Questions about this topic? Sign up to ask in the talk tab.

Linux assembly

From NetSec
Revision as of 00:53, 6 July 2016 by Quark (Talk | contribs) (64 bit syscall table)

Jump to: navigation, search
RPU0j.png
Linux assembly is currently in-progress. You are viewing an entry that is unfinished.
RPU0j.png This article needs immediate attention, and is in desperate need of content consolidation for unlinked calls and properly formatted syscall tables -- get at hatter for more info.

Introduction

In the assembly language there are two ways to call system functions from the executable. The first way is through the native system calls (usually referred to as syscalls) which use the interrupt code int $0x80 in x86 32 bit assembly or \xcd\x80 in machine byte code. By placing the required data in the proper registers and calling the interrupt, the program passes control to the kernel and it completes the function and returns the flow back to the program. The second way to make a system call is by linking the C libraries to your executable. By doing this you will be able to push your arguments onto the stack in reverse order where the first argument is the last to be pushed and use the call command to pass control to the linked function located in the C library.

Unlinked System Calls for x86 32 bit systems

On a 32bit system all system calls follow the same format. The system call to be made is moved into %eax and then depending on the function which you are calling the arguments go into %ebx, %ecx, %edx, %esx and %edi where %ebx would be the first argument to the system call, %ecx would be the second and so forth. Once you have all your registers set in place you can make your int $0x80 interrupt call to pass program flow to the kernel to complete the function.


  function_call(%eax) = function(%ebx,  %ecx,  %edx,  %esx,  %edi)
                ^system          ^arg1  ^arg2  ^arg3  ^arg4  ^arg5
                 call #


This diagram shows that when the system interrupt is called the kernel selects the function to use according to the system call number stored in %eax and then stores the variables in their proper registers as according to the C calling convention. Having a standard for calling functions is important because without one documentation for your executable would be messy and hard to understand.


An example of this would be exit() which is documented as 1:sys_exit:(int error_code);.


 
_start:
 
movl $1, %eax
mov $0, %ebx
int $0x80
 


In this call to the function exit() we placed the system interrupt call number into %eax and then the return value into the first argument %ebx and then made the interrupt call. Other function calls can be more complex and use 3 or more of the registers at once while others will use none at all except for %eax for the system call number itself.

Unlinked system calls for x86_64 (amd64) bit systems

  function_call(%rax) = function(%rdi,  %rsi,  %rdx,  %r10,  %r8,  %r9)
                ^system          ^arg1  ^arg2  ^arg3  ^arg4  ^arg5 ^arg6
                 call #

If more than 6 arguments are required, the 7th and further are pushed to the stack.


  • Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
c3el4.png
This often times won't work as shellcode due to the fact that it is not null-free. See null-free shellcode for more information.
 
.section .data
.section .text
.globl _start
_start:
 mov $0, %rdi
 mov $105, %rax
 syscall
 
 mov $59, %rax
                # execve(filename, argv, envp)
 push $0x00
 mov %rsp, %rdx # envp is null
 mov %rsp, %rsi # argv is null
 mov $0x0068732f6e69622f, %r10
 push %r10
 mov %rsp, %rdi # filename is '/bin/sh\0'
 syscall
 
 mov $60, %rax
 mov $0, %rdi
 syscall
 

Linked System Calls for x86 32bit systems

Linked system calls allow for cleaner code and faster development because of their ease of use. In order to take advantage of linked functions you must compile your assembly code with the required library. An example is as follows:


  as exit-lib.s -o exit-lib.o
  ld -dynamic-linker /lib/ld-linux.so.2 \ -o exit-lib exit-lib.o -lc


By assembling your binary like this you are now linking ld-linux.so.2 with your executable which will allow you to use the functions it holds. The main difference between the unlinked and linked system calls is that unlike the unlinked calls where you have to use all the proper registers and make an interrupt; all you have to do with linked calls is push your arguments backwards onto the stack where the first argument is pushed last and to invoke a call instruction to the function you wish to invoke. An example is as follows:


 
_start:
 
pushl $0
call exit
 


As you can see this makes your code shorter, neater, and to the point which is very helpful in assembly where your design and concept may not be clear at first sight to others.

Other Code Comparisons

Here are a few more examples of the two different calling conventions. The first will be shown as a unlinked call and the second would be as a linked call.

