Stack Overflow
Stack Overflow

Questions tagged [system-calls]

A system call is used by programs to request services from the operating system's kernel.

3690 questions
12
votes
1 answer

Difference between ptrace(PTRACE_PEEKUSER) and ptrace(PTRACE_PEEKDATA)?

After posting a lot of questions on ptrace (the most recent 5 questions are mine :( ) I finally got the desired output when I replaced reg_val[1] = ptrace(PTRACE_PEEKDATA, child, 4 * EBX, NULL); with reg_val[1] = ptrace(PTRACE_PEEKUSER, child, 4 *…
kidd0
  • 731
  • 2
  • 8
  • 25
12
votes
6 answers

Why is my "cat" function with system calls slower compared to Linux's "cat"?

I've done this function in C using system calls (open, read and write) to simulate the "cat" function in Linux systems and it's slower than the real one... I'm using the same buffer size as the real "cat" and using "strace" I think it's making the…
rfgamaral
  • 16,546
  • 57
  • 163
  • 275
12
votes
3 answers

Using ptrace to track all execve() calls across children

I am trying to write a tool on Linux CentOS to track all spawned processes and what is run. In essence, I'm interested in walking all fork/clones and emitting all the command-lines from execve(). Strace already does (some of) this, but it also…
Clint O
  • 123
  • 1
  • 1
  • 4
12
votes
2 answers

Get CPU usage of a device running Android 8 Oreo

I'm really confused. I have just noticed that starting from Android 8 all system calls like /proc/stat will be disabled. Ok, but what is work around to get CPU Usage in Android 8? No system calls at all. Is there some API that I'm not familiar…
Kamen Stoykov
  • 1,715
  • 3
  • 17
  • 31
12
votes
1 answer

Why do x86-64 Linux system calls work with 6 registers set?

I'm writing a freestanding program in C that depends only on the Linux kernel. I studied the relevant manual pages and learned that on x86-64 the Linux system call entry point receives the system call number and six arguments through the seven…
Matheus Moreira
  • 17,106
  • 3
  • 68
  • 107
12
votes
1 answer

What are the return values of system calls in Assembly?

When I try to research about return values of system calls of the kernel, I find tables that describe them and what do I need to put in the different registers to let them work. However, I don't find any documentation where it states what is that…
Pichi Wuana
  • 732
  • 2
  • 9
  • 35
12
votes
2 answers

Difference in ABI between x86_64 Linux functions and syscalls

The x86_64 SysV ABI's function calling convention defines integer argument #4 to be passed in the rcx register. The Linux kernel syscall ABI, on the other hand, uses r10 for that same purpose. All other arguments are passed in the same registers…
Shachar Shemesh
  • 8,193
  • 6
  • 25
  • 57
12
votes
1 answer

Why can the execve system call run "/bin/sh" without any argv arguments, but not "/bin/ls"?

I am confused with the syscall of __NR_execve. When I learn linux system call. The correct way that I know to use execve is like this: char *sc[2]; sc[0]="/bin/sh"; sc[1]= NULL; execve(sc[0],sc,NULL); Then the function execve will call…
Arvin Hsu
  • 181
  • 1
  • 1
  • 10
12
votes
4 answers

What exactly happens when I hit the Enter button in terms of system_read interrupt, assembly?

I have this code: section .bss buff resb 1 readfromkeyboard: mov eax,3 ;specify system read mov ebx,0 ;specify standard in -> keyboard mov ecx,buff ;where to store what is read mov edx,1 …
Koray Tugay
  • 22,894
  • 45
  • 188
  • 319
12
votes
1 answer

Calling setns from Go returns EINVAL for mnt namespace

The C code works fine and correctly enters the namespace, but the Go code always seems to return EINVAL from the setns call to enter the mnt namespace. I've tried a number of permutations (including embedded C code with cgo and external .so) on Go…
Iain Lowe
  • 311
  • 3
  • 8
12
votes
2 answers

How to hook system calls of my android app (non rooted device)

I am trying to intercept all system calls made by my Android app on a non rooted device. So every time my app writes/reads a file, I want to intercept the system call and encrypt/decrypt the stream for security purposes. The encryption part is no…
John A.
  • 238
  • 1
  • 2
  • 9
12
votes
1 answer

Why is Linux syscall return type "long"?

I am reading Linux Kernel Development, 3rd ed., to learn about the kernel implementation and design. Chapter 5 is about syscalls. The author shows an example of a syscall declaration that is defined using the SYSCALL_DEFINE0 macro, which in that…
Filipe Gonçalves
  • 20,783
  • 6
  • 53
  • 70
12
votes
3 answers

open() doesn't set O_CLOEXEC flag

I try to set O_CLOEXEC flag using open() and have no sucess. Consider the following microtest: #include #include int main() { int fd = open("test.c", O_RDONLY | O_CLOEXEC); int ret = fcntl(fd, F_GETFL); if(ret & O_CLOEXEC)…
Ivan Efremov
  • 158
  • 1
  • 6
12
votes
2 answers

open() system call polymorphism

I just discovered that the open() (man 2 open) system call has two versions: int open(const char *pathname, int flags); int open(const char *pathname, int flags, mode_t mode); And indeed, one can use either in a single C file and both would…
lang2
  • 11,433
  • 18
  • 83
  • 133
12
votes
2 answers

How to know if a Linux system call is restartable or not?

Some system calls can be restarted transparently by the Kernel if the SA_RESTART flag is used when installing the signal handler, according to man signal(7): If a blocked call to one of the following interfaces is interrupted by a signal handler,…
iabdalkader
  • 17,009
  • 4
  • 47
  • 74
1 2 3
99 100