syscalls-table icon indicating copy to clipboard operation
syscalls-table copied to clipboard

Published 20 hours ago verified publisher icon hrw

List of projects which system calls table helped

Open hrw opened this issue 3 years ago • 20 comments

I know that my system calls table helped some projects. Know few names but would love to see is it still in use (no worry, will maintain it).

So if table helped you in some project then please comment with it's name.

hrw avatar Aug 08 '20 09:08 hrw

systemd: I use this table regularly when updating https://github.com/systemd/systemd/blob/master/src/basic/missing_syscall.h.

keszybz avatar Aug 18 '20 07:08 keszybz

@keszybz do you use tables/syscalls-* files directly or other way?

hrw avatar Aug 18 '20 08:08 hrw

I copied stuff by hand from the html page. But this might change. We are discussing importing a table of syscall numbers into our sources (see https://github.com/systemd/systemd/pull/16739#issuecomment-674872528). I wonder what the best way to do this would be... I think pulling in the tables/* files from here once per release would be a good way. We do something similar with other sources, like pciids, and it works out nicely.

keszybz avatar Aug 18 '20 10:08 keszybz

One solution is grabbing data from my project, other (probably more sane long term) would be using in-kernel files.

Kernel moved to keep syscall numbers in parseable files few releases ago. I use them to check for new system call names.

hrw avatar Aug 18 '20 10:08 hrw

The project helped expanding architecture support for the python-ptrace module. Thanks for your work !

spoutn1k avatar Sep 12 '20 19:09 spoutn1k

I use this table to supply syscall nums to my fuzzer project (it's heavly under the development at this time, I will edit here when I release it). For example i used it mmap syscall for i386, amd64, arm and aarch64 to reserve some memory on the target process by injecting native system call gadget. Thanks for this cool job.

0ffffffffh avatar Mar 03 '21 13:03 0ffffffffh

I created a simple Rust library to wrap your tables/syscalls-* files. The source is available here: https://github.com/willfindlay/sysnames-rs

willfindlay avatar Jun 14 '21 19:06 willfindlay

My "system-calls" Python module uses same data.

More about it in my blog post: Python package for system calls information

hrw avatar Sep 14 '21 17:09 hrw

Hello, I am working on my seminar work to school, its great table very helpfull... It is a pity that it is not possible to go back to the old versions like v3.19.8, that would help me

Maylo99 avatar Nov 04 '21 22:11 Maylo99

@Maylo99 grab code, checkout old kernel version and run against it.

The part collecting system call names would fail but the one checking for presence should work.

If it does not then ping me.

hrw avatar Nov 05 '21 07:11 hrw

@hrw unfortunately i have no idea how to do this... If that didn't take a long time, would you please send me a table from version 3.19.8? I would be very grateful to you

Maylo99 avatar Nov 06 '21 21:11 Maylo99

  1. git clone this repo
  2. cd syscalls-table
  3. unpack Linux source
  4. make KERNELSRC=PATH-TO-LINUX-SOURCE

And then you get system call tables for used Linux version.

Some syscall names may be missing as code for searching for them can go wrong and architectures already removed from kernel appear again and can be done wrong.

hrw avatar Nov 07 '21 15:11 hrw

Thank you it works, I will definitely mention you and your program in my seminar work...

Maylo99 avatar Nov 08 '21 12:11 Maylo99

@hrw one more question when a system call has a big number in that table such as 9437324, is it generating error or how is it represented there? And other numbers are system call ID number? image

Maylo99 avatar Nov 11 '21 17:11 Maylo99

Table shows proper values for each architecture.

Please open new issues for such questions next time.

hrw avatar Nov 11 '21 17:11 hrw

Hi! We, in the falcosecurity org, are using this repo to automatically bump supported syscalls monthly, through a simple go script. We directly use tables/syscalls-$arch from this repo.

Thank you very much for this repo and for your effort! :pray:

FedeDP avatar Nov 11 '22 09:11 FedeDP

I'm a college student studying computer networking and cybersecurity, and I'm working on a project in which I create minimal executables for different architectures that simply call the write and exit syscalls, and print the escape sequence ␛[H␛[J␛[3J, to clear the terminal and scrollback buffer. This is part of a larger exploration of the ELF file format's structure. This project and its associated python program have been incredibly helpful in both making the ARM executables and in writing the documentation.

I've uploaded the binaries to a personal download site, as well as the GitHub repository eliminmax/tiny-clear-elf. I use the same name for the architectures as the Debian project, and aim to make such executables for every architecture officially supported by Debian Bullseye. So far, I've made amd64 (161 bytes), i386 (125 bytes), armel/armhf (130 bytes), and arm64 (166 bytes).

I anticipate that this will continue to be immensely helpful as I move on to mipsel, mips64el, ppc64el, and s390x.

Thank you so much for making this - I know my use case is niche, but it's still incredibly helpful not to need to go hunting for the right header file for the right architecture constantly while working on it.

eliminmax avatar Jan 26 '23 18:01 eliminmax

@eliminmax #include <asm/unistd.h> and use __NR_write and __NR_exit - this way you do not need to check for values.

hrw avatar Jan 26 '23 19:01 hrw

Thanks for the feedback on my project. While could work if I was working in C, I'm creating the binary directly, byte by byte, in a minimalistic hex editor, partly for the esoteric challenge of it, and partly to learn about the basics of different CPU architectures and the ELF file format.

eliminmax avatar Jan 26 '23 19:01 eliminmax

OK, I thought that you use assembly ;D

hrw avatar Jan 26 '23 19:01 hrw