Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>UPDATE:<br> 1. the 0x80 handler is essentially the same between 2.4 and 2.6, although the function called from the handler is called by the 'syscall' instruction handler for x86-64 in 2.6. 2. the 0x80 handler can be modified like the rest of the kernel.<br> 3. You won't break anything by modifying it, unless you remove backwards compatibility. E.g., you can add your own trace or backdoor if you feel so inclined. The other post that says you will break your libs and toolchain if you modify the handler is incorrect. If you break the dispatch algorithm, or modify the dispatch table incorrectly, then you will break things.<br> 3a. As I originally posted, the best way to extend the 0x80 service is to extend the system call handler.<br> <br> As the kernel source says:<br> <pre>What: The kernel syscall interface Description: This interface matches much of the POSIX interface and is based on it and other Unix based interfaces. It will only be added to over time, and not have things removed from it.</p> <pre><code> Note that this interface is different for every architecture that Linux supports. Please see the architecture-specific documentation for details on the syscall numbers that are to be mapped to each syscall. </code></pre> <p></pre><br> The system call table entries for i386 are in:<br> <code>arch/i386/kernel/syscall_table.S</code><br> <br> Note that the table is a sequence of pointers, so if you want to maintain a degree of forward compatibility with the kernel maintainers, you'd need to pad the table before placement of your pointer.<br> <br> The syscall vector number is defined in <code>irq_vectors</code>.h<br> Then traps.c sets the address of the <code>system_call</code> function via <code>set_system_gate</code>, which places the entry into the interrupt descriptor table. The <code>system_call</code> function itself is in entry.S, and calls the requested pointer from the system call table. <br> There are a few housekeeping details, which you can see reading the code, but direct modification of the 0x80 interrupt handler is accomplished in entry.S inside the <code>system_call</code> function. In a more sane fashion, you can modify the system call table, inserting your own function without modifying the dispatch mechanism.<br> <br> In fact, having read the 2.6 source, it says directly that int 0x80 and x86-64 syscall use the same code, so far. So you can make portable changes for x86-32 and x86-64.<br> END Update<br> <br> The INT 0x80 method invokes the system call table handler. This matches register arguments to a call table, invoking kernel functions based on the contents of the EAX register. You can easily extend the system call table to add custom kernel API functions.<br> <br> This may even work with the new syscall code on x86-64, as it uses the system call table, too.<br> <br> If you alter the current system call table in any manner other than to extend it, you will break all dependent libraries and code, including libc, init, etc.<br> <br> Here's the current Linux system call table: <a href="http://asm.sourceforge.net/syscall.html" rel="nofollow noreferrer">http://asm.sourceforge.net/syscall.html</a><br></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload