├── README.md ├── curl.asm ├── curltomem.asm ├── dlmopen.asm ├── dlopen.asm ├── libssh.asm ├── libsshcpexec.asm ├── libsshexec.asm ├── libsshid.asm ├── libsshkeyi.asm ├── pam.asm ├── syscalls └── linux │ ├── 000_sys_read │ └── sys_read.asm │ ├── 001_sys_write │ └── sys_write.asm │ ├── 002_sys_open │ └── sys_open.asm │ ├── 003_sys_close │ └── sys_close.asm │ ├── 004_sys_stat │ └── sys_stat.asm │ ├── 005_sys_fstat │ └── sys_fstat.asm │ ├── 006_sys_lstat │ └── sys_lstat.asm │ ├── 007_sys_poll │ └── sys_poll.asm │ ├── 008_sys_lseek │ └── sys_lseek.asm │ ├── 009_sys_mmap │ └── sys_mmap.asm │ ├── 010_sys_mprotect │ └── sys_mprotect.asm │ ├── 011_sys_munmap │ └── sys_munmap.asm │ ├── 012_sys_brk │ └── sys_brk.asm │ ├── 013_sys_rt_sigaction │ └── sys_rt_sigaction.asm │ ├── 014_sys_rt_sigprocmask │ └── sys_rt_sigprocmask.asm │ ├── 014_sys_rt_sigreturn │ └── sys_exit.asm │ ├── 015_sys_rt_sigreturn │ └── sys_rt_sigreturn.asm │ ├── 016_sys_ioctl │ └── sys_ioctl.asm │ ├── 017_sys_pread64 │ └── sys_pread64.asm │ ├── 018_sys_pwrite64 │ └── sys_pwrite64.asm │ ├── 019_sys_readv │ └── sys_readv.asm │ ├── 020_sys_writev │ └── sys_writev.asm │ ├── 021_sys_access │ └── sys_access.asm │ ├── 022_sys_pipe │ └── sys_pipe.asm │ ├── 023_sys_select │ └── sys_select.asm │ ├── 024_sched_yield │ └── sys_sched_yield.asm │ ├── 025_sys_mremap │ └── sys_mremap.asm │ ├── 026_sys_msync │ └── sys_msync.asm │ ├── 027_sys_mincore │ └── sys_mincore.asm │ ├── 028_sys_madvise │ └── sys_madvise.asm │ ├── 029_sys_shmget │ └── sys_shmget.asm │ ├── 030_sys_shmat │ └── sys_shmat.asm │ ├── 031_sys_shmctl │ └── sys_shmctl.asm │ ├── 032_sys_dup │ └── sys_dup.asm │ ├── 033_sys_dup2 │ └── sys_dup2.asm │ ├── 034_sys_pause │ └── sys_pause.asm │ ├── 035_sys_nanosleep │ └── sys_nanosleep.asm │ ├── 036_sys_getitimer │ └── sys_getitimer.asm │ ├── 037_sys_alarm │ └── sys_alarm.asm │ ├── 038_sys_setitimer │ └── sys_setitimer.asm │ ├── 039_sys_getpid │ └── sys_getpid.asm │ ├── 040_sys_sendfile │ └── sys_sendfile.asm │ ├── 041_sys_socket │ └── sys_socket.asm │ ├── 042_sys_connect │ └── sys_connect.asm │ ├── 049_sys_bind │ └── sys_bind.asm │ ├── 050_sys_listen │ └── sys_listen.asm │ ├── 059_sys_execve │ └── sys_execve.asm │ ├── 060_sys_exit │ └── sys_exit.asm │ ├── 062_sys_kill │ └── sys_kill.asm │ ├── 063_sys_uname │ └── sys_uname.asm │ ├── 064_sys_semget │ └── sys_semget.asm │ ├── 065_sys_semop │ └── sys_semop.asm │ ├── 066_sys_semctl │ └── sys_semctl.asm │ ├── 067_sys_shmdt │ └── sys_shmdt.asm │ ├── 068_sys_msgget │ └── sys_msgget.asm │ ├── 069_sys_msgsnd │ └── sys_msgsnd.asm │ ├── 070_sys_msgrcv │ └── sys_msgrcv.asm │ ├── 071_sys_msgctl │ └── sys_msgctl.asm │ ├── 074_sys_fsync │ └── sys_fsync.asm │ ├── 075_sys_fdatasync │ └── sys_fdatasync.asm │ ├── 076_sys_truncate │ └── sys_truncate.asm │ ├── 077_sys_ftruncate │ └── sys_ftruncate.asm │ ├── 078_sys_getdents │ └── sys_getdents.asm │ ├── 079_sys_getcwd │ └── sys_getcwd.asm │ ├── 080_sys_chdir │ └── sys_chdir.asm │ ├── 081_sys_fchdir │ └── sys_fchdir.asm │ ├── 082_sys_rename │ └── sys_rename.asm │ ├── 083_sys_mkdir │ └── sys_mkdir.asm │ ├── 084_sys_rmdir │ └── sys_rmdir.asm │ ├── 085_sys_creat │ └── sys_creat.asm │ ├── 086_sys_link │ └── sys_link.asm │ ├── 087_sys_unlink │ └── sys_unlink.asm │ ├── 088_sys_symlink │ └── sys_symlink.asm │ ├── 089_sys_readlink │ └── sys_readlink.asm │ ├── 090_sys_chmod │ └── sys_chmod.asm │ ├── 091_sys_fchmod │ └── sys_fchmod.asm │ ├── 092_sys_chown │ └── sys_chown.asm │ ├── 093_sys_fchown │ └── sys_fchown.asm │ ├── 094_sys_lchown │ └── sys_lchown.asm │ ├── 095_sys_umask │ └── sys_umask.asm │ ├── 096_sys_gettimeofday │ └── sys_gettimeofday.asm │ ├── 097_sys_getrlimit │ └── sys_getrlimit.asm │ ├── 098_sys_getrusage │ └── sys_getrusage.asm │ ├── 099_sys_sysinfo │ └── sys_sysinfo.asm │ ├── 100_sys_times │ └── sys_times.asm │ ├── 102_sys_getuid │ └── sys_getuid.asm │ ├── 104_sys_getgid │ └── sys_getgid.asm │ ├── 105_sys_setuid │ └── sys_setuid.asm │ ├── 106_sys_setgid │ └── sys_setgid.asm │ ├── 107_sys_geteuid │ └── sys_geteuid.asm │ ├── 108_sys_getegid │ └── sys_getgid.asm │ ├── 109_sys_setpgid │ └── sys_setpgid.asm │ ├── 110_sys_getppid │ └── sys_getppid.asm │ ├── 111_sys_getpgrp │ └── sys_getpgrp.asm │ ├── 112_sys_setsid │ └── sys_setsid.asm │ ├── 113_sys_setreuid │ └── sys_setreuid.asm │ ├── 114_sys_setregid │ └── sys_setregid.asm │ ├── 115_sys_getgroups │ └── sys_getgroups.asm │ ├── 116_sys_setgroups │ └── sys_setgroups.asm │ ├── 117_sys_setresuid │ └── sys_setresuid.asm │ ├── 118_sys_getresuid │ └── sys_getresuid.asm │ ├── 120_sys_getresgid │ └── sys_getresgid.asm │ ├── 121_sys_getpgid │ └── sys_getpgid.asm │ ├── 122_sys_setfsuid │ └── sys_setfsuid.asm │ ├── 123_sys_setfsgid │ └── sys_setfsgid.asm │ ├── 124_sys_getsid │ └── sys_getsid.asm │ ├── 125_sys_capget │ └── sys_capget.asm │ ├── 126_sys_capset │ └── sys_capset.asm │ ├── 131_sys_sigaltstack │ └── sys_sigaltstack.asm │ ├── 133_sys_mknod │ └── sys_mknod.asm │ ├── 135_sys_personality │ └── sys_personality.asm │ ├── 136_sys_ustat │ └── sys_ustat.asm │ ├── 137_sys_statfs │ └── sys_statfs.asm │ ├── 138_sys_fstatfs │ └── sys_fstatfs.asm │ ├── 139_sys_sysfs │ └── sys_sysfs.asm │ ├── 140_sys_getpriority │ └── sys_getpriority.asm │ ├── 141_sys_setpriority │ └── sys_setpriority.asm │ ├── 142_sys_sched_setparam │ └── sys_sched_setparam.asm │ ├── 143_sys_sched_getparam │ └── sys_sched_getparam.asm │ ├── 144_sys_setscheduler │ └── sys_setscheduler.asm │ ├── 145_sys_getscheduler │ └── sys_getscheduler.asm │ ├── 146_sys_sched_get_priority_max │ └── sys_sched_get_priority_max.asm │ ├── 147_sys_sched_get_priority_min │ └── sys_sched_get_priority_min.asm │ ├── 149_sys_mlock │ └── sys_mlock.asm │ ├── 150_sys_munlock │ └── sys_munlock.asm │ ├── 151_sys_mlockall │ └── sys_mlockall.asm │ ├── 152_sys_munlockall │ └── sys_munlockall.asm │ ├── 153_sys_vhangup │ └── sys_vhangup.asm │ ├── 155_sys_pivot_root │ └── sys_pivot_root.asm │ ├── 157_sys_prctl │ └── sys_prctl.asm │ ├── 158_sys_arch_prctl │ └── sys_arch_prctl.asm │ ├── 159_sys_adjtimex │ └── sys_adjtimex.asm │ ├── 162_sys_sync │ └── sys_sync.asm │ ├── 163_sys_acct │ └── sys_acct.asm │ ├── 164_sys_settimeofday │ └── sys_settimeofday.asm │ ├── 179_sys_quotactl │ └── sys_quotactl.asm │ ├── 186_sys_gettid │ └── sys_gettid.asm │ ├── 187_sys_readahead │ └── sys_readahead.asm │ ├── 188_sys_setxattr │ └── sys_setxattr.asm │ ├── 189_sys_lsetxattr │ └── sys_lsetxattr.asm │ ├── 190_sys_fsetxattr │ └── sys_fsetxattr.asm │ ├── 191_sys_getxattr │ └── sys_getxattr.asm │ ├── 192_sys_lgetxattr │ └── sys_lgetxattr.asm │ ├── 193_sys_fgetxattr │ └── sys_fgetxattr.asm │ ├── 194_sys_listxattr │ └── sys_listxattr.asm │ ├── 195_sys_llistxattr │ └── sys_llistxattr.asm │ ├── 196_sys_flistxattr │ └── sys_flistxattr.asm │ ├── 197_sys_removexattr │ └── sys_removexattr.asm │ ├── 198_sys_lremovexattr │ └── sys_lremovexattr.asm │ ├── 199_sys_fremovexattr │ └── sys_fremovexattr.asm │ ├── 200_sys_tkill │ └── sys_tkill.asm │ ├── 201_sys_time │ └── sys_time.asm │ ├── 202_sys_futex │ └── sys_futex.asm │ ├── 203_sys_sched_setaffinity │ └── sys_sched_setaffinity.asm │ ├── 204_sys_sched_getaffinity │ └── sys_sched_getaffinity.asm │ ├── 213_sys_epoll_create │ └── sys_epoll_create.asm │ ├── 217_sys_getdents64 │ └── sys_getdents64.asm │ ├── 219_sys_restart_syscall │ └── sys_restart_syscall.asm │ ├── 222_sys_timer_create │ └── sys_timer_create.asm │ ├── 223_sys_timer_settime │ └── sys_timer_settime.asm │ ├── 224_sys_timer_gettime │ └── sys_timer_gettime.asm │ ├── 225_sys_timer_getoverrun │ └── sys_timer_getoverrun.asm │ ├── 226_sys_timer_delete │ └── sys_timer_delete.asm │ ├── 231_sys_exit_group │ └── sys_exit_group.asm │ ├── 233_sys_epoll_ctl │ └── sys_epoll_ctl.asm │ ├── 234_sys_tgkill │ └── sys_tgkill.asm │ ├── 235_sys_utimes │ └── sys_utimes.asm │ ├── 239_sys_getmempolicy │ └── sys_getmempolicy.asm │ ├── 240_sys_mq_open │ └── sys_mq_open.asm │ ├── 241_sys_mq_unlink │ └── sys_mq_unlink.asm │ ├── 242_sys_mq_timedsend │ └── sys_mq_timedsend.asm │ ├── 243_sys_mq_timedreceive │ └── sys_mq_timedreceive.asm │ ├── 245_sys_mq_getsetattr │ └── sys_mq_getsetattr.asm │ ├── 248_sys_add_key │ └── sys_add_key.asm │ ├── 253_sys_inotify_init │ └── sys_inotify_init.asm │ ├── 254_sys_inotify_add_watch │ └── sys_inotify_add_watch.asm │ ├── 255_sys_inotify_rm_watch │ └── sys_inotify_rm_watch.asm │ ├── 272_sys_unshare │ └── sys_unshare.asm │ ├── 277_sys_sync_file_range │ └── sys_sync_file_range.asm │ ├── 283_sys_timerfd_create │ └── sys_timerfd_create.asm │ ├── 284_sys_eventfd │ └── sys_eventfd.asm │ ├── 285_sys_fallocate │ └── sys_fallocate.asm │ ├── 292_sys_dup3 │ └── sys_dup3.asm │ ├── 294_sys_inotify_init1 │ └── sys_inotify_init1.asm │ ├── 306_sys_syncfs │ └── sys_syncfs.asm │ ├── 309_sys_getcpu │ └── sys_getcpu.asm │ ├── 318_sys_getrandom │ └── sys_getrandom.asm │ └── 319_sys_memfd_create │ └── sys_memfd_create.asm ├── tutorial └── asm-101.txt └── wsl.asm /README.md: -------------------------------------------------------------------------------- 1 | # asm 2 | assembly language examples, mostly Linux 3 | 4 | syscalls/linux/ - linux system call examples 5 | curl.asm - simple example of using libcurl 6 | curltomem.asm - libcurl to download file to memfd and exec it 7 | dlopen.asm - simple example of dlopen and dlsym with library 8 | dlmopen.asm - example of dlmopen alternate library loading 9 | libssh.asm - simple example of using libssh passwd auth 10 | libsshexec.asm - libssh passwd auth and execute command 11 | libsshcpexec.asm - libssh passwd auth sftp copy file and exec it 12 | libsshid.asm - libssh verify server identity via known hosts 13 | libsshkeyi.asm - libssh keyboard interactive auth 14 | pam.asm - simple example of using libpam 15 | wsl.asm - detect microsoft windows subsystem for linux 16 | -------------------------------------------------------------------------------- /curl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libcurl example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o curly.o curly.asm 7 | ; gcc curly.o -no-pie -o curly -lcurl 8 | ; 9 | 10 | BITS 64 11 | 12 | extern curl_global_init, curl_easy_init, curl_easy_perform 13 | extern curl_easy_setopt, curl_easy_cleanup, curl_global_cleanup 14 | 15 | %define CURLOPT_URL 10002 16 | %define CURL_GLOBAL_DEFAULT 3 17 | 18 | global main 19 | 20 | main: 21 | push rbp 22 | mov rbp, rsp 23 | mov rdi, CURL_GLOBAL_DEFAULT 24 | xor eax, eax 25 | call curl_global_init 26 | 27 | call curl_easy_init 28 | 29 | cmp rax, 0 30 | je error 31 | 32 | mov [curly], rax 33 | 34 | mov rdi, [curly] 35 | mov rsi, CURLOPT_URL 36 | mov rdx, url 37 | xor rax, rax 38 | call curl_easy_setopt 39 | 40 | cmp rax, 0 41 | jne error 42 | 43 | mov rdi, [curly] 44 | xor eax, eax 45 | call curl_easy_perform 46 | 47 | cmp rax, 0 48 | jne error 49 | 50 | mov rdi, [curly] 51 | xor eax, eax 52 | call curl_easy_cleanup 53 | 54 | call curl_global_cleanup 55 | 56 | pop rbp 57 | xor eax, eax 58 | ret 59 | 60 | error: 61 | pop rbp 62 | mov rax, 1 63 | ret 64 | 65 | section .data 66 | url db 'http://www.example.com/',0 67 | 68 | section .bss 69 | curly resq 1 70 | 71 | -------------------------------------------------------------------------------- /curltomem.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; libcurl download ELF to memfd and exec it 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o curlmem.o curlmem.asm 7 | ; gcc curlmem.o -no-pie -o curlmem -lcurl 8 | ; 9 | 10 | BITS 64 11 | 12 | extern curl_global_init, curl_easy_init, curl_easy_perform 13 | extern curl_easy_setopt, curl_easy_cleanup, curl_global_cleanup 14 | extern fdopen, setvbuf 15 | 16 | %define CURL_GLOBAL_ALL 3 17 | %define CURLOPT_URL 10002 18 | %define CURLOPT_WRITEDATA 10001 19 | %define CURLOPT_USERAGENT 10018 20 | %define CURLOPT_FOLLOWLOCATION 52 21 | %define _IONBF 2 22 | 23 | global main 24 | 25 | main: 26 | push rbp 27 | mov rbp, rsp 28 | mov rdi, CURL_GLOBAL_ALL 29 | xor eax, eax 30 | call curl_global_init 31 | 32 | call curl_easy_init 33 | 34 | cmp rax, 0 35 | je error 36 | 37 | mov [curly], rax 38 | 39 | mov rax, 319 ; memfd_create 40 | mov rdi, mfd 41 | mov rsi, 0 42 | syscall 43 | 44 | add [pfd+14], rax 45 | 46 | mov rdi, rax 47 | mov rsi, md 48 | xor rax, rax 49 | call fdopen 50 | 51 | mov [filea], rax 52 | 53 | mov rdi, rax 54 | mov rsi, 0 55 | mov rdx, _IONBF ; disable buffering 56 | mov rcx, 0 ; else we get only first 4096 57 | call setvbuf ; bytes 58 | 59 | mov rdx, [filea] 60 | mov rdi, [curly] 61 | mov rsi, CURLOPT_WRITEDATA 62 | xor rax, rax 63 | call curl_easy_setopt 64 | 65 | cmp rax, 0 66 | jne error 67 | 68 | mov rdi, [curly] 69 | mov rsi, CURLOPT_URL 70 | mov rdx, url 71 | xor rax, rax 72 | call curl_easy_setopt 73 | 74 | cmp rax, 0 75 | jne error 76 | 77 | mov rdi, [curly] 78 | mov rsi, CURLOPT_USERAGENT 79 | mov rdx, ua 80 | xor eax, eax 81 | call curl_easy_setopt 82 | 83 | cmp rax, 0 84 | jne error 85 | 86 | mov rdi, [curly] 87 | mov rsi, CURLOPT_FOLLOWLOCATION 88 | mov rdx, 1 89 | xor eax, eax 90 | call curl_easy_setopt 91 | 92 | cmp rax, 0 93 | jne error 94 | 95 | mov rdi, [curly] 96 | xor eax, eax 97 | call curl_easy_perform 98 | 99 | cmp rax, 0 100 | jne error 101 | 102 | mov rdi, [curly] 103 | xor eax, eax 104 | call curl_easy_cleanup 105 | 106 | call curl_global_cleanup 107 | 108 | mov rbp, rsp 109 | mov rax, 59 ; sys_execve 110 | mov rdi, pfd 111 | mov rsi, 0 112 | mov rdx, 0 113 | syscall 114 | 115 | pop rbp 116 | xor eax, eax ; shouldn't get here 117 | ret 118 | 119 | error: 120 | pop rbp 121 | mov rax, 1 122 | ret 123 | 124 | section .data 125 | url db 'https://github.com/linuxthor/odds-and-ends/releases/download/0.1/linux.mp3',0 126 | ua db 'libcurl/asm',0 127 | pfd db '/proc/self/fd/0',0 128 | mfd db 'musty',0 129 | md db 'wb',0 130 | 131 | section .bss 132 | curly resq 1 133 | filea resq 1 134 | -------------------------------------------------------------------------------- /dlmopen.