Printing to STDOUT 4:sys_write(unsigned int fd, const char *buf, size_t count)

 
.section .data
hello:
   .ascii "hello world\n"
hello_end:
 
.equ hello_len, hello_end - hello
 
.section .text
 
.global _start
 
_start:
movl $1, %ebx
movl $hello, $ecx
movl $hello_len, %edx
movl $4, %eax
int $0x80
 
movl $1, %eax
movl $0, %ebx
int $0x80
 


 
.section .data
hello:
   .ascii "hello world\n"
 
.section .text
 
.global _start
 
_start:
pushl $hello
call printf
 
pushl $0
call exit
 


Making A Directory 39:sys_mkdir(const char *pathname, int mode)


 
.section .data
dir:
   .ascii "/root/Desktop/lol/"
 
.section .text
 
.global _start
 
_start:
movl $dir, %ebx
movl $777, $ecx
movl $39, %eax
int $0x80
 
movl $1, %eax
movl $0, %ebx
int $0x80
 


 
.section .data
dir:
   .ascii "/root/Desktop/lol/"
 
.section .text
 
.global _start
 
_start:
pushl $777
pushl $dir
call mkdir
 
pushl $0
call exit
 


x86 32 bit syscall table

Protip: Set the %eax register value to the appropriate integer to invoke the function when invoking int $0x80 or \xcd\x80.
1:sys_exit:(int error_code);
2:sys_fork:int sys_fork(struct pt_regs *);
3:sys_read:(unsigned int fd, char __user *buf, size_t count);
4:sys_write:(unsigned int fd, const char __user *buf,
5:sys_open:(const char __user *filename,
6:sys_close:(unsigned int fd);
7:sys_restart_syscall:(void);
8:sys_creat:(const char __user *pathname, int mode);
9:sys_link:(const char __user *oldname,
10:sys_unlink:(const char __user *pathname);
11:sys_execve:long sys_execve(const char __user *,
12:sys_chdir:(const char __user *filename)
13:sys_time:(time_t __user *tloc);
14:sys_mknod:(const char __user *filename, int mode,
15:sys_chmod:(const char __user *filename, mode_t mode);
16:sys_lchown16:(const char __user *filename,
19:sys_lseek:(unsigned int fd, off_t offset,
20:sys_getpid:(void);
21:sys_mount:(char __user *dev_name, char __user *dir_name,
22:sys_oldumount:(char __user *name)
23:sys_setuid16:(old_uid_t uid);
24:sys_getuid16:(void);
25:sys_stime:(time_t __user *tptr);
26:sys_ptrace:(long request, long pid, unsigned long addr,
27:sys_alarm:(unsigned int seconds);
29:sys_pause:(void);
30:sys_utime:(char __user *filename,
33:sys_access:(const char __user *filename, int mode);
34:sys_nice:(int increment);
36:sys_sync:(void);
37:sys_kill:(int pid, int sig);
38:sys_rename:(const char __user *oldname,
39:sys_mkdir:(const char __user *pathname, int mode);
40:sys_rmdir:(const char __user *pathname);
41:sys_dup:(unsigned int fildes);
42:sys_pipe:int sys_fork(struct pt_regs *);
43:sys_times:(struct tms __user *tbuf);
45:sys_brk:(unsigned long brk);
46:sys_setgid16:(old_gid_t gid);
47:sys_getgid16:(void);
48:sys_signal:(int sig, __sighandler_t handler);
49:sys_geteuid16:(void);
50:sys_getegid16:(void);
51:sys_acct:(const char __user *name);
52:sys_umount:(char __user *name, int flags)
54:sys_ioctl:(unsigned int fd, unsigned int cmd,
55:sys_fcntl:(unsigned int fd, unsigned int cmd, unsigned long arg);
57:sys_setpgid:(pid_t pid, pid_t pgid);
60:sys_umask:(int mask);
61:sys_chroot:(const char __user *filename);
62:sys_ustat:(unsigned dev, struct ustat __user *ubuf)
63:sys_dup2:int sys_fork(struct pt_regs *);
