Linux System Calls in Assembly 12-11-2014, 11:06 PM
#1
This section is dead as fuck, and as far as I know, very few tutorials have been posted here. Here goes nothing.
Every Linux system call is enumerated so that they can be referenced by numbers when making the calls in assembly. The syscalls and reference numbers of the calls are all listed in /usr/include/asm-i386/unistd.h
Here's a small snip of it:
For example, someone created a program in C that prints something to the screen. To be rewritten in assembly, we'd make a call to the write() function to output the string and the exit() function so the program closes without any errors. This can be done with two instructions in assembly, mov and int.
x86 Assembly instructions either have one, two, three, or no operands. The operands are numerical values, memory addresses, or processor registers. The x86 processor has several 32-bit registers that can be viewed as hardware variables. The registers include EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP can all be used as operands, while the EIP (execution pointer) can not.
The mov instruction copies a value between its two operands. In Intel assembly syntax, the first operand is the destination and the second operand is the source, because shit is backwards in Intel. The int instruction stands for interrupt, and sends an interruption signal to the kernel, defined by its single operand. In the Linux Kernel, int 0x80 is used to tell the kernel to make a system call. When the int 0x80 instruction is executed, the kernel will make a system call based on the first four registers. The EAX register is used to specify which system call to make, while the EBX, ECX, and EDX registers are used to hold the first, second, and third arguments to the system call. All of these registers can be set using the mov instruction.
In the following assembly code listing, the memory segments are simply declared. The string "dong" with a newline character (0x0a, aka \n) is in the data segment, and the actual assembly instructions are in the text segment. This follows proper memory segmentation practices.
The instructions of this program are straight forward. For the write() syscall to standard output, the value of 4 is put into EAX since the write() function is the 4th system call in unistd.h. Afterwards, the value of 1 is put into EBX, since the first argument of write() should be the file descriptor for standard output, which is stdout.h. Then, the address of the string in the data segment is put into ECX, and the length of the string (in this case, 5 bytes) is put into EDX. After these registers are loaded, the system call interrupt is triggered, which will call the write() function.
To exit cleanly, the exit() function needs to be called with a single argument of 0. So the value of 1 is put into EAX, since the exit() syscall is number one in unistd.h, and the value of 0 is put into EBX, since the first and only argument should be 0. Then the syscall interrupt is triggered again.
I hope at least some of you fags learned something from this. You should know that the foundation of all of your electronics is assembly. Thanks for reading.
Every Linux system call is enumerated so that they can be referenced by numbers when making the calls in assembly. The syscalls and reference numbers of the calls are all listed in /usr/include/asm-i386/unistd.h
Here's a small snip of it:
Code:
#ifndef _ASM_I386_UNISTD_H_
#define _ASM_I386_UNISTD_H_
/*
* This file contains the system call numbers.
*/
#define __NR_restart_syscall 0
#define __NR_exit 1
#define __NR_fork 2
#define __NR_read 3
#define __NR_write 4
#define __NR_open 5
#define __NR_close 6
#define __NR_waitpid 7
#define __NR_creat 8
#define __NR_link 9
#define __NR_unlink 10
#define __NR_execve 11
#define __NR_chdir 12
#define __NR_time 13
#define __NR_mknod 14
#define __NR_chmod 15
#define __NR_lchown 16
#define __NR_break 17
#define __NR_oldstat 18
#define __NR_lseek 19
#define __NR_getpid 20
#define __NR_mount 21
#define __NR_umount 22
#define __NR_setuid 23
#define __NR_getuid 24
#define __NR_stime 25
#define __NR_ptrace 26
#define __NR_alarm 27
#define __NR_oldfstat 28
#define __NR_pause 29
#define __NR_utime 30
#define __NR_stty 31
#define __NR_gtty 32
#define __NR_access 33
#define __NR_nice 34
#define __NR_ftime 35
#define __NR_sync 36
#define __NR_kill 37
#define __NR_rename 38
#define __NR_mkdir 39
#define __NR_rmdir 40
etc etc etc...For example, someone created a program in C that prints something to the screen. To be rewritten in assembly, we'd make a call to the write() function to output the string and the exit() function so the program closes without any errors. This can be done with two instructions in assembly, mov and int.
x86 Assembly instructions either have one, two, three, or no operands. The operands are numerical values, memory addresses, or processor registers. The x86 processor has several 32-bit registers that can be viewed as hardware variables. The registers include EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP can all be used as operands, while the EIP (execution pointer) can not.
The mov instruction copies a value between its two operands. In Intel assembly syntax, the first operand is the destination and the second operand is the source, because shit is backwards in Intel. The int instruction stands for interrupt, and sends an interruption signal to the kernel, defined by its single operand. In the Linux Kernel, int 0x80 is used to tell the kernel to make a system call. When the int 0x80 instruction is executed, the kernel will make a system call based on the first four registers. The EAX register is used to specify which system call to make, while the EBX, ECX, and EDX registers are used to hold the first, second, and third arguments to the system call. All of these registers can be set using the mov instruction.
In the following assembly code listing, the memory segments are simply declared. The string "dong" with a newline character (0x0a, aka \n) is in the data segment, and the actual assembly instructions are in the text segment. This follows proper memory segmentation practices.
Code:
section .data ; Data segment
msg db "dong", 0x0a ; The string to print and newline character
section .text ; Text segment
global _start ; Default entry point for ELF linking
_start:
; SYSCALL: write(1, msg, 5)
mov eax, 4 ; Put 4 into eax, since the write syscall is number 4
mov ebx, 1 ; Put 1 into ebx, since stdout is 1
mov ecx, msg ; Put the address of the string into ecx
mov edx, 5 ; Put 5 into edx, since our string is 5 bytes
int 0x80 ; Interrupt the kernel to make the syscall happen
; SYSCALL: exit(0)
mov eax, 1 ; Put 1 into eax, since exit is syscall number 1
mov ebx, 0 ; Put 0 into ebx, turns exit() into exit(0) to ensure success
int 0x80 ; Interrupt the kernel to perform the syscallThe instructions of this program are straight forward. For the write() syscall to standard output, the value of 4 is put into EAX since the write() function is the 4th system call in unistd.h. Afterwards, the value of 1 is put into EBX, since the first argument of write() should be the file descriptor for standard output, which is stdout.h. Then, the address of the string in the data segment is put into ECX, and the length of the string (in this case, 5 bytes) is put into EDX. After these registers are loaded, the system call interrupt is triggered, which will call the write() function.
To exit cleanly, the exit() function needs to be called with a single argument of 0. So the value of 1 is put into EAX, since the exit() syscall is number one in unistd.h, and the value of 0 is put into EBX, since the first and only argument should be 0. Then the syscall interrupt is triggered again.
I hope at least some of you fags learned something from this. You should know that the foundation of all of your electronics is assembly. Thanks for reading.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
.png "Donator (Rank IV)")
