked System Calls for 32bit systems
On a 32bit system all system calls follow the same format. The system call to be made is moved into %eax and then depending on the function which you are calling the arguments go into %ebx, %ecx, %edx, %esx and %edi where %ebx would be the first argument to the system call, %ecx would be the second and so forth. Once you have all your registers set in place you can make your int $0x80 interrupt call to pass program flow to the kernel to complete the function.
function_call(%eax) = function(%ebx, %ecx, %edx, %esx, %edi) ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 call #
This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in %eax and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand.
An example of this would be exit() which is documented as 1:sys_exit:(int error_code);.
_start: movl $1, %eax mov $0, %ebx int $0x80 |
In this call to the function exit() we placed the system interrupt call number into %eax and then the return value into the first argument %ebx and then made the interrupt call. Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for %eax for the system call number itself.
Linked System Calls for 32bit systems
Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows:
as exit-lib.s -o exit-lib.o ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc
By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a call instruction to the function you wish to invoke. An example is as follows:
_start: pushl $0 call exit |
As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others.
Other Code Comparisons
Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call.
Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)
.section .data hello: .ascii "hello world\n" hello_end: .equ hello_len, hello_end - hello .section .text .global _start _start: movl $1, %ebx movl $hello, $ecx movl $hello_len, %edx movl $4, %eax int $0x80 movl $1, %eax movl $0, %ebx int $0x80 |
.section .data hello: .ascii "hello world\n" .section .text .global _start _start: pushl $hello call printf pushl $0 call exit |
Making A Directory 39:sys_mkdir(const char *pathname, int mode)
.section .data dir: .ascii "/root/Desktop/lol/" .section .text .global _start _start: movl $dir, %ebx movl $777, $ecx movl $39, %eax int $0x80 movl $1, %eax movl $0, %ebx int $0x80 |
.section .data dir: .ascii "/root/Desktop/lol/" .section .text .global _start _start: pushl $777 pushl $dir call mkdir pushl $0 call exit |
64 bit syscall table
0:read 1:write 2:open 3:close 4:stat 5:fstat 6:lstat 7:poll 8:lseek 9:mmap 10:mprotect 11:munmap 12:brk 13:rt_sigaction 14:rt_sigprocmask 15:rt_sigreturn 16:ioctl 17:pread64 18:pwrite64 19:readv 20:writev 21:access 22:pipe 23:select 24:sched_yield 25:mremap 26:msync 27:mincore 28:madvise 29:shmget 30:shmat 31:shmctl 32:dup 33:dup2 34:pause 35:nanosleep 36:getitimer 37:alarm 38:setitimer 39:getpid 40:sendfile 41:socket 42:connect 43:accept 44:sendto 45:recvfrom 46:sendmsg 47:recvmsg 48:shutdown 49:bind 50:listen 51:getsockname 52:getpeername 53:socketpair 54:setsockopt 55:getsockopt 56:clone 57:fork 58:vfork 59:execve 60:exit 61:wait4 62:kill 63:uname 64:semget 65:semop 66:semctl 67:shmdt 68:msgget 69:msgsnd 70:msgrcv 71:msgctl 72:fcntl 73:flock 74:fsync 75:fdatasync 76:truncate 77:ftruncate 78:getdents 79:getcwd 80:chdir 81:fchdir 82:rename 83:mkdir 84:rmdir 85:creat 86:link 87:unlink 88:symlink 89:readlink 90:chmod 91:fchmod 92:chown 93:fchown 94:lchown 95:umask 96:gettimeofday 97:getrlimit 98:getrusage 99:sysinfo 100:times 101:ptrace 102:getuid 103:syslog 104:getgid 105:setuid 106:setgid 107:geteuid 108:getegid 