64:sys_getppid:(void);
65:sys_getpgrp:(void);
66:sys_setsid:(void);
67:sys_sigaction:asmlinkage int sys_sigaction(int, const struct old_sigaction __user *,
70:sys_setreuid16:(old_uid_t ruid, old_uid_t euid);
71:sys_setregid16:(old_gid_t rgid, old_gid_t egid);
72:sys_sigsuspend:asmlinkage int sys_sigsuspend(int, int, old_sigset_t);
73:sys_sigpending:(old_sigset_t __user *set);
74:sys_sethostname:(char __user *name, int len);
75:sys_setrlimit:(unsigned int resource,
76:sys_old_getrlimit:(unsigned int resource, struct rlimit __user *rlim);
77:sys_getrusage:(int who, struct rusage __user *ru);
78:sys_gettimeofday:(struct timeval __user *tv,
79:sys_settimeofday:(struct timeval __user *tv,
80:sys_getgroups16:(int gidsetsize, old_gid_t __user *grouplist);
81:sys_setgroups16:(int gidsetsize, old_gid_t __user *grouplist);
83:sys_symlink:(const char __user *old, const char __user *new);
85:sys_readlink:(const char __user *path,
86:sys_uselib:(const char __user *library);
87:sys_swapon:(const char __user *specialfile, int swap_flags);
88:sys_reboot:(int magic1, int magic2, unsigned int cmd,
89:sys_ni_syscall:(void);
90:sys_old_mmap:(struct mmap_arg_struct __user *arg);
91:sys_munmap:(unsigned long addr, size_t len);
92:sys_truncate:(const char __user *path, loff_t length);
93:sys_ftruncate:(unsigned int fd, unsigned long length);
94:sys_fchmod:(unsigned int fd, mode_t mode);
95:sys_fchown16:(unsigned int fd, old_uid_t user, old_gid_t group);
96:sys_getpriority:(int which, int who);
97:sys_setpriority:(int which, int who, int niceval);
99:sys_statfs:(const char __user * path,
100:sys_fstatfs:(unsigned int fd, struct statfs __user *buf);
102:sys_socketcall:(int call, unsigned long __user *args)
103:sys_syslog:(int type, char __user *buf, int len);
104:sys_setitimer:(int which,
105:sys_getitimer:(int which, struct itimerval __user *value);
106:sys_newstat:(const char __user *filename,
107:sys_newlstat:(const char __user *filename,
108:sys_newfstat:(unsigned int fd, struct stat __user *statbuf);
110:sys_lookup_dcookie:(u64 cookie64, char __user *buf, size_t len);
111:sys_vhangup:(void)
114:sys_wait4:(pid_t pid, int __user *stat_addr,
115:sys_swapoff:(const char __user *specialfile);
116:sys_sysinfo:(struct sysinfo __user *info);
117:sys_s390_ipc:
118:sys_fsync:(unsigned int fd);
119:sys_sigreturn:unsigned long sys_sigreturn(struct pt_regs *);
120:sys_clone:long sys_clone(unsigned long, unsigned long, void __user *,
121:sys_setdomainname:(char __user *name, int len);
122:sys_newuname:(struct new_utsname __user *name)
124:sys_adjtimex:(struct timex __user *txc_p);
125:sys_mprotect:(unsigned long start, size_t len,
126:sys_sigprocmask:(int how, old_sigset_t __user *set,
128:sys_init_module:(void __user *umod, unsigned long len,
129:sys_delete_module:(const char __user *name_user,
131:sys_quotactl:(unsigned int cmd, const char __user *special,
132:sys_getpgid:(pid_t pid)
133:sys_fchdir:(unsigned int fd);
134:sys_bdflush:(int func, long data);
135:sys_sysfs:(int option,
136:sys_personality:(unsigned int personality);
138:sys_setfsuid16:(old_uid_t uid);
139:sys_setfsgid16:(old_gid_t gid);