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple dlmopen example 4 | ; 5 | ; dlmopen is like dlopen with the added ability 6 | ; to specify a 'linkmap' (aka a 'linker namespace') 7 | ; - either loading/resolving into the main/default 8 | ; namespace or into a new (& separate) namespace 9 | ; 10 | ; assemble with: 11 | ; nasm -f elf64 -o dlmopen.o dlmopen.asm 12 | ; gcc dlmopen.o -no-pie -o dlmopen -ldl 13 | 14 | BITS 64 15 | 16 | extern dlmopen, dlsym, dlclose, printf 17 | 18 | %define RTLD_LAZY 0x001 19 | %define RTLD_NOW 0x002 20 | %define RTLD_BINDING_MASK 0x003 21 | %define RTLD_NOLOAD 0x004 22 | %define RTLD_DEEPBIND 0x008 23 | %define RTLD_GLOBAL 0x00100 24 | %define RTLD_NODELETE 0x010000 25 | 26 | %define LM_ID_BASE 0 27 | %define LM_ID_NEWLM -1 28 | 29 | global main 30 | 31 | main: 32 | push rbp 33 | mov rbp, rsp 34 | 35 | mov rdi, lub 36 | mov rsi, leb 37 | call printf 38 | 39 | mov rdi, LM_ID_NEWLM 40 | mov rsi, lib 41 | mov rdx, RTLD_LAZY 42 | call dlmopen 43 | 44 | mov [output], rax 45 | 46 | mov rdi, [output] 47 | mov rsi, lob 48 | call dlsym 49 | 50 | mov rdi, lub 51 | mov rsi, leb 52 | call rax ; musl uses writev for stdio / so 53 | ; check it's working via strace 54 | 55 | mov rdi, [output] 56 | call dlclose 57 | 58 | mov rdi, lub 59 | mov rsi, leb 60 | call printf 61 | 62 | pop rbp 63 | ret 64 | 65 | section .data 66 | lib db '/usr/local/musl/lib/libc.so',0 67 | lob db 'printf',0 68 | lub db 'ahoy %s mateys!',0x0d,0x0a,0 69 | leb db 'me' 70 | 71 | section .bss 72 | output resb 128 73 | -------------------------------------------------------------------------------- /dlopen.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple dlopen example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o dlopen.o dlopen.asm 7 | ; gcc dlopen.o -no-pie -o dlopen -ldl 8 | 9 | BITS 64 10 | 11 | extern dlopen, dlsym 12 | 13 | %define RTLD_LAZY 0x001 14 | %define RTLD_NOW 0x002 15 | %define RTLD_BINDING_MASK 0x003 16 | %define RTLD_NOLOAD 0x004 17 | %define RTLD_DEEPBIND 0x008 18 | %define RTLD_GLOBAL 0x00100 19 | %define RTLD_NODELETE 0x010000 20 | 21 | global main 22 | 23 | main: 24 | push rbp 25 | mov rbp, rsp 26 | 27 | mov rdi, lib 28 | mov rsi, RTLD_LAZY 29 | call dlopen 30 | 31 | mov rdi, rax 32 | mov rsi, lob 33 | call dlsym 34 | 35 | mov rdi, lub 36 | mov rsi, leb 37 | call rax 38 | 39 | pop rbp 40 | ret 41 | 42 | section .data 43 | lib db 'libc.so.6',0 44 | lob db 'printf',0 45 | lub db 'ahoy %s mateys!',0x0d,0x0a,0 46 | leb db 'me' 47 | -------------------------------------------------------------------------------- /libssh.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libssh example for passwd auth 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o libssh.o libssh.asm 7 | ; gcc libssh.o -no-pie -o libssh -lssh 8 | ; 9 | 10 | BITS 64 11 | 12 | extern ssh_options_set, ssh_new, ssh_connect, ssh_disconnect 13 | extern ssh_free, ssh_userauth_password 14 | 15 | %define SSH_OPTIONS_HOST 0 16 | %define SSH_OPTIONS_USER 4 17 | %define SSH_OK 0 18 | %define SSH_AUTH_SUCCESS 0 19 | 20 | global main 21 | 22 | main: 23 | push rbp 24 | mov rbp, rsp 25 | xor eax, eax 26 | call ssh_new 27 | 28 | cmp rax, 0 29 | je error 30 | 31 | mov [ssh_sesh], rax 32 | 33 | mov rdi, [ssh_sesh] 34 | mov rsi, SSH_OPTIONS_HOST 35 | mov rdx, con 36 | xor rax, rax 37 | call ssh_options_set 38 | 39 | cmp rax, 0 40 | jne error 41 | 42 | mov rdi, [ssh_sesh] 43 | mov rsi, SSH_OPTIONS_USER 44 | mov rdx, usr 45 | xor rax, rax 46 | call ssh_options_set 47 | 48 | cmp rax, 0 49 | jne error 50 | 51 | mov rdi, [ssh_sesh] 52 | xor rax, rax 53 | call ssh_connect 54 | 55 | cmp rax, SSH_OK 56 | jne error 57 | 58 | mov rdi, [ssh_sesh] 59 | mov rsi, 0 60 | mov rdx, pwd 61 | xor rax, rax 62 | call ssh_userauth_password 63 | 64 | cmp rax, SSH_AUTH_SUCCESS 65 | jne error 66 | 67 | mov rdi, [ssh_sesh] 68 | xor rax, rax 69 | call ssh_disconnect 70 | 71 | mov rdi, [ssh_sesh] 72 | xor rax, rax 73 | call ssh_free 74 | 75 | pop rbp 76 | xor eax, eax 77 | ret 78 | 79 | error: 80 | pop rbp 81 | mov rax, 1 82 | ret 83 | 84 | section .data 85 | con db '192.168.0.1',0 86 | usr db 'username',0 87 | pwd db '!passwd!',0 88 | 89 | section .bss 90 | ssh_sesh resq 1 91 | 92 | -------------------------------------------------------------------------------- /libsshcpexec.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libssh example for passwd auth - copy a file 4 | ; to server (sftp) then execute it 5 | ; 6 | ; assemble with: 7 | ; nasm -f elf64 -o libsshcpexec.o libsshcpexec.asm 8 | ; gcc libsshcpexec.o -no-pie -o libsshcpexec -lssh 9 | ; 10 | 11 | BITS 64 12 | 13 | extern ssh_options_set, ssh_new, ssh_connect, ssh_disconnect 14 | extern sftp_init, sftp_new, sftp_open, sftp_write, sftp_free 15 | extern sftp_close, ssh_free, ssh_userauth_password, ssh_channel_new 16 | extern ssh_channel_open_session, ssh_channel_request_exec 17 | extern ssh_channel_close, ssh_channel_free 18 | 19 | %define SSH_OPTIONS_HOST 0 20 | %define SSH_OPTIONS_USER 4 21 | %define SSH_OK 0 22 | %define SSH_AUTH_SUCCESS 0 23 | %define S_IRWXU 448 24 | 25 | global main 26 | 27 | main: 28 | push rbp 29 | mov rbp, rsp 30 | xor eax, eax 31 | call ssh_new 32 | 33 | cmp rax, 0 34 | je error 35 | 36 | mov [ssh_sesh], rax 37 | 38 | mov rdi, [ssh_sesh] 39 | mov rsi, SSH_OPTIONS_HOST 40 | mov rdx, con 41 | xor rax, rax 42 | call ssh_options_set 43 | 44 | cmp rax, 0 45 | jne error 46 | 47 | mov rdi, [ssh_sesh] 48 | mov rsi, SSH_OPTIONS_USER 49 | mov rdx, usr 50 | xor rax, rax 51 | call ssh_options_set 52 | 53 | cmp rax, 0 54 | jne error 55 | 56 | mov rdi, [ssh_sesh] 57 | xor rax, rax 58 | call ssh_connect 59 | 60 | cmp rax, SSH_OK 61 | jne error 62 | 63 | mov rdi, [ssh_sesh] 64 | mov rsi, 0 65 | mov rdx, pwd 66 | xor rax, rax 67 | call ssh_userauth_password 68 | 69 | cmp rax, SSH_AUTH_SUCCESS 70 | jne error 71 | 72 | mov rdi, [ssh_sesh] 73 | xor rax, rax 74 | call sftp_new 75 | 76 | cmp rax, 0 77 | je error 78 | 79 | mov [sftp_sesh], rax 80 | 81 | mov rdi, [sftp_sesh] 82 | xor rax, rax 83 | call sftp_init 84 | 85 | cmp rax, SSH_OK 86 | jne error 87 | 88 | mov rdi, [sftp_sesh] 89 | mov rsi, pth 90 | mov rdx, 577 ; O_WRONLY | O_CREAT | O_TRUNC 91 | mov rcx, S_IRWXU 92 | xor rax, rax 93 | call sftp_open 94 | 95 | cmp rax, 0 96 | je error 97 | 98 | mov [sftp_file], rax 99 | 100 | mov rdi, [sftp_file] 101 | mov rsi, pload 102 | mov rdx, ploadlen 103 | mov rax, rax 104 | call sftp_write 105 | 106 | cmp rax, ploadlen 107 | jne error 108 | 109 | mov rdi, [sftp_file] 110 | xor rax, rax 111 | call sftp_close 112 | 113 | cmp rax, SSH_OK 114 | jne error 115 | 116 | mov rdi, [sftp_sesh] 117 | xor rax, rax 118 | call sftp_free 119 | 120 | mov rdi, [ssh_sesh] 121 | xor rax, rax 122 | call ssh_channel_new 123 | 124 | cmp rax, 0 125 | je error 126 | 127 | mov [ssh_chan], rax 128 | 129 | mov rdi, rax 130 | xor rax, rax 131 | call ssh_channel_open_session 132 | 133 | cmp rax, SSH_OK 134 | jne error 135 | 136 | mov rdi, [ssh_chan] 137 | mov rsi, pth 138 | xor rax, rax 139 | call ssh_channel_request_exec 140 | 141 | cmp rax, SSH_OK 142 | jne error 143 | 144 | mov rdi, [ssh_chan] 145 | call ssh_channel_close 146 | xor rax, rax 147 | 148 | cmp rax, SSH_OK 149 | jne error 150 | 151 | mov rdi, [ssh_chan] 152 | call ssh_channel_free 153 | xor rax, rax 154 | 155 | mov rdi, [ssh_sesh] 156 | xor rax, rax 157 | call ssh_disconnect 158 | 159 | mov rdi, [ssh_sesh] 160 | xor rax, rax 161 | call ssh_free 162 | 163 | pop rbp 164 | xor eax, eax 165 | ret 166 | 167 | error: 168 | pop rbp 169 | mov rax, 1 170 | ret 171 | 172 | section .data 173 | con db '192.168.0.1',0 174 | usr db 'username',0 175 | pwd db '!passwd!',0 176 | pth db '/tmp/success',0 177 | pload: 178 | incbin "pload" 179 | ploadlen equ $-pload 180 | 181 | section .bss 182 | ssh_sesh resq 1 183 | ssh_chan resq 1 184 | sftp_sesh resq 1 185 | sftp_file resq 1 186 | -------------------------------------------------------------------------------- /libsshexec.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libssh example for passwd auth 4 | ; and shell command execution via channel 5 | ; 6 | ; assemble with: 7 | ; nasm -f elf64 -o libsshexec.o libsshexec.asm 8 | ; gcc libsshexec.o -no-pie -o libsshexec -lssh 9 | ; 10 | 11 | BITS 64 12 | 13 | extern ssh_options_set, ssh_new, ssh_connect, ssh_disconnect 14 | extern ssh_free, ssh_userauth_password, ssh_channel_new 15 | extern ssh_channel_open_session, ssh_channel_request_exec 16 | extern ssh_channel_close, ssh_channel_free 17 | 18 | %define SSH_OPTIONS_HOST 0 19 | %define SSH_OPTIONS_USER 4 20 | %define SSH_OK 0 21 | %define SSH_AUTH_SUCCESS 0 22 | 23 | global main 24 | 25 | main: 26 | push rbp 27 | mov rbp, rsp 28 | xor eax, eax 29 | call ssh_new 30 | 31 | cmp rax, 0 32 | je error 33 | 34 | mov [ssh_sesh], rax 35 | 36 | mov rdi, [ssh_sesh] 37 | mov rsi, SSH_OPTIONS_HOST 38 | mov rdx, con 39 | xor rax, rax 40 | call ssh_options_set 41 | 42 | cmp rax, 0 43 | jne error 44 | 45 | mov rdi, [ssh_sesh] 46 | mov rsi, SSH_OPTIONS_USER 47 | mov rdx, usr 48 | xor rax, rax 49 | call ssh_options_set 50 | 51 | cmp rax, 0 52 | jne error 53 | 54 | mov rdi, [ssh_sesh] 55 | xor rax, rax 56 | call ssh_connect 57 | 58 | cmp rax, SSH_OK 59 | jne error 60 | 61 | mov rdi, [ssh_sesh] 62 | mov rsi, 0 63 | mov rdx, pwd 64 | xor rax, rax 65 | call ssh_userauth_password 66 | 67 | cmp rax, SSH_AUTH_SUCCESS 68 | jne error 69 | 70 | mov rdi, [ssh_sesh] 71 | xor rax, rax 72 | call ssh_channel_new 73 | 74 | cmp rax, 0 75 | je error 76 | 77 | mov [ssh_chan], rax 78 | 79 | mov rdi, rax 80 | xor rax, rax 81 | call ssh_channel_open_session 82 | 83 | cmp rax, SSH_OK 84 | jne error 85 | 86 | mov rdi, [ssh_chan] 87 | mov rsi, cmd 88 | xor rax, rax 89 | call ssh_channel_request_exec 90 | 91 | cmp rax, SSH_OK 92 | jne error 93 | 94 | mov rdi, [ssh_chan] 95 | call ssh_channel_close 96 | xor rax, rax 97 | 98 | cmp rax, SSH_OK 99 | jne error 100 | 101 | mov rdi, [ssh_chan] 102 | call ssh_channel_free 103 | xor rax, rax 104 | 105 | mov rdi, [ssh_sesh] 106 | xor rax, rax 107 | call ssh_disconnect 108 | 109 | mov rdi, [ssh_sesh] 110 | xor rax, rax 111 | call ssh_free 112 | 113 | pop rbp 114 | xor eax, eax 115 | ret 116 | 117 | error: 118 | pop rbp 119 | mov rax, 1 120 | ret 121 | 122 | section .data 123 | con db '192.168.0.1',0 124 | usr db 'username',0 125 | pwd db '!passwd!',0 126 | cmd db 'touch /tmp/success',0 127 | 128 | section .bss 129 | ssh_sesh resq 1 130 | ssh_chan resq 1 131 | 132 | -------------------------------------------------------------------------------- /libsshid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libssh example for checking server identity 4 | ; 5 | ; exits with error if server identity not verified 6 | ; via ~/.ssh/known_hosts 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o libsshid.o libsshid.asm 10 | ; gcc libsshid.o -no-pie -o libsshid -lssh 11 | ; 12 | 13 | BITS 64 14 | 15 | extern ssh_options_set, ssh_new, ssh_connect, ssh_disconnect 16 | extern ssh_free, ssh_get_server_publickey, ssh_get_publickey_hash 17 | extern ssh_key_free, ssh_is_server_known 18 | 19 | %define SSH_OPTIONS_HOST 0 20 | %define SSH_OK 0 21 | %define SSH_SERVER_KNOWN_OK 1 22 | %define SSH_SERVER_KNOWN_CHANGED 2 23 | %define SSH_SERVER_FOUND_OTHER 3 24 | %define SSH_SERVER_FILE_NOT_FOUND 4 25 | %define SSH_SERVER_NOT_KNOWN 0 26 | %define SSH_SERVER_ERROR -1 27 | 28 | global main 29 | 30 | main: 31 | push rbp 32 | mov rbp, rsp 33 | xor eax, eax 34 | call ssh_new 35 | 36 | cmp rax, 0 37 | je error 38 | 39 | mov [ssh_sesh], rax 40 | 41 | mov rdi, [ssh_sesh] 42 | mov rsi, SSH_OPTIONS_HOST 43 | mov rdx, con 44 | xor rax, rax 45 | call ssh_options_set 46 | 47 | cmp rax, 0 48 | jne error 49 | 50 | mov rdi, [ssh_sesh] 51 | xor rax, rax 52 | call ssh_connect 53 | 54 | cmp rax, SSH_OK 55 | jne error 56 | 57 | mov rdi, [ssh_sesh] 58 | mov rsi, ssh_key 59 | xor rax, rax 60 | call ssh_get_server_publickey 61 | 62 | cmp rax, 0 63 | jl error 64 | 65 | mov rdi, [ssh_key] 66 | xor rax, rax 67 | call ssh_key_free 68 | 69 | cmp rax, 0 70 | jl error 71 | 72 | mov rdi, [ssh_sesh] 73 | xor rax, rax 74 | call ssh_is_server_known 75 | 76 | cmp rax, SSH_SERVER_KNOWN_OK 77 | jne error 78 | 79 | mov rdi, [ssh_sesh] 80 | xor rax, rax 81 | call ssh_disconnect 82 | 83 | mov rdi, [ssh_sesh] 84 | xor rax, rax 85 | call ssh_free 86 | 87 | xor rax, rax 88 | pop rbp 89 | ret 90 | 91 | error: 92 | mov rax, 1 93 | pop rbp 94 | ret 95 | 96 | section .data 97 | con db '192.168.0.1',0 98 | 99 | section .bss 100 | ssh_sesh resq 1 101 | ssh_key resq 1 102 | -------------------------------------------------------------------------------- /libsshkeyi.