flat assembler
Message board for the users of flat assembler.

Index > Linux > System calls .inc files

Author
Thread Post new topic Reply to topic
triplefault



Joined: 28 Mar 2012
Posts: 14
triplefault 13 Jul 2017, 03:27
Edit: as pointed out by alkap, this regex misses a few syscalls, see his answer below this one for a command that doesn't miss any of them.

I am a particularly lazy person so having to manually maintain an include file with system call numbers is not something I want to do. A few months ago I wrote a one-liner to automatically generate those files and now I'm sharing it here because I figured it could be useful to someone.
Note: I am using Debian x86_64 multiarch, the location of these files may be different in your distro. In Debian you must have the package linux-libc-dev installed because it provides the required files.

For the 32 bit calls I use:
Code:
sed -n 's/#define\s\s*[_A-Z][_A-Z]*//p' /usr/include/asm/unistd_32.h | sed -n 's/^\([a-z][_a-z]*\)\s\s*\([0-9][0-9]*\)/sys_\1 = \2/p' > lin32.inc    

And for 64 bit I use:
Code:
sed -n 's/#define\s\s*[_A-Z][_A-Z]*//p' /usr/include/asm/unistd_64.h | sed -n 's/^\([a-z][_a-z]*\)\s\s*\([0-9][0-9]*\)/sys_\1 = \2/p' > lin64.inc    

The command is the same for both files, only file names are changed. If you can't find the files in that location you can use locate <file> to search for them. These files contain all system calls in the format #define __NR_syscall_name syscall_number.

_________________
I should save this password in some place I can remember.


Last edited by triplefault on 14 Jul 2017, 02:09; edited 1 time in total
Post 13 Jul 2017, 03:27
View user's profile Send private message Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 13 Jul 2017, 11:34
You don't seem to capture all the system calls there are, as far as I can tell:
Code:
sed -n 's/#define\s\s*[_A-Z][_A-Z]*//p' /usr/include/asm/unistd_32.h | sed -n 's/^\([a-z][_a-z]*\)\s\s*\([0-9][0-9]*\)/sys_\1 = \2/p' | wc -l
303
    


Matching all the defines containing the NR pattern adds up to several more syscalls. See below.
Code:
sed '/NR/!d;s/#define[^a-z]*//;s/^/sys_/;s/ / = /' /usr/include/asm/unistd_32.h | wc -l
351
    


The same goes for the 64-bit include file:
Code:
sed -n 's/#define\s\s*[_A-Z][_A-Z]*//p' /usr/include/asm/unistd_64.h | sed -n 's/^\([a-z][_a-z]*\)\s\s*\([0-9][0-9]*\)/sys_\1 = \2/p' | wc -l
303
    


Code:
sed '/NR/!d;s/#define[^a-z]*//;s/^/sys_/;s/ / = /' /usr/include/asm/unistd_64.h | wc -l
320
    
Post 13 Jul 2017, 11:34
View user's profile Send private message Send e-mail Reply with quote
triplefault



Joined: 28 Mar 2012
Posts: 14
triplefault 14 Jul 2017, 02:07
alkap wrote:
Matching all the defines containing the NR pattern adds up to several more syscalls.


You are absolutely right, my regex doesn't match syscalls that contain numbers in their names (like sys_vm86). Thank you for fixing and simplifying it.

_________________
I should save this password in some place I can remember.
Post 14 Jul 2017, 02:07
View user's profile Send private message Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 14 Jul 2017, 05:36
No worries at all.
Thanks for sharing this method of retrieving the syscalls.
Post 14 Jul 2017, 05:36
View user's profile Send private message Send e-mail Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 14 Jul 2017, 19:55
In retrospect, expressions 2 and 3 can be combined, like so:
Code:
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_32.h
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_64.h
    
Post 14 Jul 2017, 19:55
View user's profile Send private message Send e-mail Reply with quote
NEASM



Joined: 13 Apr 2018
Posts: 13
NEASM 13 May 2018, 13:12
Can you send me that "inc" files? Thanks in advance.
Post 13 May 2018, 13:12
View user's profile Send private message Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 13 May 2018, 13:32
If you're on a Linux system, you can generate those files by running:
Code:
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_32.h >file.inc
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_64.h >file.inc
    
Post 13 May 2018, 13:32
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20454
Location: In your JS exploiting you and your system
revolution 13 May 2018, 16:04
alkap wrote:
If you're on a Linux system, you can generate those files by running:
Code:
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_32.h >file.inc
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_64.h >file.inc
    
Are the system call numbers the same across all Linux's? I get a bit nervous thinking that some Linux versions might decide to use different values.
Post 13 May 2018, 16:04
View user's profile Send private message Visit poster's website Reply with quote
alkap



Joined: 18 Feb 2015
Posts: 44
Location: Dnipro, Ukraine
alkap 13 May 2018, 20:28
revolution wrote:
alkap wrote:
If you're on a Linux system, you can generate those files by running:
Code:
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_32.h >file.inc
sed '/NR/!d;s/#define[^a-z]*/sys_/;s/ / = /' /usr/include/asm/unistd_64.h >file.inc
    
Are the system call numbers the same across all Linux's? I get a bit nervous thinking that some Linux versions might decide to use different values.


System call numbers may differ on various architectures, e.g. the exit systems call numbers on arm, x86_32 and x86_64 are as follows:
Code:
arch/x86/entry/syscalls/syscall_32.tbl:15
1       common  exit                    sys_exit

arch/x86/entry/syscalls/syscall_64.tbl:71
60      common  exit                    __x64_sys_exit

arch/arm/tools/syscall.tbl:15
1       common  exit                    sys_exit
    

As far as syscall numbers being consistent across different kernel versions, this reference [1] states that all system calls supported by the kernel must be supported indefinitely.
[1] https://www.kernel.org/doc/html/v4.10/process/adding-syscalls.html#designing-the-api-planning-for-extension
Post 13 May 2018, 20:28
View user's profile Send private message Send e-mail Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2568
Furs 16 May 2018, 20:26
revolution wrote:
Are the system call numbers the same across all Linux's? I get a bit nervous thinking that some Linux versions might decide to use different values.
Only different architectures use different values.

It's no different than Windows x64 having different calling conventions/ABI than the 32-bit version, even if the API is the same. The "syscall ID" is also different.

But for the same architecture it will never change, just like how Windows ABIs/APIs don't (usually?) change. WriteFile won't suddenly decide to pass a parameter into a register instead of on the stack on 32-bit ABI, for example (Windows analogy).

(only exception is if the API is so new that barely anyone uses it and a critical problem with it is found, then it's changed, because it is assumed that all the apps which used it (since it's new) will be easily recompiled; I think the term is like at most 1 week to be considered "new")
Post 16 May 2018, 20:26
View user's profile Send private message Reply with quote
Endre



Joined: 29 Dec 2003
Posts: 215
Location: Budapest, Hungary
Endre 21 May 2018, 20:44
Look at this.
Post 21 May 2018, 20:44
View user's profile Send private message Reply with quote
FlierMate



Joined: 21 Jan 2021
Posts: 219
FlierMate 06 Aug 2021, 17:29
On my Debian 10, the directory name is slightly different, it is :

/usr/include/x86_64-linux-gnu/asm
Post 06 Aug 2021, 17:29
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.