140:sys_llseek:(unsigned int fd, unsigned long offset_high,
141:sys_getdents:(unsigned int fd,
142:sys_select:
143:sys_flock:(unsigned int fd, unsigned int cmd);
144:sys_msync:(unsigned long start, size_t len, int flags);
145:sys_readv:(unsigned long fd,
146:sys_writev:(unsigned long fd,
147:sys_getsid:(pid_t pid);
148:sys_fdatasync:(unsigned int fd);
149:sys_sysctl:(struct __sysctl_args __user *args);
150:sys_mlock:(unsigned long start, size_t len);
151:sys_munlock:(unsigned long start, size_t len);
152:sys_mlockall:(int flags)
153:sys_munlockall:(void);
154:sys_sched_setparam:(pid_t pid,
155:sys_sched_getparam:(pid_t pid,
156:sys_sched_setscheduler:(pid_t pid, int policy,
157:sys_sched_getscheduler:(pid_t pid);
158:sys_sched_yield:(void);
159:sys_sched_get_priority_max:(int policy);
160:sys_sched_get_priority_min:(int policy);
161:sys_sched_rr_get_interval:(pid_t pid,
162:sys_nanosleep:(struct timespec __user *rqtp, struct timespec __user *rmtp)
163:sys_mremap:(unsigned long addr,
164:sys_setresuid16:(old_uid_t ruid, old_uid_t euid, old_uid_t suid);
165:sys_getresuid16:(old_uid_t __user *ruid,
168:sys_poll:(struct pollfd __user *ufds, unsigned int nfds,
170:sys_setresgid16:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid);
171:sys_getresgid16:(old_gid_t __user *rgid,
172:sys_prctl:
173:sys_rt_sigreturn:long sys_rt_sigreturn(struct pt_regs *);
174:sys_rt_sigaction:long sys_rt_action(int, const struct sigaction __user *, struct sigaction __user *, size_t);
175:sys_rt_sigprocmask:(int how, sigset_t __user *set,
176:sys_rt_sigpending:(sigset_t __user *set, size_t sigsetsize);
177:sys_rt_sigtimedwait:(const sigset_t __user *uthese,
178:sys_rt_sigqueueinfo:(int pid, int sig, siginfo_t __user *uinfo);
179:sys_rt_sigsuspend:
180:sys_pread64:(unsigned int fd, char __user *buf,
181:sys_pwrite64:(unsigned int fd, const char __user *buf,
182:sys_chown16:
183:sys_getcwd:(char __user *buf, unsigned long size);
184:sys_capget:(cap_user_header_t header,
185:sys_capset:(cap_user_header_t header,
186:sys_sigaltstack:long sys_sigaltstack(const stack_t __user *, stack_t __user *,
187:sys_sendfile:(int out_fd, int in_fd,
190:sys_vfork:int sys_vfork(struct pt_regs *regs)
191:sys_getrlimit:(unsigned int resource,
192:sys_mmap2:
193:sys_truncate64:(const char __user *path, loff_t length);
194:sys_ftruncate64:(unsigned int fd, loff_t length);
195:sys_stat64:(const char __user *filename,
196:sys_lstat64:(const char __user *filename,
197:sys_fstat64:(unsigned long fd, struct stat64 __user *statbuf);
198:sys_lchown:(const char __user *filename,
199:sys_getuid:(void);
200:sys_getgid:(void);
201:sys_geteuid:(void);
202:sys_getegid:(void);
203:sys_setreuid:(old_uid_t ruid, old_uid_t euid);
204:sys_setregid:(old_gid_t rgid, old_gid_t egid);
205:sys_getgroups:(int gidsetsize, old_gid_t __user *grouplist);
206:sys_setgroups:(int gidsetsize, old_gid_t __user *grouplist);
207:sys_fchown:(unsigned int fd, old_uid_t user, old_gid_t group);
208:sys_setresuid:(old_uid_t ruid, old_uid_t euid, old_uid_t suid);
209:sys_getresuid:(old_uid_t __user *ruid,
210:sys_setresgid:(old_gid_t rgid, old_gid_t egid, old_gid_t sgid);
211:sys_getresgid:(old_gid_t __user *rgid,