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libssh example for keyboard interactive auth 4 | ; 5 | ; (slightly more complex than passwd auth but may be 6 | ; supported where passwd auth is disallowed by config) 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o libsshkeyi.o libsshkeyi.asm 10 | ; gcc libsshkeyi.o -no-pie -o libsshkeyi -lssh 11 | ; 12 | 13 | BITS 64 14 | 15 | extern ssh_options_set, ssh_new, ssh_connect, ssh_disconnect 16 | extern ssh_free, ssh_userauth_kbdint, ssh_userauth_kbdint_setanswer 17 | 18 | %define SSH_OPTIONS_HOST 0 19 | %define SSH_OPTIONS_USER 4 20 | %define SSH_OK 0 21 | %define SSH_AUTH_SUCCESS 0 22 | %define SSH_AUTH_DENIED 1 23 | %define SSH_AUTH_PARTIAL 2 24 | %define SSH_AUTH_INFO 3 25 | %define SSH_AUTH_ERROR -1 26 | 27 | global main 28 | 29 | main: 30 | push rbp 31 | mov rbp, rsp 32 | xor eax, eax 33 | call ssh_new 34 | 35 | cmp rax, 0 36 | je error 37 | 38 | mov [ssh_sesh], rax 39 | 40 | mov rdi, [ssh_sesh] 41 | mov rsi, SSH_OPTIONS_HOST 42 | mov rdx, con 43 | xor rax, rax 44 | call ssh_options_set 45 | 46 | cmp rax, 0 47 | jne error 48 | 49 | mov rdi, [ssh_sesh] 50 | mov rsi, SSH_OPTIONS_USER 51 | mov rdx, usr 52 | xor rax, rax 53 | call ssh_options_set 54 | 55 | cmp rax, 0 56 | jne error 57 | 58 | mov rdi, [ssh_sesh] 59 | xor rax, rax 60 | call ssh_connect 61 | 62 | cmp rax, SSH_OK 63 | jne error 64 | 65 | mov rdi, [ssh_sesh] 66 | mov rsi, 0 67 | mov rdx, 0 68 | xor rax, rax 69 | call ssh_userauth_kbdint 70 | 71 | cmp rax, SSH_AUTH_INFO ; if the server isn't asking for 72 | jne error ; more info we're scuppered... 73 | 74 | kbi: 75 | mov rdi, [ssh_sesh] 76 | mov rsi, 0 ; FIXME we cheat and assume 1st 77 | mov rdx, pwd 78 | xor rax, rax 79 | call ssh_userauth_kbdint_setanswer 80 | 81 | cmp rax, 0 82 | jl error 83 | 84 | mov rdi, [ssh_sesh] 85 | mov rsi, 0 86 | mov rdx, 0 87 | xor rax, rax 88 | call ssh_userauth_kbdint 89 | 90 | cmp rax, SSH_AUTH_INFO ; Server needs more info 91 | je kbi ; or maybe same info again... 92 | ; kbi == keep bloody inputting! 93 | cmp rax, SSH_AUTH_SUCCESS 94 | jne error 95 | 96 | mov rdi, [ssh_sesh] 97 | xor rax, rax 98 | call ssh_disconnect 99 | 100 | mov rdi, [ssh_sesh] 101 | xor rax, rax 102 | call ssh_free 103 | 104 | pop rbp 105 | xor eax, eax 106 | ret 107 | 108 | error: 109 | pop rbp 110 | mov rax, 1 111 | ret 112 | 113 | section .data 114 | con db '192.168.0.1',0 115 | usr db 'username',0 116 | pwd db '!passwd!',0 117 | 118 | section .bss 119 | ssh_sesh resq 1 120 | -------------------------------------------------------------------------------- /pam.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; simple libpam example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o pam.o pam.asm 7 | ; gcc pam.o -no-pie -o pam -lpam -lpam_misc 8 | ; 9 | 10 | BITS 64 11 | 12 | STRUC pamconv 13 | .fp: RESQ 1 14 | .ep: RESB 1 15 | ENDSTRUC 16 | 17 | extern pam_start, pam_authenticate, pam_acct_mgmt, pam_end 18 | extern misc_conv 19 | 20 | %define PAM_SUCCESS 0 21 | 22 | global main 23 | 24 | main: 25 | push rbp 26 | mov rbp, rsp 27 | 28 | mov rbx, misc_conv 29 | mov [conv + pamconv.fp], rbx 30 | 31 | mov rdi, chku 32 | mov rsi, pamu 33 | mov rdx, conv 34 | mov rcx, pamh 35 | xor rax, rax 36 | call pam_start 37 | 38 | cmp rax, PAM_SUCCESS 39 | jne error 40 | 41 | mov rdi, [pamh] 42 | mov rsi, 0 43 | call pam_authenticate 44 | 45 | cmp rax, PAM_SUCCESS 46 | jne error 47 | 48 | mov rdi, [pamh] 49 | mov rsi, 0 50 | call pam_acct_mgmt 51 | 52 | cmp rax, PAM_SUCCESS 53 | jne error 54 | 55 | mov rdi, [pamh] 56 | mov rsi, rax 57 | call pam_end 58 | 59 | pop rbp 60 | ret 61 | 62 | error: 63 | pop rbp 64 | mov rax, 1 65 | ret 66 | 67 | section .data 68 | pamu db 'weirduncle',0 69 | chku db 'check_user',0 70 | 71 | section .bss 72 | pamh resq 1 73 | conv resb pamconv_size 74 | -------------------------------------------------------------------------------- /syscalls/linux/000_sys_read/sys_read.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_read example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_read.o sys_read.asm 7 | ; ld sys_read.o -o sys_read 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 0 ; sys_read 15 | mov rdi, 0 16 | mov rsi, readsb 17 | mov rdx, 16 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | 23 | section .bss 24 | readsb resb 16 25 | -------------------------------------------------------------------------------- /syscalls/linux/001_sys_write/sys_write.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_write example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_write.o sys_write.asm 7 | ; ld sys_write.o -o sys_write 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 1 ; sys_write 15 | mov rdi, 1 16 | mov rsi, string 17 | mov rdx, 6 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | 23 | section .data 24 | string db 'Hiya',0x0d,0x0a,0 25 | -------------------------------------------------------------------------------- /syscalls/linux/002_sys_open/sys_open.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_open example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_open.o sys_open.asm 7 | ; ld sys_open.o -o sys_open 8 | 9 | BITS 64 10 | 11 | %define O_RDONLY 0 12 | %define O_WRONLY 1 13 | %define O_RDWR 2 14 | 15 | global _start 16 | _start: 17 | 18 | mov rax, 2 ; sys_open 19 | mov rdi, filename 20 | mov rsi, O_RDWR 21 | syscall 22 | 23 | mov rax, 60 ; sys_exit 24 | syscall 25 | 26 | section .data 27 | filename db '/dev/null',0 28 | -------------------------------------------------------------------------------- /syscalls/linux/003_sys_close/sys_close.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_close example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_close.o sys_close.asm 7 | ; ld sys_close.o -o sys_close 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 3 ; sys_close 15 | mov rdi, 2 ; stderr 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | syscall 20 | 21 | -------------------------------------------------------------------------------- /syscalls/linux/004_sys_stat/sys_stat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_stat example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_stat.o sys_stat.asm 7 | ; ld sys_stat.o -o sys_stat 8 | 9 | BITS 64 10 | 11 | struc stat 12 | .dev_t resq 1 ; id of device containing file 13 | .ino_t resq 1 ; inode number 14 | .mode_t resd 1 ; file type & mode 15 | .nlnk_t resq 1 ; number hard links 16 | .uid_t resd 1 ; uid of owner 17 | .gid_t resd 1 ; gid of owner 18 | .devr_t resq 1 ; device id (special file) 19 | .off_t resq 1 ; size in bytes 20 | .blks_t resq 1 ; blocksize for i/o 21 | .blkc_t resq 1 ; number of blocks 22 | endstruc 23 | 24 | global _start 25 | _start: 26 | 27 | mov rax, 4 ; sys_stat 28 | mov rdi, file 29 | mov rsi, statstr 30 | syscall 31 | 32 | mov rax, 60 ; sys_exit 33 | mov rdi, [statstr + stat.ino_t] 34 | syscall 35 | 36 | section .data 37 | file db '/etc/passwd',0 38 | 39 | section .bss 40 | statstr resb stat_size 41 | -------------------------------------------------------------------------------- /syscalls/linux/005_sys_fstat/sys_fstat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fstat example 4 | ; 5 | ; sys_fstat is like sys_stat but works on an 6 | ; open file descriptor 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_fstat.o sys_fstat.asm 10 | ; ld sys_fstat.o -o sys_fstat 11 | 12 | BITS 64 13 | 14 | %define O_RDONLY 0 15 | %define O_WRONLY 1 16 | %define O_RDWR 2 17 | 18 | struc stat 19 | .dev_t resq 1 ; id of device containing file 20 | .ino_t resq 1 ; inode number 21 | .mode_t resd 1 ; file type & mode 22 | .nlnk_t resq 1 ; number hard links 23 | .uid_t resd 1 ; uid of owner 24 | .gid_t resd 1 ; gid of owner 25 | .devr_t resq 1 ; device id (special file) 26 | .off_t resq 1 ; size in bytes 27 | .blks_t resq 1 ; blocksize for i/o 28 | .blkc_t resq 1 ; number of blocks 29 | endstruc 30 | 31 | global _start 32 | _start: 33 | mov rax, 2 34 | mov rdi, file 35 | mov rsi, O_RDONLY 36 | syscall 37 | 38 | mov rdi, rax 39 | 40 | mov rax, 5 ; sys_fstat 41 | mov rsi, statstr 42 | syscall 43 | 44 | mov rax, 60 ; sys_exit 45 | mov rdi, [statstr + stat.ino_t] 46 | syscall 47 | 48 | section .data 49 | file db '/etc/passwd',0 50 | 51 | section .bss 52 | statstr resb stat_size 53 | -------------------------------------------------------------------------------- /syscalls/linux/006_sys_lstat/sys_lstat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lstat example 4 | ; 5 | ; sys_lstat is like sys_stat except when called 6 | ; on a symbolic link. In this case information 7 | ; about the link is returned NOT the file it relates 8 | ; to. 9 | ; 10 | ; assemble with: 11 | ; nasm -f elf64 -o sys_stat.o sys_stat.asm 12 | ; ld sys_stat.o -o sys_stat 13 | 14 | BITS 64 15 | 16 | struc stat 17 | .dev_t resq 1 ; id of device containing file 18 | .ino_t resq 1 ; inode number 19 | .mode_t resd 1 ; file type & mode 20 | .nlnk_t resq 1 ; number hard links 21 | .uid_t resd 1 ; uid of owner 22 | .gid_t resd 1 ; gid of owner 23 | .devr_t resq 1 ; device id (special file) 24 | .off_t resq 1 ; size in bytes 25 | .blks_t resq 1 ; blocksize for i/o 26 | .blkc_t resq 1 ; number of blocks 27 | endstruc 28 | 29 | global _start 30 | _start: 31 | 32 | mov rax, 6 ; sys_lstat 33 | mov rdi, file 34 | mov rsi, statstr 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | mov rdi, [statstr + stat.ino_t] 39 | syscall 40 | 41 | section .data 42 | file db '/proc/self/exe',0 43 | 44 | section .bss 45 | statstr resb stat_size 46 | -------------------------------------------------------------------------------- /syscalls/linux/007_sys_poll/sys_poll.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_poll example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_poll.o sys_poll.asm 7 | ; ld sys_poll.o -o sys_poll 8 | 9 | BITS 64 10 | 11 | %define POLLIN 0x001 12 | %define POLLPRI 0x002 13 | %define POLLOUT 0x004 14 | %define POLLMSG 0x400 15 | %define POLLREMOVE 0x1000 16 | %define POLLRDHUP 0x2000 17 | %define POLLERR 0x008 18 | %define POLLHUP 0x010 19 | %define POLLNVAL 0x020 20 | 21 | struc pollfd 22 | .fd resd 1 23 | .events resw 1 24 | .revent resw 1 25 | endstruc 26 | 27 | global _start 28 | _start: 29 | mov dword [pollst + pollfd.fd], 0 30 | mov word [pollst + pollfd.events], POLLIN 31 | 32 | again: 33 | mov rax, 7 ; sys_poll 34 | mov rdi, pollst 35 | mov rsi, 1 ; number of fd 36 | mov rdx, 666 ; timeout in ms 37 | syscall 38 | 39 | cmp rax, 0 ; TIMEOUT 40 | je again 41 | 42 | mov rdi, rax 43 | 44 | mov rax, 60 ; sys_exit 45 | syscall 46 | 47 | section .bss 48 | pollst resb pollfd_size 49 | -------------------------------------------------------------------------------- /syscalls/linux/008_sys_lseek/sys_lseek.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lseek example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_lseek.o sys_lseek.asm 7 | ; ld sys_lseek.o -o sys_lseek 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | ; sys_lseek 17 | %define SEEK_SET 0 ; set to offset 18 | %define SEEK_CUR 1 ; set to position + offset 19 | %define SEEK_END 2 ; set to EOF + offset 20 | 21 | global _start 22 | _start: 23 | mov rax, 2 ; sys_open 24 | mov rdi, filename 25 | mov rsi, O_RDONLY 26 | syscall 27 | 28 | mov rdi, rax 29 | 30 | mov rax, 8 ; sys_lseek 31 | mov rsi, 100 ; offset 32 | mov rdx, SEEK_SET 33 | syscall 34 | 35 | mov rdi, rax 36 | 37 | mov rax, 60 ; sys_exit 38 | syscall 39 | 40 | section .data 41 | filename db '/etc/passwd',0 42 | -------------------------------------------------------------------------------- /syscalls/linux/009_sys_mmap/sys_mmap.