Think about above code. It'll call exit system call which cause program to exit. There are three steps we did in above sys-call. First we copied 0x1 (in hexadecimal) to eax register.That is the sys-call number. We know unique number of exit sys-call is one. So that is the way we tell kernel which sys-call we wanted to execute. We should fill eax with it's sys-call number. As the second step we copied 0x5 into ebx. What we expected from it?It is status value. When a program quite in Linux there is a special value called status value. It indicated whether a program exited successfully or not. If a program exit with success it will return zero. Yes you are correct, we found such a situation at functions in C programming. So hear we returned five. (0x5 in hexadecimal) . That is optional we can return any number. But one another thing. After program completed and exited we can get that return value by entering echo $? in our Linux terminal. As the final step we used a command int 0x80 This is called interrupt command. By using that we can break normal program procedure and awake kernel to to rest. Now kernel starts it's job. First it'll check eax for sys-call number After it figures out we want exit system call it checks ebx for status value. Finally it'll do what we wanted . In above pic you can see I used nasm for assemble and ld for link my little assembly code. Then I ran it and result is displayed. Now you have a good idea on system calls. In next tutorials we are going to go deep in assembly . Also I'll post a tutorial that explain basics of shellcoding. Thanks for reading.
global _start section .text _start: mov eax, 0x1 mov ebx, 0x5 int 0x80
System calls explained
I'm an engineering student from SriLanka. I study B.Sc engineering @ University of Ruhuna. I love to code with PHP , Python and C.