212:sys_chown:
213:sys_setuid:(old_uid_t uid);
214:sys_setgid:(old_gid_t gid);
215:sys_setfsuid:(old_uid_t uid);
216:sys_setfsgid:(old_gid_t gid);
217:sys_pivot_root:(const char __user *new_root,
218:sys_mincore:(unsigned long start, size_t len,
219:sys_madvise:(unsigned long start, size_t len, int behavior);
220:sys_getdents64:(unsigned int fd,
221:sys_fcntl64:(unsigned int fd,
222:sys_readahead:(int fd, loff_t offset, size_t count)
223:sys_sendfile64:(int out_fd, int in_fd,
224:sys_setxattr:(const char __user *path, const char __user *name,
225:sys_lsetxattr:(const char __user *path, const char __user *name,
226:sys_fsetxattr:(int fd, const char __user *name,
227:sys_getxattr:(const char __user *path, const char __user *name,
228:sys_lgetxattr:(const char __user *path, const char __user *name,
229:sys_fgetxattr:(int fd, const char __user *name,
230:sys_listxattr:(const char __user *path, char __user *list,
231:sys_llistxattr:(const char __user *path, char __user *list,
232:sys_flistxattr:(int fd, char __user *list, size_t size)
233:sys_removexattr:(const char __user *path,
234:sys_lremovexattr:(const char __user *path,
235:sys_fremovexattr:(int fd, const char __user *name);
236:sys_gettid:(void);
237:sys_tkill:(int pid, int sig);
238:sys_futex:(u32 __user *uaddr, int op, u32 val,
239:sys_sched_setaffinity:(pid_t pid, unsigned int len,
240:sys_sched_getaffinity:(pid_t pid, unsigned int len,
241:sys_tgkill:(int tgid, int pid, int sig);
243:sys_io_setup:(unsigned nr_reqs, aio_context_t __user *ctx);
244:sys_io_destroy:(aio_context_t ctx);
245:sys_io_getevents:(aio_context_t ctx_id,
246:sys_io_submit:(aio_context_t, long,
247:sys_io_cancel:(aio_context_t ctx_id, struct iocb __user *iocb,
248:sys_exit_group:(int error_code);
249:sys_epoll_create:(int size);
250:sys_epoll_ctl:(int epfd, int op, int fd,
251:sys_epoll_wait:(int epfd, struct epoll_event __user *events,
252:sys_set_tid_address:(int __user *tidptr)
253:sys_s390_fadvise64:
254:sys_timer_create:(clockid_t which_clock,
255:sys_timer_settime:(timer_t timer_id, int flags,
256:sys_timer_gettime:(timer_t timer_id,
257:sys_timer_getoverrun:(timer_t timer_id);
258:sys_timer_delete:(timer_t timer_id);
259:sys_clock_settime:(clockid_t which_clock,
260:sys_clock_gettime:(clockid_t which_clock,
261:sys_clock_getres:(clockid_t which_clock,
262:sys_clock_nanosleep:
264:sys_s390_fadvise64_64:
265:sys_statfs64:(const char __user *path, size_t sz,
266:sys_fstatfs64:(unsigned int fd, size_t sz,
267:sys_remap_file_pages:
271:sys_mq_open:(const char __user *name, int oflag, mode_t mode, struct mq_attr __user *attr);
272:sys_mq_unlink:(const char __user *name)
273:sys_mq_timedsend:(mqd_t mqdes, const char __user *msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *abs_timeout);
274:sys_mq_timedreceive:(mqd_t mqdes, char __user *msg_ptr, size_t msg_len, unsigned int __user *msg_prio, const struct timespec __user *abs_timeout);
275:sys_mq_notify:(mqd_t mqdes, const struct sigevent __user *notification);
276:sys_mq_getsetattr:(mqd_t mqdes, const struct mq_attr __user *mqstat, struct mq_attr __user *omqstat);
277:sys_kexec_load:(unsigned long entry, unsigned long nr_segments,