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mmap example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_mmap.o sys_mmap.asm 7 | ; ld sys_mmap.o -o sys_mmap 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | ; sys_mmap 17 | %define PROT_READ 0x01 18 | %define PROT_WRITE 0x02 19 | %define PROT_EXEC 0x04 20 | %define PROT_NONE 0x00 21 | 22 | ; must have one of.. 23 | %define MAP_SHARED 0x01 24 | %define MAP_PRIVATE 0x02 25 | 26 | ; can OR one or more of.. 27 | %define MAP_FIXED 0x10 28 | %define MAP_ANONYMOUS 0x20 29 | %define MAP_POPULATE 0x008000 30 | %define MAP_NONBLOCK 0x010000 31 | %define MAP_STACK 0x020000 32 | %define MAP_HUGETLB 0x040000 33 | %define MAP_SYNC 0x080000 34 | %define MAP_FIXED_NOREPLACE 0x100000 35 | 36 | global _start 37 | _start: 38 | mov rax, 2 ; sys_open 39 | mov rdi, filename 40 | mov rsi, O_RDONLY 41 | syscall 42 | 43 | mov [fd], rax 44 | 45 | mov rax, 9 ; sys_mmap 46 | mov rdi, 0 ; NULL to let kernel decide 47 | mov rsi, 512 ; length 48 | mov rdx, PROT_READ 49 | mov r10, MAP_PRIVATE 50 | mov r8, [fd] 51 | mov r9, 0 ; offset 52 | syscall 53 | 54 | mov rax, 60 ; sys_exit 55 | mov rdi, 0 56 | syscall 57 | 58 | section .data 59 | filename db '/etc/passwd',0 60 | 61 | section .bss 62 | fd resb 1 63 | -------------------------------------------------------------------------------- /syscalls/linux/010_sys_mprotect/sys_mprotect.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mprotect example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_mprotect.o sys_mprotect.asm 7 | ; ld sys_mprotect.o -o sys_mprotect 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | ; sys_mmap 17 | %define PROT_READ 0x01 18 | %define PROT_WRITE 0x02 19 | %define PROT_EXEC 0x04 20 | %define PROT_NONE 0x00 21 | 22 | %define MAP_SHARED 0x01 23 | %define MAP_PRIVATE 0x02 24 | 25 | global _start 26 | _start: 27 | mov rax, 2 ; sys_open 28 | mov rdi, filename 29 | mov rsi, O_RDONLY 30 | syscall 31 | 32 | mov [fd], rax 33 | 34 | mov rax, 9 ; sys_mmap 35 | mov rdi, 0 ; NULL to let kernel decide 36 | mov rsi, 512 ; length 37 | mov rdx, PROT_READ 38 | mov r10, MAP_PRIVATE 39 | mov r8, [fd] 40 | mov r9, 0 ; offset 41 | syscall 42 | 43 | mov rdi, rax 44 | 45 | mov rax, 10 ; sys_mprotect 46 | mov rsi, 512 47 | mov rdx, PROT_WRITE 48 | syscall 49 | 50 | mov rax, 60 ; sys_exit 51 | mov rdi, 0 52 | syscall 53 | 54 | section .data 55 | filename db '/etc/passwd',0 56 | 57 | section .bss 58 | fd resb 1 59 | -------------------------------------------------------------------------------- /syscalls/linux/011_sys_munmap/sys_munmap.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_munmap example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_munmap.o sys_munmap.asm 7 | ; ld sys_munmap.o -o sys_munmap 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | ; sys_mmap 17 | %define PROT_READ 0x01 18 | %define PROT_WRITE 0x02 19 | %define PROT_EXEC 0x04 20 | %define PROT_NONE 0x00 21 | 22 | %define MAP_SHARED 0x01 23 | %define MAP_PRIVATE 0x02 24 | 25 | global _start 26 | _start: 27 | mov rax, 2 ; sys_open 28 | mov rdi, filename 29 | mov rsi, O_RDONLY 30 | syscall 31 | 32 | mov [fd], rax 33 | 34 | mov rax, 9 ; sys_mmap 35 | mov rdi, 0 ; NULL to let kernel decide 36 | mov rsi, 512 ; length 37 | mov rdx, PROT_READ 38 | mov r10, MAP_PRIVATE 39 | mov r8, [fd] 40 | mov r9, 0 ; offset 41 | syscall 42 | 43 | mov rdi, rax 44 | 45 | mov rax, 11 ; sys_munmap 46 | mov rsi, 512 47 | syscall 48 | 49 | mov rax, 60 ; sys_exit 50 | mov rdi, 0 51 | syscall 52 | 53 | section .data 54 | filename db '/etc/passwd',0 55 | 56 | section .bss 57 | fd resb 1 58 | -------------------------------------------------------------------------------- /syscalls/linux/012_sys_brk/sys_brk.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_brk example 4 | ; 5 | ; A memory allocation syscall 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_brk.o sys_brk.asm 9 | ; ld sys_brk.o -o sys_brk 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | 16 | mov rax, 12 ; sys_brk 17 | mov rdi, 0 18 | syscall ; get current 19 | 20 | add rax, 4096 ; add 4096 bytes 21 | mov rdi, rax ; 22 | 23 | mov rax, 12 ; allocating 24 | syscall ; some memory 25 | 26 | mov rax, 60 ; sys_exit 27 | mov rdi, 0 28 | syscall 29 | 30 | -------------------------------------------------------------------------------- /syscalls/linux/013_sys_rt_sigaction/sys_rt_sigaction.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_rt_sigaction example 4 | ; 5 | ; This one is nuts 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_rt_sigaction.o sys_rt_sigaction.asm 9 | ; ld sys_rt_sigaction.o -o sys_rt_sigaction 10 | 11 | BITS 64 12 | 13 | %define SIGHUP 1 14 | %define SIGINT 2 15 | %define SIGQUIT 3 16 | %define SIGILL 4 17 | %define SIGTRAP 5 18 | %define SIGABRT 6 19 | %define SIGBUS 7 20 | %define SIGFPE 8 21 | %define SIGUSR1 10 22 | %define SIGSEGV 11 23 | %define SIGUSR2 12 24 | %define SIGPIPE 13 25 | %define SIGALRM 14 26 | %define SIGTERM 15 27 | %define SIGSTKFLT 16 28 | %define SIGCHLD 17 29 | %define SIGCONT 18 30 | %define SIGTSTP 20 31 | %define SIGTTIN 21 32 | %define SIGTTOU 22 33 | %define SIGURG 23 34 | %define SIGXCPU 24 35 | %define SIGXFSZ 25 36 | %define SIGVTALRM 26 37 | %define SIGPROF 27 38 | %define SIGWINCH 28 39 | %define SIGIO 29 40 | 41 | %define SIG_DFL 0 42 | %define SIG_IGN 1 43 | %define SIG_ERR -1 44 | 45 | struc sigaction 46 | .sa_handler resq 1 47 | .sa_sigacti resq 1 48 | .sa_mask resq 1 49 | .sa_flag resq 1 50 | .sa_restore resq 1 51 | endstruc 52 | 53 | global _start 54 | _start: 55 | mov rax, 13 ; sys_rt_sigaction 56 | mov rdi, SIGSEGV 57 | mov qword [sastr + sigaction.sa_handler], SIG_IGN 58 | mov rsi, sastr 59 | mov rdx, 0 60 | mov r10, 8 ; sort of sizeof(sigset_t).. ;-) 61 | syscall 62 | 63 | mov rax, 60 ; sys_exit 64 | mov rdi, 0 65 | syscall 66 | 67 | section .bss 68 | sastr resb sigaction_size 69 | -------------------------------------------------------------------------------- /syscalls/linux/014_sys_rt_sigprocmask/sys_rt_sigprocmask.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_rt_sigprocmask example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_rt_sigprocmask.o sys_rt_sigprocmask.asm 7 | ; ld sys_rt_sigprocmask.o -o sys_rt_sigprocmask 8 | 9 | BITS 64 10 | 11 | %define SIG_BLOCK 0 12 | %define SIG_UNBLOCK 1 13 | %define SIG_SETMASK 2 14 | 15 | global _start 16 | _start: 17 | mov rax, 14 ; sys_rt_sigprocmask 18 | mov rdi, SIG_SETMASK 19 | mov rsi, 0 20 | mov rdx, oldset 21 | mov r10, 8 22 | mov r8, 8 23 | syscall 24 | 25 | mov rax, 60 ; sys_exit 26 | mov rdi, oldset 27 | syscall 28 | 29 | section .bss 30 | oldset resq 1 31 | -------------------------------------------------------------------------------- /syscalls/linux/014_sys_rt_sigreturn/sys_exit.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_exit example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_exit.o sys_exit.asm 7 | ; ld sys_exit.o -o sys_exit 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 60 ; sys_exit 15 | mov rdi, 666 16 | syscall 17 | -------------------------------------------------------------------------------- /syscalls/linux/015_sys_rt_sigreturn/sys_rt_sigreturn.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_rt_sigreturn example 4 | ; 5 | ; don't call it.. will probably segfault etc.. see manpage 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_rt_signreturn.o sys_rt_sigreturn.asm 9 | ; ld sys_rt_sigreturn.o -o sys_rt_sigreturn 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | mov rax, 15 ; sys_rt_sigreturn 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/016_sys_ioctl/sys_ioctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_ioctl example 4 | ; 5 | ; NOTE: no single standard - Arguments, returns, and semantics of ioctl() 6 | ; vary according to the device driver in question 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_ioctl.o sys_ioctl.asm 10 | ; ld sys_ioctl.o -o sys_ioctl 11 | 12 | BITS 64 13 | 14 | ; sys_open 15 | %define O_RDONLY 0x0000 16 | %define O_WRONLY 0x0001 17 | %define O_RDWR 0x0002 18 | %define O_NONBLOCK 0x0004 19 | 20 | ; sys_ioctl (not exhaustive..) 21 | ; for there 22 | ; ..are.. 23 | ; loads.. 24 | %define TCGETS 0x5401 25 | %define TCSETS 0x5402 26 | %define TCSETSW 0x5403 27 | %define TCSETSF 0x5404 28 | %define TCGETA 0x5405 29 | %define TCSETA 0x5406 30 | %define TCSETAW 0x5407 31 | %define TCSETAF 0x5408 32 | %define TCSBRK 0x5409 33 | %define TCXONC 0x540A 34 | %define TCFLSH 0x540B 35 | %define TIOCEXCL 0x540C 36 | %define TIOCNXCL 0x540D 37 | %define TIOCSCTTY 0x540E 38 | %define TIOCGPGRP 0x540F 39 | %define TIOCSPGRP 0x5410 40 | %define TIOCOUTQ 0x5411 41 | %define TIOCSTI 0x5412 42 | %define TIOCGWINSZ 0x5413 43 | %define TIOCSWINSZ 0x5414 44 | %define TIOCMGET 0x5415 45 | %define TIOCMBIS 0x5416 46 | %define TIOCMBIC 0x5417 47 | %define TIOCMSET 0x5418 48 | %define TIOCGSOFTCAR 0x5419 49 | %define TIOCSSOFTCAR 0x541A 50 | %define FIONREAD 0x541B 51 | %define TIOCLINUX 0x541C 52 | %define TIOCCONS 0x541D 53 | %define TIOCGSERIAL 0x541E 54 | %define TIOCSSERIAL 0x541F 55 | %define TIOCPKT 0x5420 56 | %define FIONBIO 0x5421 57 | %define TIOCNOTTY 0x5422 58 | %define TIOCSETD 0x5423 59 | %define TIOCGETD 0x5424 60 | 61 | global _start 62 | _start: 63 | mov rax, 2 ; sys_open 64 | mov rdi, filename 65 | mov rsi, O_RDONLY 66 | syscall 67 | 68 | mov rdi, rax 69 | 70 | mov rax, 16 ; sys_ioctl 71 | mov rsi, TCGETS 72 | mov rdx, ioreturn 73 | syscall 74 | 75 | mov rdi, [ioreturn] 76 | 77 | mov rax, 60 ; sys_exit 78 | mov rdi, 0 79 | syscall 80 | 81 | section .data 82 | filename db '/dev/ttyS0',0 83 | 84 | section .bss 85 | ioreturn resb 1 86 | -------------------------------------------------------------------------------- /syscalls/linux/017_sys_pread64/sys_pread64.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_pread64 example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_pread64.o sys_pread64.asm 7 | ; ld sys_pread64.o -o sys_pread64 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | global _start 17 | _start: 18 | mov rax, 2 ; sys_open 19 | mov rdi, filename 20 | mov rsi, O_RDONLY 21 | syscall 22 | 23 | mov rdi, rax 24 | 25 | mov rax, 17 ; sys_pread64 26 | mov rsi, readsb ; buffer 27 | mov rdx, 16 ; count 28 | mov r10, 64 ; offset 29 | syscall 30 | 31 | mov rax, 60 ; sys_exit 32 | mov rdi, 0 33 | syscall 34 | 35 | section .data 36 | filename db '/etc/passwd',0 37 | 38 | section .bss 39 | readsb resb 16 40 | -------------------------------------------------------------------------------- /syscalls/linux/018_sys_pwrite64/sys_pwrite64.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_pwrite64 example 4 | ; 5 | ; write data at some offset in a file 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_pwrite64.o sys_pwrite64.asm 9 | ; ld sys_pwrite64.o -o sys_pwrite64 10 | 11 | BITS 64 12 | 13 | ; sys_open 14 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 15 | 16 | global _start 17 | _start: 18 | mov rax, 2 ; sys_open 19 | mov rdi, filename 20 | mov rsi, O_FLAGS 21 | syscall 22 | 23 | mov rdi, rax 24 | 25 | mov rax, 18 ; sys_pwrite64 26 | mov rsi, alphabyt ; buffer 27 | mov rdx, 30 ; count 28 | mov r10, 64 ; offset 29 | syscall 30 | 31 | mov rax, 60 ; sys_exit 32 | mov rdi, 0 33 | syscall 34 | 35 | section .data 36 | filename db '/tmp/atmpfil',0 37 | alphabyt db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234' 38 | 39 | -------------------------------------------------------------------------------- /syscalls/linux/019_sys_readv/sys_readv.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_readv example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_readv.o sys_readv.asm 7 | ; ld sys_readv.o -o sys_readv 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | struc iovec 17 | .iov_base resq 1 18 | .iov_len resq 1 19 | endstruc 20 | 21 | global _start 22 | _start: 23 | mov qword [vectors0 + iovec.iov_base], data0 24 | mov qword [vectors0 + iovec.iov_len], 32 25 | mov qword [vectors1 + iovec.iov_base], data1 26 | mov qword [vectors1 + iovec.iov_len], 32 27 | 28 | mov rax, 2 ; sys_open 29 | mov rdi, filename 30 | mov rsi, O_RDONLY 31 | syscall 32 | 33 | mov rdi, rax 34 | 35 | mov rax, 19 ; sys_readv 36 | mov rsi, vectors0 37 | mov rdx, 2 38 | syscall 39 | 40 | mov rax, 60 ; sys_exit 41 | mov rdi, 0 42 | syscall 43 | 44 | section .data 45 | filename db '/etc/passwd',0 46 | 47 | section .bss 48 | vectors0 resb iovec_size 49 | vectors1 resb iovec_size 50 | data0 resb 32 51 | data1 resb 32 52 | -------------------------------------------------------------------------------- /syscalls/linux/020_sys_writev/sys_writev.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_writev example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_writev.o sys_writev.asm 7 | ; ld sys_writev.o -o sys_writev 8 | 9 | BITS 64 10 | 11 | struc iovec 12 | .iov_base resq 1 13 | .iov_len resq 1 14 | endstruc 15 | 16 | global _start 17 | _start: 18 | mov qword [vectors0 + iovec.iov_base], string0 19 | mov qword [vectors0 + iovec.iov_len], 5 20 | mov qword [vectors1 + iovec.iov_base], string1 21 | mov qword [vectors1 + iovec.iov_len], 3 22 | 23 | mov rax, 20 ; sys_writev 24 | mov rdi, 1 25 | mov rsi, vectors0 26 | mov rdx, 2 27 | syscall 28 | 29 | mov rax, 60 ; sys_exit 30 | mov rdi, 0 31 | syscall 32 | 33 | section .data 34 | string0 db 'Hiya!',0 35 | string1 db '!',0x0d,0x0a,0 36 | 37 | section .bss 38 | vectors0 resb iovec_size 39 | vectors1 resb iovec_size 40 | -------------------------------------------------------------------------------- /syscalls/linux/021_sys_access/sys_access.