2

I am trying to write assembly code on Arch Linux armv6l architecture and i need to call execve. For x86 & x86-64 system call number is 59 (64bit) and 11 (32bit) and can be found using below method

$ grep execve /usr/include/x86_64-linux-gnu/asm/unistd_64.h
#define __NR_execve 59
#define __NR_execveat 322
$ grep execve /usr/include/x86_64-linux-gnu/asm/unistd_32.h
#define __NR_execve 11
#define __NR_execveat 358

similarly is there any method to do the same in arm? How to be sure which one will yield the correct system call number? Below is the results from Arm system

$ find /usr/include -name "unistd.h"
/usr/include/bits/unistd.h
/usr/include/sys/unistd.h
/usr/include/linux/unistd.h
/usr/include/asm/unistd.h
/usr/include/unistd.h
/usr/include/asm-generic/unistd.h

$ grep execve /usr/include/asm/unistd-common.h
#define __NR_execve (__NR_SYSCALL_BASE + 11)
#define __NR_execveat (__NR_SYSCALL_BASE + 387)
$ grep execve /usr/include/asm-generic/unistd.h
#define __NR_execve 221
__SC_COMP(__NR_execve, sys_execve, compat_sys_execve)
#define __NR_execveat 281
__SC_COMP(__NR_execveat, sys_execveat, compat_sys_execveat)

Kindly help me to find the right system call number for execve. Thank You.

Linux alarmpi 4.4.34+ #3 Thu Dec 1 14:44:23 IST 2016 armv6l GNU/Linux

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Kanan Jarrus
  • 607
  • 1
  • 12
  • 26
  • 3
    Have you tried simply compiling (or preprocessing) `#include ` / `int callnum = __NR_execve;` to see what number you get? Seems like the obvious way to sort through the `#if` logic in the headers. – Peter Cordes Aug 26 '19 at 02:53
  • 2
    You will need to find the base value in `__NR_SYSCALL_BASE` for your ARM platform and add 11 to it. On some ARM systems the `__NR_SYSCALL_BASE` is 0x0 and on some 0x900000 . This link has some of the system call tables for a variety of platforms (ARM strong and ARM thumb among them): https://w3challs.com/syscalls/ . THe tables also list the the registers used for parameters etc. – Michael Petch Aug 26 '19 at 03:07
  • 1
    @PeterCordes Thank You was able to confirm using that method that it was using 11. – Kanan Jarrus Aug 26 '19 at 03:11
  • @MichaelPetch Thank You for the W3challs link that's pretty handy site. – Kanan Jarrus Aug 26 '19 at 03:12
  • NR_SYSCALL_BASE is almost always zero. It is 0x900000 for some super old systems (pre-2010). The 'thumb' ABI is the same as the ARM with NR_SYSCALL_BASE as zero. If you run some super old StrongARM Linux you might get an OABI system. With a 4.4.43 systems some real strange circumstances would have to combine to make it OABI only. It is possible that the kernel will support both to work with some pre-2010 binary. Many modern Linux are compiled with two tables. You shouldn't find any modern system with 0x9000000 only, but zero only is possible. All hw can use either; it is software only issue. – artless noise Aug 26 '19 at 21:49

0 Answers0