278:sys_add_key:(const char __user *_type,
279:sys_request_key:(const char __user *_type,
280:sys_keyctl:(int cmd, unsigned long arg2, unsigned long arg3,
281:sys_waitid:(int which, pid_t pid,
282:sys_ioprio_set:(int which, int who, int ioprio)
283:sys_ioprio_get:(int which, int who);
284:sys_inotify_init:(void);
285:sys_inotify_add_watch:(int fd, const char __user *path,
286:sys_inotify_rm_watch:(int fd, __s32 wd);
288:sys_openat:(int dfd, const char __user *filename, int flags,
289:sys_mkdirat:(int dfd, const char __user * pathname, int mode);
290:sys_mknodat:(int dfd, const char __user * filename, int mode,
291:sys_fchownat:(int dfd, const char __user *filename, uid_t user,
292:sys_futimesat:
293:sys_fstatat64:(int dfd, const char __user *filename,
294:sys_unlinkat:(int dfd, const char __user * pathname, int flag);
295:sys_renameat:(int olddfd, const char __user * oldname,
296:sys_linkat:(int olddfd, const char __user *oldname,
297:sys_symlinkat:(const char __user * oldname,
298:sys_readlinkat:(int dfd, const char __user *path, char __user *buf,
299:sys_fchmodat:(int dfd, const char __user * filename,
300:sys_faccessat:(int dfd, const char __user *filename, int mode);
301:sys_pselect6:(int, fd_set __user *, fd_set __user *,
302:sys_ppoll:
303:sys_unshare:(unsigned long unshare_flags);
304:sys_set_robust_list:(struct robust_list_head __user *head,
305:sys_get_robust_list:(int pid,
306:sys_splice:(int fd_in, loff_t __user *off_in,
307:sys_sync_file_range:(int fd, loff_t offset, loff_t nbytes,
308:sys_tee:(int fdin, int fdout, size_t len, unsigned int flags);
309:sys_vmsplice:(int fd, const struct iovec __user *iov,
311:sys_getcpu:(unsigned __user *cpu, unsigned __user *node, struct getcpu_cache __user *cache)
312:sys_epoll_pwait:
313:sys_utimes:(char __user *filename,
314:sys_s390_fallocate:
315:sys_utimensat:(int dfd, const char __user *filename,
316:sys_signalfd:(int ufd, sigset_t __user *user_mask, size_t sizemask);
318:sys_eventfd:(unsigned int count);
319:sys_timerfd_create:(int clockid, int flags);
320:sys_timerfd_settime:(int ufd, int flags,
321:sys_timerfd_gettime:(int ufd, struct itimerspec __user *otmr);
322:sys_signalfd4:(int ufd, sigset_t __user *user_mask, size_t sizemask, int flags)
323:sys_eventfd2:int sys_fork(struct pt_regs *);
324:sys_inotify_init1:(int flags);
325:sys_pipe2:int sys_fork(struct pt_regs *);
326:sys_dup3:(unsigned int oldfd, unsigned int newfd, int flags);
327:sys_epoll_create1:(int flags);
328:sys_preadv:(unsigned long fd, const struct iovec __user *vec,
329:sys_pwritev:(unsigned long fd, const struct iovec __user *vec,
330:sys_rt_tgsigqueueinfo:(pid_t tgid, pid_t  pid, int sig,
331:sys_perf_event_open:(
332:sys_fanotify_init:(unsigned int flags, unsigned int event_f_flags)
333:sys_fanotify_mark:(int fanotify_fd, unsigned int flags,
334:sys_prlimit64:(pid_t pid, unsigned int resource,
335:sys_name_to_handle_at:(int dfd, const char __user *name,
336:sys_open_by_handle_at:(int mountdirfd,
337:sys_clock_adjtime:(clockid_t which_clock,
338:sys_syncfs:(int fd);
339:sys_setns:(int fd, int nstype);
340:sys_process_vm_readv:(pid_t pid,
341:sys_process_vm_writev:(pid_t pid,