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_access example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_access.o sys_access.asm 7 | ; ld sys_access.o -o sys_access 8 | 9 | BITS 64 10 | 11 | ; check if file exists.. 12 | %define F_OK 0 13 | 14 | ; or for certain permissions.. 15 | %define X_OK 0x01 16 | %define W_OK 0x02 17 | %define R_OK 0x04 18 | 19 | global _start 20 | _start: 21 | 22 | mov rax, 21 ; sys_access 23 | mov rdi, filename 24 | mov rsi, F_OK 25 | syscall 26 | 27 | mov rax, 60 ; sys_exit 28 | mov rdi, 0 29 | syscall 30 | 31 | section .data 32 | filename db '/bin/bash',0 33 | -------------------------------------------------------------------------------- /syscalls/linux/022_sys_pipe/sys_pipe.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_pipe example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_pipe.o sys_pipe.asm 7 | ; ld sys_pipe.o -o sys_pipe 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 22 ; sys_pipe 14 | mov rdi, pipefd0 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, [pipefd1] 19 | syscall 20 | 21 | section .bss 22 | pipefd0 resd 1 23 | pipefd1 resd 1 24 | -------------------------------------------------------------------------------- /syscalls/linux/023_sys_select/sys_select.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_select example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_select.o sys_select.asm 7 | ; ld sys_select.o -o sys_select 8 | 9 | BITS 64 10 | 11 | struc timeval 12 | .tv_sec resq 1 13 | .tv_usec resq 1 14 | endstruc 15 | 16 | global _start 17 | _start: 18 | mov qword [timeout + timeval.tv_sec], 5 19 | mov qword [timeout + timeval.tv_usec], 50 20 | 21 | mov qword [fd_set], 1 22 | 23 | mov rax, 23 ; sys_select 24 | mov rdi, 1 25 | mov rsi, fd_set 26 | mov rdx, 0 27 | mov r10, 0 28 | mov r8, timeout 29 | syscall 30 | 31 | mov rax, 60 ; sys_exit 32 | mov rdi, 0 33 | syscall 34 | 35 | section .bss 36 | timeout resb timeval_size 37 | ; the size of the fd_set is something like 64 per long 38 | ; https://stackoverflow.com/questions/18952564/ 39 | ; understanding-fd-set-in-unix-sys-select-h 40 | fd_set resq 1 41 | 42 | -------------------------------------------------------------------------------- /syscalls/linux/024_sched_yield/sys_sched_yield.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_yield example 4 | ; 5 | ; yield the scheduler and go the the back of the queue 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_sched_yield.o sys_sched_yield.asm 9 | ; ld sys_sched_yield.o -o sys_sched_yield 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | 16 | mov rax, 24 ; sys_sched_yield 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, 0 21 | syscall 22 | -------------------------------------------------------------------------------- /syscalls/linux/025_sys_mremap/sys_mremap.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mremap example 4 | ; 5 | ; expand or shrink a memory mapping 6 | ; maybe moving it at the same time 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_mremap.o sys_mremap.asm 10 | ; ld sys_mremap.o -o sys_mremap 11 | 12 | BITS 64 13 | 14 | %define MREMAP_MAYMOVE 1 15 | %define MREMAP_FIXED 2 16 | 17 | global _start 18 | _start: 19 | 20 | mov rax, 12 ; sys_brk 21 | mov rdi, 0 22 | syscall 23 | 24 | mov [breaker], rax 25 | 26 | add rax, 4096 27 | mov rdi, rax 28 | mov rax, 12 ; sys_brk 29 | syscall 30 | 31 | mov rax, 25 ; sys_mremap 32 | mov rsi, 4096 33 | mov rdi, [breaker] 34 | mov rdx, 8192 35 | mov r10, MREMAP_MAYMOVE 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .bss 43 | breaker resq 1 44 | -------------------------------------------------------------------------------- /syscalls/linux/026_sys_msync/sys_msync.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_msync example 4 | ; 5 | ; synchronise ye file with a memory map 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_msync.o sys_msync.asm 9 | ; ld sys_msync.o -o sys_msync 10 | 11 | BITS 64 12 | 13 | %define MS_ASYNC 1 14 | %define MS_SYNC 4 15 | %define MS_INVALIDATE 2 16 | 17 | ; sys_open 18 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 19 | 20 | ; sys_mmap 21 | %define PROT_READ 0x01 22 | %define PROT_WRITE 0x02 23 | %define PROT_EXEC 0x04 24 | %define PROT_NONE 0x00 25 | 26 | ; must have one of.. 27 | %define MAP_SHARED 0x01 28 | %define MAP_PRIVATE 0x02 29 | 30 | ; can OR one or more of.. 31 | %define MAP_FIXED 0x10 32 | %define MAP_ANONYMOUS 0x20 33 | %define MAP_POPULATE 0x008000 34 | %define MAP_NONBLOCK 0x010000 35 | %define MAP_STACK 0x020000 36 | %define MAP_HUGETLB 0x040000 37 | %define MAP_SYNC 0x080000 38 | %define MAP_FIXED_NOREPLACE 0x100000 39 | 40 | global _start 41 | _start: 42 | mov rax, 2 ; sys_open 43 | mov rdi, filename 44 | mov rsi, O_FLAGS 45 | syscall 46 | 47 | mov [fd], rax 48 | 49 | mov rax, 9 ; sys_mmap 50 | mov rdi, 0 ; NULL to let kernel decide 51 | mov rsi, 512 ; length 52 | mov rdx, PROT_WRITE 53 | mov r10, MAP_PRIVATE 54 | mov r8, [fd] 55 | mov r9, 0 ; offset 56 | syscall 57 | 58 | mov rdi, rax 59 | 60 | mov rax, 26 ; sys_msync 61 | mov rsi, 512 62 | mov rdx, MS_ASYNC 63 | syscall 64 | 65 | mov rax, 60 ; sys_exit 66 | mov rdi, 0 67 | syscall 68 | 69 | section .data 70 | filename db '/tmp/fungus',0 71 | 72 | section .bss 73 | fd resb 1 74 | -------------------------------------------------------------------------------- /syscalls/linux/027_sys_mincore/sys_mincore.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mincore example 4 | ; 5 | ; see if some page is currently resident in memory 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mincore.o sys_mincore.asm 9 | ; ld sys_mincore.o -o sys_mincore 10 | 11 | BITS 64 12 | 13 | ; sys_open 14 | %define O_RDONLY 0 15 | 16 | ; sys_mmap 17 | %define PROT_READ 0x01 18 | %define MAP_PRIVATE 0x02 19 | 20 | global _start 21 | _start: 22 | mov rax, 2 ; sys_open 23 | mov rdi, filename 24 | mov rsi, O_RDONLY 25 | syscall 26 | 27 | mov [fd], rax 28 | 29 | mov rax, 9 ; sys_mmap 30 | mov rdi, 0 31 | mov rsi, 512 32 | mov rdx, PROT_READ 33 | mov r10, MAP_PRIVATE 34 | mov r8, [fd] 35 | mov r9, 0 36 | syscall 37 | 38 | mov rdi, rax 39 | 40 | mov rax, 27 ; sys_mincore 41 | mov rsi, 512 42 | mov rdx, vector 43 | syscall 44 | 45 | mov rax, 60 ; sys_exit 46 | mov rdi, 0 47 | syscall 48 | 49 | section .data 50 | filename db '/etc/passwd',0 51 | 52 | section .bss 53 | fd resb 1 54 | ; at least (len + PAGE_SIZE-1) / PAGE_SIZE bytes: 55 | vector resq 1 56 | -------------------------------------------------------------------------------- /syscalls/linux/028_sys_madvise/sys_madvise.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_madvise example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_madvise.o sys_madvise.asm 7 | ; ld sys_madvise.o -o sys_madvise 8 | 9 | BITS 64 10 | 11 | %define MADV_NORMAL 0 12 | %define MADV_RANDOM 1 13 | %define MADV_SEQUENTIAL 2 14 | %define MADV_WILLNEED 3 15 | %define MADV_DONTNEED 4 16 | 17 | ; sys_open 18 | %define O_RDONLY 0 19 | 20 | ; sys_mmap 21 | %define PROT_READ 0x01 22 | %define MAP_PRIVATE 0x02 23 | 24 | global _start 25 | _start: 26 | mov rax, 2 ; sys_open 27 | mov rdi, filename 28 | mov rsi, O_RDONLY 29 | syscall 30 | 31 | mov [fd], rax 32 | 33 | mov rax, 9 ; sys_mmap 34 | mov rdi, 0 35 | mov rsi, 4096 36 | mov rdx, PROT_READ 37 | mov r10, MAP_PRIVATE 38 | mov r8, [fd] 39 | mov r9, 0 40 | syscall 41 | 42 | mov rdi, rax 43 | 44 | mov rax, 28 ; sys_madvise 45 | mov rsi, 4096 46 | mov rdx, MADV_DONTNEED 47 | syscall 48 | 49 | mov rax, 60 ; sys_exit 50 | mov rdi, 0 51 | syscall 52 | 53 | section .data 54 | filename db '/etc/passwd',0 55 | 56 | section .bss 57 | fd resb 1 58 | -------------------------------------------------------------------------------- /syscalls/linux/029_sys_shmget/sys_shmget.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_shmget example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_shmget.o sys_shmget.asm 7 | ; ld sys_shmget.o -o sys_shmget 8 | 9 | BITS 64 10 | 11 | %define IPC_PRIVATE 00000000o 12 | %define IPC_CREAT 00001000o 13 | %define IPC_EXCL 00002000o 14 | %define IPC_NOWAIT 00004000o 15 | 16 | global _start 17 | _start: 18 | mov rax, 29 ; sys_shmget 19 | mov rdi, IPC_PRIVATE 20 | mov rsi, 8192 21 | mov rdx, IPC_CREAT|0666o 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | mov rdi, 0 26 | syscall 27 | -------------------------------------------------------------------------------- /syscalls/linux/030_sys_shmat/sys_shmat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_shmat example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_shmat.o sys_shmat.asm 7 | ; ld sys_shmat.o -o sys_shmat 8 | 9 | BITS 64 10 | 11 | %define SHM_RDONLY 010000o 12 | %define SHM_RND 020000o 13 | %define SHM_REMAP 040000o 14 | %define SHM_EXEC 0100000o 15 | 16 | ; sys_shmget 17 | %define IPC_PRIVATE 00000000o 18 | %define IPC_CREAT 00001000o 19 | %define IPC_EXCL 00002000o 20 | %define IPC_NOWAIT 00004000o 21 | 22 | global _start 23 | _start: 24 | mov rax, 29 ; sys_shmget 25 | mov rdi, IPC_PRIVATE 26 | mov rsi, 8192 27 | mov rdx, IPC_CREAT|0666o 28 | syscall 29 | 30 | mov rdi, rax 31 | 32 | mov rax, 30 ; sys_shmat 33 | mov rsi, 0 ; NULL to let system place it 34 | mov rdx, SHM_EXEC 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | mov rdi, 0 39 | syscall 40 | -------------------------------------------------------------------------------- /syscalls/linux/031_sys_shmctl/sys_shmctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_shmctl example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_shmctl.o sys_shmctl.asm 7 | ; ld sys_shmctl.o -o sys_shmctl 8 | 9 | BITS 64 10 | 11 | struc shmid_ds 12 | .shm_perm resb 48 ; struct ipc_perm.. 13 | .shm_segsz resq 1 14 | .shm_atime resq 1 15 | .shm_dtime resq 1 16 | .shm_ctime resq 1 17 | .shm_cpid resd 1 18 | .shm_lpid resd 1 19 | .shm_natt resq 1 20 | endstruc 21 | 22 | %define IPC_RMID 0 23 | %define IPC_SET 1 24 | %define IPC_STAT 2 25 | %define IPC_INFO 3 26 | 27 | ; sys_shmget 28 | %define IPC_PRIVATE 00000000o 29 | %define IPC_CREAT 00001000o 30 | %define IPC_EXCL 00002000o 31 | %define IPC_NOWAIT 00004000o 32 | 33 | global _start 34 | _start: 35 | mov rax, 29 ; sys_shmget 36 | mov rdi, IPC_PRIVATE 37 | mov rsi, 8192 38 | mov rdx, IPC_CREAT|0666o 39 | syscall 40 | 41 | mov rdi, rax 42 | 43 | mov rax, 31 ; sys_shmctl 44 | mov rsi, IPC_INFO 45 | mov rdx, shmidii 46 | syscall 47 | 48 | mov rax, 60 ; sys_exit 49 | mov rdi, 0 50 | syscall 51 | 52 | section .bss 53 | shmidii resb shmid_ds_size 54 | -------------------------------------------------------------------------------- /syscalls/linux/032_sys_dup/sys_dup.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_dup example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_dup.o sys_dup.asm 7 | ; ld sys_dup.o -o sys_dup 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 32 ; sys_dup 15 | mov rdi, 0 ; old fd 16 | syscall 17 | 18 | mov rdi, rax 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | 23 | -------------------------------------------------------------------------------- /syscalls/linux/033_sys_dup2/sys_dup2.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_dup2 example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_dup2.o sys_dup2.asm 7 | ; ld sys_dup2.o -o sys_dup2 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 33 ; sys_dup2 15 | mov rdi, 0 ; old fd 16 | mov rsi, 13 ; new fd 17 | syscall 18 | 19 | mov rdi, rax 20 | 21 | mov rax, 60 ; sys_exit 22 | syscall 23 | 24 | -------------------------------------------------------------------------------- /syscalls/linux/034_sys_pause/sys_pause.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_pause example 4 | ; 5 | ; pause and wait for some signal 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_pause.o sys_pause.asm 9 | ; ld sys_pause.o -o sys_pause 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | mov rax, 34 ; sys_pause 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/035_sys_nanosleep/sys_nanosleep.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_nanosleep example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_nanosleep.o sys_nanosleep.asm 7 | ; ld sys_nanosleep.o -o sys_nanosleep 8 | 9 | BITS 64 10 | 11 | struc timespec 12 | .tv_sec resq 1 13 | .tv_nsec resq 1 14 | endstruc 15 | 16 | global _start 17 | _start: 18 | mov qword [timez + timespec.tv_sec], 5 19 | mov qword [timez + timespec.tv_nsec], 150 20 | 21 | mov rax, 35 ; sys_nanosleep 22 | mov rdi, timez 23 | mov rsi, 0 ; NULL or some timespc space 24 | syscall 25 | 26 | mov rax, 60 ; sys_exit 27 | mov rdi, 0 28 | syscall 29 | 30 | section .bss 31 | timez resb timespec_size 32 | -------------------------------------------------------------------------------- /syscalls/linux/036_sys_getitimer/sys_getitimer.