You’ll need the Linux kernel sources in order to see the actual source of the system calls. Manual pages, if installed on your local system, only contain the documentation of the calls and not their source itself. Unfortunately for you, system calls aren’t stored in just one particular location in the whole kernel tree. This … Read more
Disclaimer: using non-exported symbols is in general not a good idea, so you should only do it for testing/educational purposes, not for production-ready modules/drivers. Before Linux v5.7, you indeed would have used kallsyms_lookup_name() to look-up non-exported kernel symbols from a module. See How do I access any kernel symbol in a kernel module? if you … Read more
X86-64 system calls use syscall instruction. This instruction saves return address to rcx, and after that it loads rip from IA32_LSTAR MSR. I.e. rcx is immediately destroyed by syscall. This is the reason why rcx had to be replaced for system call ABI. This same syscall instruction also saves rflags into r11, and then masks … Read more
One example use would be I/O redirection. For this you fork a child process and close the stdin or stdout file descriptors (0 and 1) and then you do a dup() on another filedescriptor of your choice which will now be mapped to the lowest available file descriptor, which is in this case 0 or … Read more
Why can’t you / don’t want to use the LD_PRELOAD trick? Example code here: /* * File: soft_atimes.c * Author: D.J. Capelis * * Compile: * gcc -fPIC -c -o soft_atimes.o soft_atimes.c * gcc -shared -o soft_atimes.so soft_atimes.o -ldl * * Use: * LD_PRELOAD=”./soft_atimes.so” command * * Copyright 2007 Regents of the University of California … Read more
You can’t ret from start; it isn’t a function and there’s no return address on the stack. The stack pointer points at argc on process entry. As n.m. said in the comments, the issue is that you aren’t exiting the program, so execution runs off into garbage code and you get a segfault. What you … Read more
From man 2 write, you can see the signature of write is, ssize_t write(int fd, const void *buf, size_t count); It takes a pointer (const void *buf) to a buffer in memory. You can’t pass it a char by value, so you have to store it to memory and pass a pointer. (Don’t print one … Read more
Since pthreads do not need to be implemented with Linux threads (or kernel threads at all, for that matter), and some implementations are entirely user-level or mixed, the pthreads interface does not provide functions to access these implementation details, as those would not be portable (even across pthreads implementations on Linux). Thread libraries that use … Read more
You first should understand what is the role of the linux kernel, and that applications interact with the kernel only thru system calls. In effect, an application runs on the “virtual machine” provided by the kernel: it is running in the user space and can only do (at the lowest machine level) the set of … Read more