64 bit syscall table

Protip: Set the %rax register value to the appropriate integer to invoke the function when invoking syscall or \x0f\x05.
0:read:(unsigned int fd, char __user * buf, size_t count)
1:write:(unsigned int fd, const char __user * buf, size_t count)
2:open:(const char __user * filename, int flags, umode_t mode)
3:close:(unsigned int fd)
4:stat:(const char __user * filename, struct stat __user * statbuf)
5:fstat:(unsigned int fd, struct stat __user * statbuf)
6:lstat:(const char __user * filename, struct stat __user * statbuf)
7:poll:(struct pollfd __user * ufds, unsigned int nfds, int timeout_msecs)
8:lseek:(unsigned int fd, off_t offset, unsigned int whence)
9:mmap:(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long off)
10:mprotect:(unsigned long start, size_t len, unsigned long prot)
11:munmap:(unsigned long addr, size_t len)
12:brk:(unsigned long brk)
13:rt_sigaction:(int sig, const struct sigaction __user * act, struct sigaction __user * oact, size_t sigsetsize)
14:rt_sigprocmask:(int how, sigset_t __user * nset, sigset_t __user * oset, size_t sigsetsize)
15:rt_sigreturn:
16:ioctl:(unsigned int fd, unsigned int cmd, unsigned long arg)
17:pread64:(unsigned int fd, char __user * buf, size_t count, loff_t pos)
18:pwrite64:(unsigned int fd, const char __user * buf, size_t count, loff_t pos)
19:readv:(unsigned long fd, const struct iovec __user * vec, unsigned long vlen)
20:writev:(unsigned long fd, const struct iovec __user * vec, unsigned long vlen)
21:access:(const char __user * filename, int mode)
22:pipe:(int __user * fildes)
23:select:(int n, fd_set __user * inp, fd_set __user * outp, fd_set __user * exp, struct timeval __user * tvp)
24:sched_yield:
25:mremap:(unsigned long brk)
26:msync:(unsigned long start, size_t len, int flags)
27:mincore:(unsigned long start, size_t len, unsigned char __user * vec)
28:madvise:(unsigned long start, size_t len_in, int behavior)
29:shmget:(key_t key, size_t size, int shmflg)
30:shmat:(int shmid, char __user * shmaddr, int shmflg)
31:shmctl:(int shmid, int cmd, struct shmid_ds __user * buf)
32:dup:(unsigned int fildes)
33:dup2:(unsigned int oldfd, unsigned int newfd)
34:pause:
35:nanosleep:(struct timespec __user * rqtp, struct timespec __user * rmtp)
36:getitimer:(int which, struct itimerval __user * value)
37:alarm:(unsigned int seconds)
38:setitimer:(int which, struct itimerval __user * value, struct itimerval __user * ovalue)
39:getpid:
40:sendfile:(int out_fd, int in_fd, loff_t __user * offset, size_t count)
41:socket:(int family, int type, int protocol)
42:connect:(int fd, struct sockaddr __user * uservaddr, int addrlen)
43:accept:(int fd, struct sockaddr __user * upeer_sockaddr, int __user * upeer_addrlen)
44:sendto:(int fd, void __user * buff, size_t len, unsigned int flags, struct sockaddr __user * addr, int addr_len)
45:recvfrom:(int fd, void __user * ubuf, size_t size, unsigned int flags, struct sockaddr __user * addr, int __user * addr_len)
46:sendmsg:(int fd, struct msghdr __user * msg, unsigned int flags)
47:recvmsg:(int fd, struct msghdr __user * msg, unsigned int flags)
48:shutdown:(int fd, int how)
49:bind:(int fd, struct sockaddr __user * umyaddr, int addrlen)
50:listen:(int fd, int backlog)
51:getsockname:(int fd	struct, sockaddr __user * usockaddr, int __user * usockaddr_len)
52:getpeername:(int fd	struct, sockaddr __user * usockaddr, int __user * usockaddr_len)
53:socketpair:(int family, int type, int protocol, int __user * usockvec)
54:setsockopt:(int fd	int level, int optname, char __user * optval, int optlen)
55:getsockopt:(int fd, int level, int optname, char __user * optval, int __user * optlen)
56:clone:(unsigned long clone_flags, unsigned long newsp, int __user * parent_tidptr, int __user * child_tidptr, int tls_val)
57:fork:
58:vfork:
59:execve:(const char __user * filename, const char __user *const __user * argv, const char __user *const __user * envp)