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getitimer example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getitimer.o sys_getitimer.asm 7 | ; ld sys_getitimer.o -o sys_getitimer 8 | 9 | BITS 64 10 | 11 | struc itimerval 12 | it_interval resq 2 13 | it_value resq 2 14 | endstruc 15 | 16 | %define ITIMER_REAL 0 17 | %define ITIMER_VIRTUAL 1 18 | %define ITIMER_PROF 2 19 | 20 | global _start 21 | _start: 22 | mov rax, 36 ; sys_getitimer 23 | mov rdi, ITIMER_REAL 24 | mov rsi, curr_timr 25 | syscall 26 | 27 | mov rax, 60 ; sys_exit 28 | mov rdi, 0 29 | syscall 30 | 31 | section .bss 32 | curr_timr resb itimerval_size 33 | -------------------------------------------------------------------------------- /syscalls/linux/037_sys_alarm/sys_alarm.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_alarm example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_alarm.o sys_alarm.asm 7 | ; ld sys_alarm.o -o sys_alarm 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 37 ; sys_alarm 14 | mov rdi, 3 15 | syscall 16 | 17 | mov rax, 34 ; sys_pause 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | -------------------------------------------------------------------------------- /syscalls/linux/038_sys_setitimer/sys_setitimer.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setitimer example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setitimer.o sys_setitimer.asm 7 | ; ld sys_setitimer.o -o sys_setitimer 8 | 9 | BITS 64 10 | 11 | struc itimerval 12 | it_interval resq 2 13 | it_value resq 2 14 | endstruc 15 | 16 | %define ITIMER_REAL 0 17 | %define ITIMER_VIRTUAL 1 18 | %define ITIMER_PROF 2 19 | 20 | global _start 21 | _start: 22 | mov qword [my_timr + it_interval], 2 23 | 24 | mov rax, 38 ; sys_setitimer 25 | mov rdi, ITIMER_REAL 26 | mov rsi, my_timr 27 | mov rdx, 0 28 | syscall 29 | 30 | mov rax, 60 ; sys_exit 31 | mov rdi, 0 32 | syscall 33 | 34 | section .bss 35 | my_timr resb itimerval_size 36 | -------------------------------------------------------------------------------- /syscalls/linux/039_sys_getpid/sys_getpid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getpid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getpid.o sys_getpid.asm 7 | ; ld sys_getpid.o -o sys_getpid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 39 ; sys_getpid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/040_sys_sendfile/sys_sendfile.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sendfile example 4 | ; 5 | ; copy some data between fds within the kernel 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_sendfile.o sys_sendfile.asm 9 | ; ld sys_sendfile.o -o sys_sendfile 10 | 11 | BITS 64 12 | 13 | ; sys_open 14 | %define O_RDONLY 0 15 | %define O_WRONLY 1 16 | %define O_RDWR 2 17 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 18 | 19 | global _start 20 | _start: 21 | mov rax, 2 ; sys_open 22 | mov rdi, filename0 23 | mov rsi, O_RDONLY 24 | syscall 25 | 26 | mov [fd0], rax 27 | 28 | mov rax, 2 ; sys_open 29 | mov rdi, filename1 30 | mov rsi, O_MODES 31 | mov rdx, 0666o 32 | syscall 33 | 34 | mov [fd1], rax 35 | 36 | mov rax, 40 ; sys_sendfile 37 | mov rdi, [fd1] 38 | mov rsi, [fd0] 39 | mov rdx, 0 ; offset 40 | mov r10, 128 ; count 41 | syscall 42 | 43 | mov rax, 60 ; sys_exit 44 | syscall 45 | 46 | section .data 47 | filename0 db '/etc/passwd',0 48 | filename1 db '/tmp/mungoo',0 49 | 50 | section .bss 51 | fd0 resq 1 52 | fd1 resq 1 53 | -------------------------------------------------------------------------------- /syscalls/linux/041_sys_socket/sys_socket.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_socket example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_socket.o sys_socket.asm 7 | ; ld sys_socket.o -o sys_socket 8 | 9 | BITS 64 10 | 11 | %define AF_UNIX 1 12 | %define AF_LOCAL AF_UNIX 13 | %define AF_INET 2 14 | %define AF_INET6 10 15 | %define AF_NETLINK 16 16 | %define AF_PACKET 17 17 | %define AF_BLUETOOTH 31 18 | 19 | %define SOCK_STREAM 1 20 | %define SOCK_DGRAM 2 21 | %define SOCK_RAW 3 22 | %define SOCK_RDM 4 23 | %define SOCK_SEQPACKET 5 24 | %define SOCK_PACKET 10 25 | 26 | global _start 27 | _start: 28 | mov rax, 41 ; sys_socket 29 | mov rdi, AF_INET 30 | mov rsi, SOCK_STREAM 31 | mov rdx, 0 32 | syscall 33 | 34 | mov rax, 60 ; sys_exit 35 | mov rdi, 0 36 | syscall 37 | 38 | -------------------------------------------------------------------------------- /syscalls/linux/042_sys_connect/sys_connect.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_connect example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_connect.o sys_connect.asm 7 | ; ld sys_connect.o -o sys_connect 8 | 9 | BITS 64 10 | 11 | %define htons(x) ((x >> 8) & 0xFF) | ((x & 0xFF) << 8) 12 | 13 | struc sockaddr_in 14 | .sin_family resw 1 15 | .sin_port resw 1 ; __be16 16 | .sin_addr resd 1 17 | .padding resq 1 18 | endstruc 19 | 20 | ; sys_socket 21 | %define AF_INET 2 22 | %define SOCK_STREAM 1 23 | 24 | global _start 25 | _start: 26 | mov rax, 41 ; sys_socket 27 | mov rdi, AF_INET 28 | mov rsi, SOCK_STREAM 29 | mov rdx, 0 30 | syscall 31 | 32 | mov rdi, rax 33 | 34 | mov word [socket2me + sockaddr_in.sin_family], AF_INET 35 | mov word [socket2me + sockaddr_in.sin_port], htons(80) 36 | mov dword [socket2me + sockaddr_in.sin_addr], 0x0A00000A 37 | 38 | mov rax, 42 ; sys_connect 39 | mov rsi, socket2me 40 | mov rdx, 16 41 | syscall 42 | 43 | mov rax, 60 ; sys_exit 44 | mov rdi, 0 45 | syscall 46 | 47 | section .bss 48 | socket2me resb sockaddr_in_size 49 | -------------------------------------------------------------------------------- /syscalls/linux/049_sys_bind/sys_bind.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_bind example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_bind.o sys_bind.asm 7 | ; ld sys_bind.o -o sys_bind 8 | 9 | BITS 64 10 | 11 | %define htons(x) ((x >> 8) & 0xFF) | ((x & 0xFF) << 8) 12 | 13 | %define INADDR_ANY 0 14 | 15 | struc sockaddr_in 16 | .sin_family resw 1 17 | .sin_port resw 1 18 | .sin_addr resd 1 19 | .padding resq 1 20 | endstruc 21 | 22 | ; sys_socket 23 | %define AF_INET 2 24 | %define SOCK_STREAM 1 25 | 26 | global _start 27 | _start: 28 | mov rax, 41 ; sys_socket 29 | mov rdi, AF_INET 30 | mov rsi, SOCK_STREAM 31 | mov rdx, 0 32 | syscall 33 | 34 | mov rdi, rax 35 | 36 | mov word [socket2me + sockaddr_in.sin_family], AF_INET 37 | mov word [socket2me + sockaddr_in.sin_port], htons(8888) 38 | mov dword [socket2me + sockaddr_in.sin_addr], INADDR_ANY 39 | 40 | mov rax, 49 ; sys_bind 41 | mov rsi, socket2me 42 | mov rdx, 16 43 | syscall 44 | 45 | mov rax, 60 ; sys_exit 46 | mov rdi, 0 47 | syscall 48 | 49 | section .bss 50 | socket2me resb sockaddr_in_size 51 | -------------------------------------------------------------------------------- /syscalls/linux/050_sys_listen/sys_listen.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_listen example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_listen.o sys_listen.asm 7 | ; ld sys_listen.o -o sys_listen 8 | 9 | BITS 64 10 | 11 | %define htons(x) ((x >> 8) & 0xFF) | ((x & 0xFF) << 8) 12 | 13 | %define INADDR_ANY 0 14 | 15 | struc sockaddr_in 16 | .sin_family resw 1 17 | .sin_port resw 1 18 | .sin_addr resd 1 19 | .padding resq 1 20 | endstruc 21 | 22 | ; sys_socket 23 | %define AF_INET 2 24 | %define SOCK_STREAM 1 25 | 26 | global _start 27 | _start: 28 | mov rax, 41 ; sys_socket 29 | mov rdi, AF_INET 30 | mov rsi, SOCK_STREAM 31 | mov rdx, 0 32 | syscall 33 | 34 | mov [sfd], rax 35 | 36 | mov word [socket2me + sockaddr_in.sin_family], AF_INET 37 | mov word [socket2me + sockaddr_in.sin_port], htons(8888) 38 | mov dword [socket2me + sockaddr_in.sin_addr], INADDR_ANY 39 | 40 | mov rax, 49 ; sys_bind 41 | mov rdi, [sfd] 42 | mov rsi, socket2me 43 | mov rdx, 16 44 | syscall 45 | 46 | mov rax, 50 ; sys_listen 47 | mov rdi, [sfd] 48 | mov rsi, 10 49 | syscall 50 | 51 | mov rax, 60 ; sys_exit 52 | mov rdi, 0 53 | syscall 54 | 55 | section .bss 56 | sfd resq 1 57 | socket2me resb sockaddr_in_size 58 | -------------------------------------------------------------------------------- /syscalls/linux/059_sys_execve/sys_execve.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_execve example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_execve.o sys_execve.asm 7 | ; ld sys_execve.o -o sys_execve 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 59 ; sys_execve 15 | mov rdi, cmd 16 | mov [arg], rdi ; argv0 cmd name 17 | mov rbx, av1 18 | mov [arg+8], rbx 19 | mov rsi, arg 20 | mov rdx, 0 ; envp (null) 21 | syscall 22 | 23 | mov rax, 60 ; sys_exit 24 | syscall 25 | 26 | section .data 27 | cmd db '/bin/echo',0 28 | av1 db 'hiya mateys',0 29 | 30 | section .bss 31 | arg resq 8 32 | -------------------------------------------------------------------------------- /syscalls/linux/060_sys_exit/sys_exit.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_exit example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_exit.o sys_exit.asm 7 | ; ld sys_exit.o -o sys_exit 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 60 ; sys_exit 15 | mov rdi, 0 16 | syscall 17 | -------------------------------------------------------------------------------- /syscalls/linux/062_sys_kill/sys_kill.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_kill example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_kill.o sys_kill.asm 7 | ; ld sys_kill.o -o sys_kill 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 62 ; sys_kill 14 | mov rdi, 1234 15 | mov rsi, 9 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/063_sys_uname/sys_uname.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_uname example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_uname.o sys_uname.asm 7 | ; ld sys_uname.o -o sys_uname 8 | 9 | BITS 64 10 | 11 | ; read the man page for some stuff about this 12 | ; structure.. 65 bytes is the Linux version 13 | ; but other operating systems may size this 14 | ; differently.. 15 | struc utsname 16 | .sysname resb 65 17 | .nodename resb 65 18 | .release resb 65 19 | .version resb 65 20 | .machine resb 65 21 | .domainn resb 65 22 | endstruc 23 | 24 | global _start 25 | _start: 26 | mov rax, 63 ; sys_uname 27 | mov rdi, utsstruct 28 | syscall 29 | 30 | mov rax, 60 ; sys_exit 31 | mov rdi, 0 32 | syscall 33 | 34 | section .bss 35 | utsstruct resb utsname_size 36 | -------------------------------------------------------------------------------- /syscalls/linux/064_sys_semget/sys_semget.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_semget example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_semget.o sys_semget.asm 7 | ; ld sys_semget.o -o sys_semget 8 | 9 | BITS 64 10 | 11 | %define IPC_PRIVATE 0 12 | %define IPC_CREAT 01000o 13 | %define IPC_EXCL 02000o 14 | %define IPC_NOWAIT 04000o 15 | 16 | global _start 17 | _start: 18 | mov rax, 64 ; sys_semget 19 | mov rdi, 1056 ; key_t key or IPC_PRIVATE 20 | mov rsi, 1 21 | mov rdx, IPC_CREAT|0666o 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | mov rdi, 0 26 | syscall 27 | -------------------------------------------------------------------------------- /syscalls/linux/065_sys_semop/sys_semop.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_semop example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_semop.o sys_semop.asm 7 | ; ld sys_semop.o -o sys_semop 8 | 9 | BITS 64 10 | 11 | struc sembuf 12 | .sem_num resw 1 13 | .sem_op resw 1 14 | .sem_flg resw 1 15 | endstruc 16 | 17 | ; sys_semget 18 | %define IPC_PRIVATE 0 19 | %define IPC_CREAT 01000o 20 | %define IPC_EXCL 02000o 21 | %define IPC_NOWAIT 04000o 22 | 23 | global _start 24 | _start: 25 | mov rax, 64 ; sys_semget 26 | mov rdi, 1066 27 | mov rsi, 3 28 | mov rdx, IPC_CREAT|666o 29 | syscall 30 | 31 | mov rdi, rax 32 | 33 | mov word [semzops + sembuf.sem_num], 2 34 | mov word [semzops + sembuf.sem_op], 0 35 | mov word [semzops + sembuf.sem_flg], 0 36 | 37 | mov rax, 65 ; sys_semop 38 | mov rsi, semzops 39 | mov rdx, 1 40 | syscall 41 | 42 | mov rax, 60 ; sys_exit 43 | mov rdi, 0 44 | syscall 45 | 46 | section .bss 47 | semzops resb sembuf_size 48 | -------------------------------------------------------------------------------- /syscalls/linux/066_sys_semctl/sys_semctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_semctl example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_semctl.o sys_semctl.asm 7 | ; ld sys_semctl.o -o sys_semctl 8 | 9 | BITS 64 10 | 11 | %define IPC_RMID 0 12 | %define IPC_SET 1 13 | %define IPC_STAT 2 14 | %define IPC_INFO 3 15 | 16 | ; sys_semget 17 | %define IPC_PRIVATE 0 18 | %define IPC_CREAT 01000o 19 | %define IPC_EXCL 02000o 20 | %define IPC_NOWAIT 04000o 21 | 22 | global _start 23 | _start: 24 | mov rax, 64 ; sys_semget 25 | mov rdi, 1076 26 | mov rsi, 4 27 | mov rdx, IPC_CREAT|0666o 28 | syscall 29 | 30 | mov rdi, rax 31 | 32 | mov rax, 66 ; sys_semctl 33 | mov rsi, IPC_RMID 34 | mov rdx, 0 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | mov rdi, 0 39 | syscall 40 | -------------------------------------------------------------------------------- /syscalls/linux/067_sys_shmdt/sys_shmdt.