Mar 10, 2022

System calls explained

Today I selected another topic in computer science. Before we going to learn assembly or shell coding we need to get a clear idea of system calls. When we talk about computer programs, they do various works. Like printing a string to screen, handling a file, getting user input, exiting the program, etc. All of these tasks are not done by single programs. Every program gets support from the operating system to do some special things. Actually what happens to hear is there is something called Kernel to handle these requests. Windows systems have their kernel while Linux distributions have their own Linux kernel. When a program wants to print a string to screen it'll load arguments (string) and call specific system calls. When the kernel received the call it'll do what wanted. Yes, many systems call for doing various things. Like exit syscall, print syscall, etc. But how do we identify a system call?. There is a unique number for every system call. When we want to use a syscall we call it with its number. Now you know what are system calls. Let's see how we can use them in assembly programs. The easiest system call to understand is the exit system call. It will simply quit the program. Following a small assembly code will demonstrate how we can use exit syscall. Hear I don't go to explain how we can assemble and link assembly programs. Because I'll explain everything about basic assembly in the next tutorial. Till then let's try to get some idea about how system calls work. After you understand system calls we can learn assembly and shell coding very easily.

global _start

section .text


mov eax, 0x1
mov ebx, 0x5
int 0x80

Think about the above code. It'll call exit system call which causes the program to exit. There are three steps we did in the above sys-call. First, we copied 0x1 (in hexadecimal) to the eax register. That is the sys-call number. We know the unique number of exit sys-call is one. So that is the way we tell the kernel which sys-call we wanted to execute. We should fill eax with its sys-call number. As the second step, we copied 0x5 into ebx. What do we expect from it? It is status value. When a program is quiet in Linux there is a special value called status value. It indicated whether a program exited successfully or not.  If a program exits with success it will return zero. Yes, you are correct, we found such a situation at functions in C programming. So hear we returned five. (0x5 in hexadecimal) . That is optional we can return any number. But one another thing. After the program is completed and exited we can get that return value by entering echo $? in our Linux terminal. As the final step, we used a command int 0x80  This is called the interrupt command. By using that we can break the normal program procedures and awake kernel to rest. Now kernel starts its job. First, it'll check eax for sys-call number After it figures out we want exit system call it checks ebx for status value. Finally, it'll do what we wanted. running assembly code In the above pic, you can see I used NASM for assembling and ld for linking my little assembly code. Then I ran it and the result is displayed. Now you have a good idea of system calls. In the next tutorials, we are going to go deep into the assembly. Also, I'll post a tutorial that explains the basics of shellcode. Thanks for reading.

Mar 12
Moving data with assembly

In a normal Windows/Linux environment you have heard about moving data or files. What we do is copy....

Mar 09
How to build a basic tcp server in c

Socket programming is one of the most important features in C. In this document, we are going to....

Mar 12
Termux command list

Termux is a terminal emulator application for mobile devices. In this document, we are going to....

Replying to 's comment Cancel reply
Thilan Danushka Dissanayaka

Thilan Dissanayaka

Hi, I'm Thilan from Srilanka. An undergraduate Engineering student of University of Ruhuna. I love to explorer things about CS, Hacking, Reverse engineering etc.