60:exit:(int error_code)
61:wait4:(pid_t upid, int __user * stat_addr, int options, struct rusage __user * ru)
62:kill:(pid_t pid, int sig)
63:uname:(struct new_utsname __user * name)
64:semget:(key_t key, int nsems, int semflg)
65:semop:(int semid, struct sembuf __user * tsops, unsigned nsops)
66:semctl:(int semid, int semnum, int cmd, unsigned long arg)
67:shmdt:
68:msgget
69:msgsnd
70:msgrcv
71:msgctl
72:fcntl
73:flock
74:fsync
75:fdatasync
76:truncate
77:ftruncate
78:getdents
79:getcwd
80:chdir
81:fchdir
82:rename
83:mkdir
84:rmdir
85:creat
86:link
87:unlink
88:symlink
89:readlink
90:chmod
91:fchmod
92:chown
93:fchown
94:lchown
95:umask
96:gettimeofday
97:getrlimit
98:getrusage
99:sysinfo
100:times
101:ptrace
102:getuid
103:syslog
104:getgid
105:setuid
106:setgid
107:geteuid
108:getegid
109:setpgid
110:getppid
111:getpgrp
112:setsid
113:setreuid
114:setregid
115:getgroups
116:setgroups
117:setresuid
118:getresuid
119:setresgid
120:getresgid
121:getpgid
122:setfsuid
123:setfsgid
124:getsid
125:capget
126:capset
127:rt_sigpending
128:rt_sigtimedwait
129:rt_sigqueueinfo
130:rt_sigsuspend
131:sigaltstack
132:utime
133:mknod
134:uselib
135:personality
136:ustat
137:statfs
138:fstatfs
139:sysfs
140:getpriority
141:setpriority
142:sched_setparam
143:sched_getparam
144:sched_setscheduler
145:sched_getscheduler
146:sched_get_priority_max
147:sched_get_priority_min
148:sched_rr_get_interval
149:mlock
150:munlock
151:mlockall
152:munlockall
153:vhangup
154:modify_ldt
155:pivot_root
156:_sysctl
157:prctl
158:arch_prctl
159:adjtimex
160:setrlimit
161:chroot
162:sync
163:acct
164:settimeofday
165:mount
166:umount2
167:swapon
168:swapoff
169:reboot
170:sethostname
171:setdomainname
172:iopl
173:ioperm
174:create_module
175:init_module
176:delete_module
177:get_kernel_syms
178:query_module
179:quotactl
180:nfsservctl
181:getpmsg
182:putpmsg
183:afs_syscall
184:tuxcall
185:security
186:gettid
187:readahead
188:setxattr
189:lsetxattr
190:fsetxattr
191:getxattr
192:lgetxattr
193:fgetxattr
194:listxattr
195:llistxattr
196:flistxattr
197:removexattr
198:lremovexattr
199:fremovexattr
200:tkill
201:time
202:futex
203:sched_setaffinity
204:sched_getaffinity
205:set_thread_area
206:io_setup
207:io_destroy
208:io_getevents
209:io_submit
210:io_cancel
211:get_thread_area
212:lookup_dcookie
213:epoll_create
214:epoll_ctl_old
215:epoll_wait_old
216:remap_file_pages
217:getdents64
218:set_tid_address
219:restart_syscall
220:semtimedop
221:fadvise64
222:timer_create
223:timer_settime
224:timer_gettime
225:timer_getoverrun
226:timer_delete
227:clock_settime
228:clock_gettime
229:clock_getres
230:clock_nanosleep
231:exit_group
232:epoll_wait
233:epoll_ctl
234:tgkill
235:utimes
236:vserver
237:mbind
238:set_mempolicy
239:get_mempolicy
240:mq_open
241:mq_unlink
242:mq_timedsend
243:mq_timedreceive
244:mq_notify
245:mq_getsetattr
246:kexec_load
247:waitid
248:add_key
249:request_key
250:keyctl
251:ioprio_set
252:ioprio_get
253:inotify_init
254:inotify_add_watch
255:inotify_rm_watch
256:migrate_pages
257:openat
258:mkdirat
259:mknodat
260:fchownat
261:futimesat
262:newfstatat
263:unlinkat
264:renameat
265:linkat
266:symlinkat
267:readlinkat
268:fchmodat
269:faccessat
270:pselect6
271:ppoll
272:unshare
273:set_robust_list
274:get_robust_list
275:splice
276:tee
277:sync_file_range
278:vmsplice
279:move_pages
280:utimensat
281:epoll_pwait
282:signalfd
283:timerfd_create
284:eventfd
285:fallocate
286:timerfd_settime
287:timerfd_gettime
288:accept4
289:signalfd4
290:eventfd2
291:epoll_create1
292:dup3
293:pipe2
294:inotify_init1
295:preadv
296:pwritev
297:rt_tgsigqueueinfo
298:perf_event_open
299:recvmmsg
300:fanotify_init
301:fanotify_mark
302:prlimit64
303:name_to_handle_at
304:open_by_handle_at
305:clock_adjtime
306:syncfs
307:sendmmsg
308:setns
309:getcpu
310:process_vm_readv
311:process_vm_writev