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_shmdt example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_shmdt.o sys_shmdt.asm 7 | ; ld sys_shmdt.o -o sys_shmdt 8 | 9 | BITS 64 10 | 11 | ; sys_shmat 12 | %define SHM_RDONLY 010000o 13 | %define SHM_RND 020000o 14 | %define SHM_REMAP 040000o 15 | %define SHM_EXEC 0100000o 16 | 17 | ; sys_shmget 18 | %define IPC_PRIVATE 00000000o 19 | %define IPC_CREAT 00001000o 20 | %define IPC_EXCL 00002000o 21 | %define IPC_NOWAIT 00004000o 22 | 23 | global _start 24 | _start: 25 | mov rax, 29 ; sys_shmget 26 | mov rdi, IPC_PRIVATE 27 | mov rsi, 8192 28 | mov rdx, IPC_CREAT|0666o 29 | syscall 30 | 31 | mov rdi, rax 32 | 33 | mov rax, 30 ; sys_shmat 34 | mov rsi, 0 35 | mov rdx, SHM_EXEC 36 | syscall 37 | 38 | mov rdi, rax 39 | 40 | mov rax, 67 ; sys_shmdt 41 | syscall 42 | 43 | mov rax, 60 ; sys_exit 44 | mov rdi, 0 45 | syscall 46 | -------------------------------------------------------------------------------- /syscalls/linux/068_sys_msgget/sys_msgget.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_msgget example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_msgget.o sys_msgget.asm 7 | ; ld sys_msgget.o -o sys_msgget 8 | 9 | BITS 64 10 | 11 | %define IPC_PRIVATE 0 12 | 13 | %define IPC_CREAT 01000o 14 | %define IPC_EXCL 02000o 15 | %define IPC_NOWAIT 04000o 16 | 17 | global _start 18 | _start: 19 | mov rax, 68 ; sys_msgget 20 | mov rdi, IPC_PRIVATE 21 | mov rsi, (IPC_CREAT|0666o) 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | mov rdi, 0 26 | syscall 27 | -------------------------------------------------------------------------------- /syscalls/linux/069_sys_msgsnd/sys_msgsnd.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_msgsnd example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_msgsnd.o sys_msgsnd.asm 7 | ; ld sys_msgsnd.o -o sys_msgsnd 8 | 9 | BITS 64 10 | 11 | %define IPC_NOWAIT 04000o 12 | 13 | struc msgbuf 14 | .mtype resq 1 15 | .mtext resb 128 ; which is to say msgsz 16 | endstruc 17 | 18 | ; sys_msgget 19 | %define IPC_PRIVATE 0 20 | %define IPC_CREAT 01000o 21 | 22 | global _start 23 | _start: 24 | mov rax, 68 ; sys_msgget 25 | mov rdi, IPC_PRIVATE 26 | mov rsi, (IPC_CREAT|0666o) 27 | syscall 28 | 29 | mov [qid], rax 30 | 31 | mov qword [msgs + msgbuf.mtype], 1 32 | mov rbx, msgs + msgbuf.mtext 33 | mov rcx, msg 34 | gain: 35 | mov rax, [rcx] 36 | mov [rbx], rax 37 | add rax, 8 38 | add rbx, 8 39 | add rcx, 8 40 | cmp rbx, msgs + msgbuf.mtext + len 41 | jl gain 42 | 43 | mov rax, 69 ; sys_msgsnd 44 | mov rdi, [qid] 45 | mov rsi, msgs 46 | mov rdx, len 47 | mov r10, IPC_NOWAIT 48 | syscall 49 | 50 | mov rax, 60 ; sys_exit 51 | mov rdi, 0 52 | syscall 53 | 54 | section .data 55 | msg db 'abcdefghijklmnopqrstuvwxyz' 56 | len equ $-msg 57 | 58 | section .bss 59 | msgs resb msgbuf_size 60 | qid resq 1 61 | -------------------------------------------------------------------------------- /syscalls/linux/070_sys_msgrcv/sys_msgrcv.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_msgsnd example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_msgsnd.o sys_msgsnd.asm 7 | ; ld sys_msgsnd.o -o sys_msgsnd 8 | 9 | BITS 64 10 | 11 | %define IPC_NOWAIT 04000o 12 | 13 | struc msgbuf 14 | .mtype resq 1 15 | .mtext resb 128 ; which is to say msgsz 16 | endstruc 17 | 18 | ; sys_msgget 19 | %define IPC_PRIVATE 0 20 | %define IPC_CREAT 01000o 21 | 22 | global _start 23 | _start: 24 | mov rax, 68 ; sys_msgget 25 | mov rdi, IPC_PRIVATE 26 | mov rsi, (IPC_CREAT|0666o) 27 | syscall 28 | 29 | mov [qid], rax 30 | 31 | mov qword [msgs + msgbuf.mtype], 1 32 | mov rbx, msgs + msgbuf.mtext 33 | mov rcx, msg 34 | gain: 35 | mov rax, [rcx] 36 | mov [rbx], rax 37 | add rax, 8 38 | add rbx, 8 39 | add rcx, 8 40 | cmp rbx, msgs + msgbuf.mtext + len 41 | jl gain 42 | 43 | mov rax, 69 ; sys_msgsnd 44 | mov rdi, [qid] 45 | mov rsi, msgs 46 | mov rdx, len 47 | mov r10, IPC_NOWAIT 48 | syscall 49 | 50 | mov rax, 70 ; sys_msgrcv 51 | mov rdi, [qid] 52 | mov rsi, msgr 53 | mov rdx, len 54 | mov r10, 1 55 | mov r8, IPC_NOWAIT 56 | syscall 57 | 58 | mov rax, 60 ; sys_exit 59 | mov rdi, 0 60 | syscall 61 | 62 | section .data 63 | msg db 'abcdefghijklmnopqrstuvwxyz' 64 | len equ $-msg 65 | 66 | section .bss 67 | msgs resb msgbuf_size 68 | msgr resb msgbuf_size 69 | qid resq 1 70 | 71 | -------------------------------------------------------------------------------- /syscalls/linux/071_sys_msgctl/sys_msgctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_msgctl example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_msgctl.o sys_msgctl.asm 7 | ; ld sys_msgctl.o -o sys_msgctl 8 | 9 | BITS 64 10 | 11 | %define IPC_NOWAIT 04000o 12 | %define IPC_RMID 0 13 | %define IPC_SET 1 14 | %define IPC_STAT 2 15 | %define IPC_INFO 3 16 | 17 | struc msqid_ds 18 | .msg_perm resb 48 19 | .msg_stime resq 1 20 | .msg_rtime resq 1 21 | .msg_ctime resq 1 22 | .msg_cbytes resq 1 23 | .msg_qnum resq 1 24 | .msg_qbytes resq 1 25 | .msg_lspid resd 1 26 | .msg_lrpid resd 1 27 | endstruc 28 | 29 | ; sys_msgget 30 | %define IPC_PRIVATE 0 31 | %define IPC_CREAT 01000o 32 | 33 | global _start 34 | _start: 35 | mov rax, 68 ; sys_msgget 36 | mov rdi, IPC_PRIVATE 37 | mov rsi, (IPC_CREAT|0666o) 38 | syscall 39 | 40 | mov rdi, rax 41 | 42 | mov rax, 71 ; sys_msgctl 43 | mov rsi, IPC_STAT 44 | mov rdx, msqd 45 | syscall 46 | 47 | mov rax, 60 ; sys_exit 48 | mov rdi, 0 49 | syscall 50 | 51 | section .bss 52 | msqd resb msqid_ds_size 53 | -------------------------------------------------------------------------------- /syscalls/linux/074_sys_fsync/sys_fsync.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fsync example 4 | ; 5 | ; synchronise a file with the storage device 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_fsync.o sys_fsync.asm 9 | ; ld sys_fsync.o -o sys_fsync 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | 18 | mov rax, 2 ; sys_open 19 | mov rdi, filename 20 | mov rsi, O_MODES 21 | mov rdx, 0666o 22 | syscall 23 | 24 | mov [fd], rax 25 | 26 | mov rax, 1 ; sys_write 27 | mov rdi, [fd] 28 | mov rsi, somedata 29 | mov rdx, 26 30 | syscall 31 | 32 | mov rax, 74 ; sys_fsync 33 | mov rdi, [fd] 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | syscall 38 | 39 | section .data 40 | filename db '/tmp/tebahpla',0 41 | somedata db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 42 | 43 | section .bss 44 | fd resb 1 45 | -------------------------------------------------------------------------------- /syscalls/linux/075_sys_fdatasync/sys_fdatasync.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fdatasync example 4 | ; 5 | ; synchronise a file with the storage device 6 | ; (significant changes only - e.g size change) 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_fdatasync.o sys_fdatasync.asm 10 | ; ld sys_fdatasync.o -o sys_fdatasync 11 | 12 | BITS 64 13 | 14 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 15 | 16 | global _start 17 | _start: 18 | 19 | mov rax, 2 ; sys_open 20 | mov rdi, filename 21 | mov rsi, O_MODES 22 | mov rdx, 0644o 23 | syscall 24 | 25 | mov [fd], rax 26 | 27 | mov rax, 1 ; sys_write 28 | mov rdi, [fd] 29 | mov rsi, somedata 30 | mov rdx, 27 31 | syscall 32 | 33 | mov rax, 75 ; sys_fdatasync 34 | mov rdi, [fd] 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | syscall 39 | 40 | section .data 41 | filename db '/tmp/alpha0',0 42 | somedata db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0' 43 | 44 | section .bss 45 | fd resb 1 46 | -------------------------------------------------------------------------------- /syscalls/linux/076_sys_truncate/sys_truncate.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_truncate example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_truncate.o sys_truncate.asm 7 | ; ld sys_truncate.o -o sys_truncate 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_FLAGS 0x42 13 | 14 | global _start 15 | _start: 16 | mov rax, 2 ; sys_open 17 | mov rdi, filename 18 | mov rsi, O_FLAGS 19 | mov rdx, 755o 20 | syscall 21 | 22 | mov rax, 76 ; sys_truncate 23 | mov rdi, filename 24 | mov rsi, 1024 25 | syscall 26 | 27 | mov rax, 60 ; sys_exit 28 | mov rdi, 0 29 | syscall 30 | 31 | section .data 32 | filename db '/tmp/squeaker',0 33 | -------------------------------------------------------------------------------- /syscalls/linux/077_sys_ftruncate/sys_ftruncate.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_ftruncate example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_ftruncate.o sys_ftruncate.asm 7 | ; ld sys_ftruncate.o -o sys_ftruncate 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_FLAGS 0x42 13 | 14 | global _start 15 | _start: 16 | mov rax, 2 ; sys_open 17 | mov rdi, filename 18 | mov rsi, O_FLAGS 19 | mov rdx, 755o 20 | syscall 21 | 22 | mov rdi, rax 23 | 24 | mov rax, 77 ; sys_ftruncate 25 | mov rsi, 1024 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .data 33 | filename db '/tmp/squawker',0 34 | -------------------------------------------------------------------------------- /syscalls/linux/078_sys_getdents/sys_getdents.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getdents example 4 | ; 5 | ; fills a buffer with a number of the struct linux_dirent.. 6 | ; 7 | ; struct linux_dirent { 8 | ; unsigned long d_ino; /* Inode number */ 9 | ; unsigned long d_off; /* Offset to next linux_dirent */ 10 | ; unsigned short d_reclen; /* Length of this linux_dirent */ 11 | ; char d_name[]; /* Filename (null-terminated) */ 12 | ; /* length is actually (d_reclen - 2 - 13 | ; offsetof(struct linux_dirent, d_name)) */ 14 | ; /* 15 | ; char pad; // Zero padding byte 16 | ; char d_type; // File type (only since Linux 17 | ; // 2.6.4); offset is (d_reclen - 1) 18 | ; */ 19 | ; } 20 | ; 21 | ; assemble with: 22 | ; nasm -f elf64 -o sys_getdents.o sys_getdents.asm 23 | ; ld sys_getdents.o -o sys_getdents 24 | 25 | BITS 64 26 | 27 | ; sys_open 28 | %define O_RDONLY 0 29 | 30 | global _start 31 | _start: 32 | mov rax, 2 ; sys_open 33 | mov rdi, dir 34 | mov rsi, O_RDONLY 35 | syscall 36 | 37 | mov rdi, rax 38 | 39 | mov rax, 78 ; sys_getdents 40 | mov rsi, dirents 41 | mov rdx, 4096 42 | syscall 43 | 44 | mov rax, 60 ; sys_exit 45 | mov rdi, 0 46 | syscall 47 | 48 | section .data 49 | dir db '/bin',0 50 | 51 | section .bss 52 | dirents resb 4096 53 | -------------------------------------------------------------------------------- /syscalls/linux/079_sys_getcwd/sys_getcwd.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getcwd example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getcwd.o sys_getcwd.asm 7 | ; ld sys_getcwd.o -o sys_getcwd 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 79 ; sys_getcwd 14 | mov rdi, string ; buffer to store result 15 | mov rsi, 4096 ; length 16 | syscall 17 | 18 | mov rax, 1 ; sys_write 19 | mov rdi, 1 20 | mov rsi, string 21 | mov rdx, 4096 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | syscall 26 | 27 | section .bss 28 | string resb 4096 29 | -------------------------------------------------------------------------------- /syscalls/linux/080_sys_chdir/sys_chdir.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_chdir example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_chdir.o sys_chdir.asm 7 | ; ld sys_chdir.o -o sys_chdir 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 80 ; sys_chdir 15 | mov rdi, pathname 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | 22 | section .data 23 | pathname db '/tmp',0 24 | -------------------------------------------------------------------------------- /syscalls/linux/081_sys_fchdir/sys_fchdir.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fchdir example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fchdir.o sys_fchdir.asm 7 | ; ld sys_fchdir.o -o sys_fchdir 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_RDONLY 0 13 | %define O_WRONLY 1 14 | %define O_RDWR 2 15 | 16 | global _start 17 | _start: 18 | mov rax, 2 ; sys_open 19 | mov rdi, pathname 20 | mov rsi, O_RDONLY 21 | syscall 22 | 23 | mov rdi, rax 24 | 25 | mov rax, 81 ; sys_fchdir 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .data 33 | pathname db '/tmp',0 34 | -------------------------------------------------------------------------------- /syscalls/linux/082_sys_rename/sys_rename.