109:setpgid 110:getppid 111:getpgrp 112:setsid 113:setreuid 114:setregid 115:getgroups 116:setgroups 117:setresuid 118:getresuid 119:setresgid 120:getresgid 121:getpgid 122:setfsuid 123:setfsgid 124:getsid 125:capget 126:capset 127:rt_sigpending 128:rt_sigtimedwait 129:rt_sigqueueinfo 130:rt_sigsuspend 131:sigaltstack 132:utime 133:mknod 134:uselib 135:personality 136:ustat 137:statfs 138:fstatfs 139:sysfs 140:getpriority 141:setpriority 142:sched_setparam 143:sched_getparam 144:sched_setscheduler 145:sched_getscheduler 146:sched_get_priority_max 147:sched_get_priority_min 148:sched_rr_get_interval 149:mlock 150:munlock 151:mlockall 152:munlockall 153:vhangup 154:modify_ldt 155:pivot_root 156:_sysctl 157:prctl 158:arch_prctl 159:adjtimex 160:setrlimit 161:chroot 162:sync 163:acct 164:settimeofday 165:mount 166:umount2 167:swapon 168:swapoff 169:reboot 170:sethostname 171:setdomainname 172:iopl 173:ioperm 174:create_module 175:init_module 176:delete_module 177:get_kernel_syms 178:query_module 179:quotactl 180:nfsservctl 181:getpmsg 182:putpmsg 183:afs_syscall 184:tuxcall 185:security 186:gettid 187:readahead 188:setxattr 189:lsetxattr 190:fsetxattr 191:getxattr 192:lgetxattr 193:fgetxattr 194:listxattr 195:llistxattr 196:flistxattr 197:removexattr 198:lremovexattr 199:fremovexattr 200:tkill 201:time 202:futex 203:sched_setaffinity 204:sched_getaffinity 205:set_thread_area 206:io_setup 207:io_destroy 208:io_getevents 209:io_submit 210:io_cancel 211:get_thread_area 212:lookup_dcookie 213:epoll_create 214:epoll_ctl_old 215:epoll_wait_old 216:remap_file_pages 217:getdents64 218:set_tid_address 219:restart_syscall 220:semtimedop 221:fadvise64 222:timer_create 223:timer_settime 224:timer_gettime 225:timer_getoverrun 226:timer_delete 227:clock_settime 228:clock_gettime 229:clock_getres 230:clock_nanosleep 231:exit_group 232:epoll_wait 233:epoll_ctl 234:tgkill 235:utimes 236:vserver 237:mbind 238:set_mempolicy 239:get_mempolicy 240:mq_open 241:mq_unlink 242:mq_timedsend 243:mq_timedreceive 244:mq_notify 245:mq_getsetattr 246:kexec_load 247:waitid 248:add_key 249:request_key 250:keyctl 251:ioprio_set 252:ioprio_get 253:inotify_init 254:inotify_add_watch 255:inotify_rm_watch 256:migrate_pages 257:openat 258:mkdirat 259:mknodat 260:fchownat 261:futimesat 262:newfstatat 263:unlinkat 264:renameat 265:linkat 266:symlinkat 267:readlinkat 268:fchmodat 269:faccessat 270:pselect6 271:ppoll 272:unshare 273:set_robust_list 274:get_robust_list 275:splice 276:tee 277:sync_file_range 278:vmsplice 279:move_pages 280:utimensat 281:epoll_pwait 282:signalfd 283:timerfd_create 284:eventfd 285:fallocate 286:timerfd_settime 287:timerfd_gettime 288:accept4 289:signalfd4 290:eventfd2 291:epoll_create1 292:dup3 293:pipe2 294:inotify_init1 295:preadv 296:pwritev 297:rt_tgsigqueueinfo 298:perf_event_open 299:recvmmsg 300:fanotify_init 301:fanotify_mark 302:prlimit64 303:name_to_handle_at 304:open_by_handle_at 305:clock_adjtime 306:syncfs 307:sendmmsg 308:setns 309:getcpu 310:process_vm_readv 311:process_vm_writev
function_call(%rax) = function(%rdi, %rsi, %rdx, %rcx, %r8, %r9) ^system ^arg1 ^arg2 ^arg3 ^arg4 ^arg5 ^arg6 call #
If more than 6 arguments are required, the 7th and further are pushed to the stack.
Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
.section .data .section .text .globl _start _start: mov $0, %rdi mov $105, %rax syscall mov $59, %rax # execve(filename, argv, envp) push $0x00 mov %rsp, %rdx # argv is null mov %rsp, %rsi # envp is null mov $0x0068732f6e69622f, %rcx push %rcx mov %rsp, %rdi # filename is '/bin/sh\0' syscall mov $60, %rax mov $0, %rdi syscall |