Questions tagged [system-call]
A way for an operating system to serve requests from user-space without breaking the user-space and kernel-space memory protection.
27 questions
2
votes
0
answers
57
views
Please help with striped binary reverse
Not so long ago I was engaged in reverse and pwn, I came across such a task
This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are
I ...
- 39
0
votes
1
answer
154
views
ROP: System function not printing results to stdout
in oder to solve a CTF-Challenge I have to construct a small ROP-chain. The scope of the ROP chain is to print the content of the `flag` file. I already constructed the ROP-chain, but it seems that ...
1
vote
0
answers
79
views
How large are privileges of linux kernel module?
I know that kernel modules are practically part of the kernel since it gets loaded inside it. But I am not sure if it really gets all privileges the system has. Can it read/write code inside the ...
- 55
7
votes
1
answer
2k
views
How does API call work on Android (NDK)?
In windows platform, an application usually references its IAT(Import Access Table) to get the address of the APIs it wants, then call it. Then some mechanisms are done as demonstrated here nicely.
...
- 341
0
votes
2
answers
5k
views
How to know the arguments of a Linux syscall?
To my knowledge, this is a decent resource to know the parameters of a Linux syscall. However, this only lists 32 bit syscalls, not the 64 bit ones. Moreover, the reference doesn't say which register ...
- 1,401
1
vote
0
answers
77
views
Threads blocking in kernel when I attach, can't control them
I'm attaching to a simple program and the new thread breaks at DbgBreakPoint as expected. I'm using x64dbg (32-bit). The problem is, when I go to the Threads window it shows all the threads' EIPs as ...
- 153
1
vote
1
answer
2k
views
What's the difference between an interrupt line and the interrupt number
What's the difference between an interrupt line and an interrupt number (like 0x80) ? Also how are IRQs related to syscalls?
- 447
9
votes
1
answer
18k
views
Difference between INT 0X80 and SYSCALL
The SYSCALL instruction is said to be the 64-bit version of INT 0X80, however it's still possible to use the latter in 64-bit code (although strace decodes it wrong because of the 64-bit ABI I guess) ...
- 447
11
votes
3
answers
9k
views
Struggling between syscall or sysenter ( Windows )
As I understand, from windows XP, there is a sysenter instruction introduced, instead of int 2e interrupt.
But on win 10 there is syscall instruction used in ntdll. So is the sysenter used only for ...
4
votes
2
answers
1k
views
What is this hidden stack used by syscalls on Windows?
I've noticed there is a memory region in user mode on Windows 7 x64 WOW64 that changes during syscalls. It is located quite low in the address space and has the characteristics of a stack, i.e. it ...
- 153
1
vote
3
answers
348
views
System programming and reverse engineering
Do I need to learn system programming (e.g. WinAPI and Linux API) to be really good in reverse engineering? Or should I treat it as a reference so that whenever I encounter a system call, I go learn ...
0
votes
1
answer
596
views
How locate (NtUserUnregisterUserApiHook) function in win32k.sys with IDA
Im trying to understand the execution flow from user32.UnregisterUserApiHook to the belonged System call : NtUserUnregisterUserApiHook if i am right.
Currently i cant use Windbg (kernel debugger) to ...
- 17
0
votes
0
answers
443
views
Intercepting syscall in a shared object (dynamically linked)
Ditto. Any technique that allows to intercept sys calls issued from a shared object file? At runtime, the shared object is dlopen'ed by main().
One candidate is to use static binary rewriting (e.g. ...
- 101
1
vote
1
answer
556
views
pintool to intercept writes and VirtualProtect
On Linux the strace.so pintool gives a good overview on how system calls are intercepted in PIN. One could monitor the value of EAX to see which system call is being invoked(and mprotect and writes ...
user1743