Questions tagged [system-call]

Question 1

Not so long ago I was engaged in reverse and pwn, I came across such a task This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are I ...

Question 2

I'd like to use Miasm's DSE on a binary. This binary makes use of 2 syscalls: exit and ptrace. Miasm provides an implementation of some syscalls, but unfortunately, not of those two. So I tried to ...

Question 3

in oder to solve a CTF-Challenge I have to construct a small ROP-chain. The scope of the ROP chain is to print the content of the `flag` file. I already constructed the ROP-chain, but it seems that ...

Question 4

I've been reading about the way syscalls are called in windows. The general theme in all the articles I read is: 64bit- called inside ntdll 32bit- from ntdll jumping to KiFastSystemcall but when I ...

Question 5

I know that kernel modules are practically part of the kernel since it gets loaded inside it. But I am not sure if it really gets all privileges the system has. Can it read/write code inside the ...

Question 6

I am writing a Pin tool with the following functionality: It has to record instructions with arguments. (works well) It has to record memory access operations associated with instructions. (works well)...

Question 7

In windows platform, an application usually references its IAT(Import Access Table) to get the address of the APIs it wants, then call it. Then some mechanisms are done as demonstrated here nicely. ...

Question 8

I have been looking into ntdll.dll on windows 10 x64 bit, and i noticed a check inside the ntdll like this: So after testing some bit, it tries to execute the system call via int 2eh. I have tried to ...

Question 9

To my knowledge, this is a decent resource to know the parameters of a Linux syscall. However, this only lists 32 bit syscalls, not the 64 bit ones. Moreover, the reference doesn't say which register ...

Question 10

From this question: How does the Windows Native API communicate with the kernel? Here is an example of ZwClose(HANDLE Handle); system call in NTDLL.DLL in Windows 10 X86_64: NtClose proc near ...

Question 11

I'm attaching to a simple program and the new thread breaks at DbgBreakPoint as expected. I'm using x64dbg (32-bit). The problem is, when I go to the Threads window it shows all the threads' EIPs as ...

Question 12

I have a binary which is playing a Morse code using calls to Beep & Sleep. This file is Windows PE32 exe which I open via Wine on my Ubuntu (16.04). How can I extract the arguments which passed ...

Question 13

What's the difference between an interrupt line and an interrupt number (like 0x80) ? Also how are IRQs related to syscalls?

Question 14

I wonder if there some syscall table for Linux ARM64 architecture? I found syscall table for Linux ARM32 and many other architectures, but the problem still exists. Does anyone know where can I find ...

Question 15

The SYSCALL instruction is said to be the 64-bit version of INT 0X80, however it's still possible to use the latter in 64-bit code (although strace decodes it wrong because of the 64-bit ABI I guess) ...

Stack Exchange Network

Questions tagged [system-call]

Please help with striped binary reverse

Implementing syscalls under Miasm

ROP: System function not printing results to stdout

Windows - syscalls being called in a strange way?

How large are privileges of linux kernel module?

Tracing calls, rets and instructions with Intel Pin

How does API call work on Android (NDK)?

int 2eh instead of syscall/sysenter [duplicate]

How to know the arguments of a Linux syscall?

What are the difference syscall and int 0x2E instructions?

Threads blocking in kernel when I attach, can't control them

hooking sleep & beep syscalls

What's the difference between an interrupt line and the interrupt number

ARM64 syscalls table

Difference between INT 0X80 and SYSCALL

Hot Network Questions