Menu
I writing a Linux system call map for the radare2 debugger. This means providing a huge static array mapping system call number to a syscall name name and the number of arguments it takes. This was easy for OpenBSD as the syscall numbers are defined in sys/syscall.h and in a comment above each is the number of args. It was just a matter of writing a script to parse this and throw out the C code for the array.
On linux however, we do not have this luxury. It is easy to get the syscall number from the kernel headers, but how should I get the number of args? The only ideas I have are:
1) Type them in manually. For each and every arch (they vary between arches in linux). All 300+ of the damned things. No way!
2) Parse manual pages.
3) Write a script which tries to call each syscall with 0, 1, 2... args until the program builds. Won't work for varargs, but do syscalls support that?
There has to be a better way. Please help!
889
The ls command internally calls functions from system libraries (aka glibc) on Linux. These libraries invoke the system calls that do most of the work.
There are 116 system calls; documentation for these can be found in the man pages. A system call is a request by a running task to the kernel to provide some sort of service on its behalf.
System calls are identified by their numbers. The number of the call foo is __NR_foo . For example, the number of _llseek used above is __NR__llseek , defined as 140 in /usr/include/asm-i386/unistd.
A kernel system call, or syscall, is an entry point via which usermode code can call functions in the Linux kernel. A syscall table is a mapping between the syscall ID and the kernel address of its implementation.
strace (home page) has tables with all this stuff in (see linux/<platform>/syscallent.h). Source code available in GitHub/strace and GitLab/strace. For example, list of syscalls in x86_64 architecture are in this link.
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
