CODEWITHSUNDEEP
linuxgdbsystem-callsdisassembly
user567879
user567879

Reputation: 5349

how to disassemble a system call?

How could I disassemble system call, so that i could get the assembly instructions involved in it

Upvotes: 4

Views: 2818

Answers (3)

shingaridavesh
shingaridavesh

Reputation: 991

For understanding linux system call, browse through the code.

Important files are:

/include/linux/syscalls.h (all the supported system calls in linux)

/arch/arm/kernel/entry-common.S (implementation of system call at register level)

/arch/arm/kernel/calls.S (system call numbers)

/arch/arm/include/asm/unistd.h (address of system call)

Note: system call table can be addressed only from system.map only.

Upvotes: 0

Brad
Brad

Reputation: 11515

Well, you could do something like this. Say I wanted to get an assembly dump of "dup":

Write this:

#include <stdio.h>
#include <sys/file.h>
int main() {
        return dup(0)
}

Compile it:

gcc  -o systest -g3 -O0 systest.c

Dump it:

objdump -d systest

Looking in "main" I see:

  400478:       55                      push   %rbp
  400479:       48 89 e5                mov    %rsp,%rbp
  40047c:       bf 00 00 00 00          mov    $0x0,%edi
  400481:       b8 00 00 00 00          mov    $0x0,%eax
  400486:       e8 1d ff ff ff          callq  4003a8 <dup@plt>
  40048b:       c9                      leaveq
  40048c:       c3                      retq
  40048d:       90                      nop
  40048e:       90                      nop
  40048f:       90                      nop

So looking at "dup@plt" I see:

00000000004003a8 <dup@plt>:
  4003a8:       ff 25 7a 04 20 00       jmpq   *2098298(%rip)        # 600828 <_GLOBAL_OFFSET_TABLE_+0x20>
  4003ae:       68 01 00 00 00          pushq  $0x1
  4003b3:       e9 d0 ff ff ff          jmpq   400388 <_init+0x18>

So it's making a call into a "global offset table", which I would assume has all the syscall vectors. Like the other post said, see the kernel source (or standard library sources?) for details on that.

Upvotes: 4

EmeryBerger
EmeryBerger

Reputation: 3966

I don't think you want to do this. System call handling is complex (see http://www.ibm.com/developerworks/linux/library/l-system-calls/). Since you have tagged this question with "linux", you can just download the source from kernel.org (which will be far more understandable and informative than the assembly code).

Upvotes: 2

Related Questions