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_rename example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_rename.o sys_rename.asm 7 | ; ld sys_rename.o -o sys_rename 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename1 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov rax, 82 ; sys_rename 22 | mov rdi, filename1 23 | mov rsi, filename2 24 | syscall 25 | 26 | mov rax, 60 ; sys_exit 27 | mov rdi, 0 28 | syscall 29 | 30 | section .data 31 | filename1 db '/tmp/olleh',0 32 | filename2 db '/tmp/dlrow',0 33 | -------------------------------------------------------------------------------- /syscalls/linux/083_sys_mkdir/sys_mkdir.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mkdir example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_mkdir.o sys_mkdir.asm 7 | ; ld sys_mkdir.o -o sys_mkdir 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 83 ; sys_mkdir 14 | mov rdi, pathname 15 | mov rsi, 0777o ; mode (octal) 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | syscall 20 | 21 | section .data 22 | pathname db '/tmp/dlrow-olleh',0 23 | -------------------------------------------------------------------------------- /syscalls/linux/084_sys_rmdir/sys_rmdir.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_rmdir example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_rmdir.o sys_rmdir.asm 7 | ; ld sys_rmdir.o -o sys_rmdir 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 83 ; sys_mkdir 14 | mov rdi, pathname 15 | mov rsi, 0777o ; mode (octal) 16 | syscall 17 | 18 | mov rax, 84 ; sys_rmdir 19 | mov rdi, pathname 20 | syscall 21 | 22 | mov rax, 60 ; sys_exit 23 | syscall 24 | 25 | section .data 26 | pathname db '/tmp/tmptmp',0 27 | -------------------------------------------------------------------------------- /syscalls/linux/085_sys_creat/sys_creat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_creat example 4 | ; 5 | ; sys_creat is like open with flags set as 6 | ; O_CREAT|O_WRONLY|O_TRUNC 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_creat.o sys_creat.asm 10 | ; ld sys_creat.o -o sys_creat 11 | 12 | BITS 64 13 | 14 | global _start 15 | _start: 16 | mov rax, 85 ; sys_creat 17 | mov rdi, filename 18 | mov rsi, 0644o ; mode (octal) 19 | syscall 20 | 21 | mov rax, 60 ; sys_exit 22 | syscall 23 | 24 | section .data 25 | filename db '/tmp/something',0 26 | -------------------------------------------------------------------------------- /syscalls/linux/086_sys_link/sys_link.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_link example 4 | ; 5 | ; create a hard link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_link.o sys_link.asm 9 | ; ld sys_link.o -o sys_link 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 86 ; sys_link 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .data 33 | filename1 db '/tmp/real-life',0 34 | filename2 db '/tmp/just-fantasy',0 35 | -------------------------------------------------------------------------------- /syscalls/linux/087_sys_unlink/sys_unlink.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_unlink example 4 | ; 5 | ; unlink a file and maybe delete it 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_unlink.o sys_unlink.asm 9 | ; ld sys_unlink.o -o sys_unlink 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 86 ; sys_link 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 87 ; sys_unlink 29 | mov rdi, filename2 30 | syscall 31 | 32 | mov rax, 60 ; sys_exit 33 | mov rdi, 0 34 | syscall 35 | 36 | section .data 37 | filename1 db '/tmp/real-life',0 38 | filename2 db '/tmp/just-fantasy',0 39 | -------------------------------------------------------------------------------- /syscalls/linux/088_sys_symlink/sys_symlink.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_symlink example 4 | ; 5 | ; create a soft link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_symlink.o sys_symlink.asm 9 | ; ld sys_symlink.o -o sys_symlink 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .data 33 | filename1 db '/tmp/caughtinalandslide',0 34 | filename2 db '/tmp/noescapefrmreality',0 35 | -------------------------------------------------------------------------------- /syscalls/linux/089_sys_readlink/sys_readlink.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_readlink example 4 | ; 5 | ; resolve a symbolic link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_readlink.o sys_readlink.asm 9 | ; ld sys_readlink.o -o sys_readlink 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 89 ; sys_readlink 29 | mov rdi, filename2 30 | mov rsi, rlbuf ; result placed in buffer *not* 31 | mov rdx, 4096 ; including terminating null byte 32 | syscall 33 | 34 | mov rdx, rax ; return is length of result 35 | 36 | mov rax, 1 ; sys_write 37 | mov rdi, 1 38 | mov rsi, rlbuf 39 | syscall 40 | 41 | mov rax, 60 ; sys_exit 42 | mov rdi, 0 43 | syscall 44 | 45 | section .data 46 | filename1 db '/tmp/caughtinalandslide',0 47 | filename2 db '/tmp/noescapefrmreality',0 48 | 49 | section .bss 50 | rlbuf resb 4096 51 | -------------------------------------------------------------------------------- /syscalls/linux/090_sys_chmod/sys_chmod.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_chmod example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_chmod.o sys_chmod.asm 7 | ; ld sys_chmod.o -o sys_chmod 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov rax, 90 ; sys_chmod 22 | mov rdi, filename 23 | mov rsi, 0666o 24 | syscall 25 | 26 | mov rax, 60 ; sys_exit 27 | mov rdi, 0 28 | syscall 29 | 30 | section .data 31 | filename db '/tmp/tmpfile',0 32 | -------------------------------------------------------------------------------- /syscalls/linux/091_sys_fchmod/sys_fchmod.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fchmod example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fchmod.o sys_fchmod.asm 7 | ; ld sys_fchmod.o -o sys_fchmod 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov rdi, rax 22 | 23 | mov rax, 91 ; sys_fchmod 24 | mov rsi, 0666o 25 | syscall 26 | 27 | mov rax, 60 ; sys_exit 28 | mov rdi, 0 29 | syscall 30 | 31 | section .data 32 | filename db '/tmp/filetmp',0 33 | -------------------------------------------------------------------------------- /syscalls/linux/092_sys_chown/sys_chown.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_chown example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_chown.o sys_chown.asm 7 | ; ld sys_chown.o -o sys_chown 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 13 | 14 | global _start 15 | _start: 16 | mov rax, 2 ; sys_open 17 | mov rdi, filename 18 | mov rsi, O_MODES 19 | mov rdx, 0666o 20 | syscall 21 | 22 | mov rax, 92 ; sys_chown 23 | mov rdi, filename 24 | mov rsi, 65535 25 | mov rdx, 65535 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .data 33 | filename db '/tmp/somefile',0 34 | 35 | -------------------------------------------------------------------------------- /syscalls/linux/093_sys_fchown/sys_fchown.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fchown example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fchown.o sys_fchown.asm 7 | ; ld sys_fchown.o -o sys_fchown 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 13 | 14 | global _start 15 | _start: 16 | mov rax, 2 ; sys_open 17 | mov rdi, filename 18 | mov rsi, O_MODES 19 | mov rdx, 0666o 20 | syscall 21 | 22 | mov rdi, rax 23 | 24 | mov rax, 93 ; sys_chown 25 | mov rsi, 65535 26 | mov rdx, 65535 27 | syscall 28 | 29 | mov rax, 60 ; sys_exit 30 | mov rdi, 0 31 | syscall 32 | 33 | section .data 34 | filename db '/tmp/electricmeat',0 35 | 36 | -------------------------------------------------------------------------------- /syscalls/linux/094_sys_lchown/sys_lchown.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lchown example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_lchown.o sys_lchown.asm 7 | ; ld sys_lchown.o -o sys_lchown 8 | 9 | BITS 64 10 | 11 | ; sys_open 12 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 13 | 14 | global _start 15 | _start: 16 | mov rax, 2 ; sys_open 17 | mov rdi, filename1 18 | mov rsi, O_MODES 19 | mov rdx, 0666o 20 | syscall 21 | 22 | mov rax, 88 ; sys_symlink 23 | mov rdi, filename1 24 | mov rsi, filename2 25 | syscall 26 | 27 | mov rax, 94 ; sys_chown 28 | mov rdi, filename2 29 | mov rsi, 65535 30 | mov rdx, 65535 31 | syscall 32 | 33 | mov rax, 60 ; sys_exit 34 | mov rdi, 0 35 | syscall 36 | 37 | section .data 38 | filename1 db '/tmp/electricbeef',0 39 | filename2 db '/tmp/sharporanges',0 40 | 41 | section .bss 42 | fd resq 1 43 | -------------------------------------------------------------------------------- /syscalls/linux/095_sys_umask/sys_umask.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_umask example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_umask.o sys_umask.asm 7 | ; ld sys_umask.o -o sys_umask 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 95 ; sys_umask 14 | mov rdi, 022o 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/096_sys_gettimeofday/sys_gettimeofday.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_gettimeofday example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_gettimeofday.o sys_gettimeofday.asm 7 | ; ld sys_gettimeofday.o -o sys_gettimeofday 8 | 9 | BITS 64 10 | 11 | struc timeval 12 | .tv_sec resq 1 13 | .tv_usec resq 1 14 | endstruc 15 | 16 | global _start 17 | _start: 18 | mov rax, 96 ; sys_gettimeofday 19 | mov rdi, tvstr 20 | mov rsi, 0 ; obsolete timezone field 21 | syscall 22 | 23 | mov rax, 60 ; sys_exit 24 | mov rdi, 0 25 | syscall 26 | 27 | section .bss 28 | tvstr resb timeval_size 29 | -------------------------------------------------------------------------------- /syscalls/linux/097_sys_getrlimit/sys_getrlimit.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getrlimit example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getrlimit.o sys_getrlimit.asm 7 | ; ld sys_getrlimit.o -o sys_getrlimit 8 | 9 | BITS 64 10 | 11 | struc rlimit 12 | .rlim_cur resq 1 13 | .rlim_max resq 1 14 | endstruc 15 | 16 | %define RLIMIT_CPU 0 17 | %define RLIMIT_FSIZE 1 18 | %define RLIMIT_DATA 2 19 | %define RLIMIT_STACK 3 20 | %define RLIMIT_CORE 4 21 | %define RLIMIT_RSS 5 22 | %define RLIMIT_NPROC 6 23 | %define RLIMIT_NOFILE 7 24 | %define RLIMIT_MEMLOCK 8 25 | %define RLIMIT_AS 9 26 | %define RLIMIT_LOCKS 10 27 | %define RLIMIT_SIGPENDING 11 28 | %define RLIMIT_MSGQUEUE 12 29 | %define RLIMIT_NICE 13 30 | %define RLIMIT_RTPRIO 14 31 | %define RLIMIT_RTTIME 15 32 | %define RLIMIT_NLIMITS 16 33 | 34 | global _start 35 | _start: 36 | mov rax, 97 ; sys_getrlimit 37 | mov rdi, RLIMIT_NOFILE 38 | mov rsi, rlimstr 39 | syscall 40 | 41 | mov rax, 60 ; sys_exit 42 | mov rdi, [rlimstr + rlimit.rlim_cur] 43 | syscall 44 | 45 | section .bss 46 | rlimstr resb rlimit_size 47 | 48 | -------------------------------------------------------------------------------- /syscalls/linux/098_sys_getrusage/sys_getrusage.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getrusage example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getrusage.o sys_getrusage.asm 7 | ; ld sys_getrusage.o -o sys_getrusage 8 | 9 | BITS 64 10 | 11 | struc rusage 12 | .ru_utime resq 2 13 | .ru_stime resq 2 14 | .ru_maxrss resq 1 15 | .ru_ixrss resq 1 16 | .ru_idrss resq 1 17 | .ru_isrss resq 1 18 | .ru_minflt resq 1 19 | .ru_majflt resq 1 20 | .ru_nwap resq 1 21 | .ru_inblock resq 1 22 | .ru_oublock resq 1 23 | .ru_msgsend resq 1 24 | .ru_msgrcv resq 1 25 | .ru_nsignals resq 1 26 | .ru_nvcsw resq 1 27 | .ru_nivcsw resq 1 28 | endstruc 29 | 30 | %define RUSAGE_SELF 0 31 | %define RUSAGE_CHILDREN -1 32 | %define RUSAGE_THREAD 1 33 | 34 | global _start 35 | _start: 36 | mov rax, 98 ; sys_rusage 37 | mov rdi, RUSAGE_SELF 38 | mov rsi, rusagestru 39 | syscall 40 | 41 | mov rax, 60 ; sys_exit 42 | mov rdi, [rusagestru + rusage.ru_maxrss] 43 | syscall 44 | 45 | section .bss 46 | rusagestru resb rusage_size 47 | -------------------------------------------------------------------------------- /syscalls/linux/099_sys_sysinfo/sys_sysinfo.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sysinfo example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sysinfo.o sys_sysinfo.asm 7 | ; ld sys_sysinfo.o -o sys_sysinfo 8 | 9 | BITS 64 10 | 11 | struc sysinfo 12 | .uptime resq 1 13 | .loads resq 3 14 | .totalram resq 1 15 | .freeram resq 1 16 | .shareram resq 1 17 | .buffram resq 1 18 | .totswap resq 1 19 | .freeswap resq 1 20 | .procs resw 1 21 | .totlhigh resq 1 22 | .freehigh resq 1 23 | .memunit resw 1 24 | endstruc 25 | 26 | global _start 27 | _start: 28 | 29 | mov rax, 99 ; sys_sysinfo 30 | mov rdi, sysstruc 31 | syscall 32 | 33 | mov rdi, [sysstruc + sysinfo.procs] 34 | 35 | mov rax, 60 ; sys_exit 36 | syscall 37 | 38 | section .bss 39 | sysstruc resb sysinfo_size 40 | -------------------------------------------------------------------------------- /syscalls/linux/100_sys_times/sys_times.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_times example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_times.o sys_times.asm 7 | ; ld sys_times.o -o sys_times 8 | 9 | BITS 64 10 | 11 | struc tms 12 | .tms_utime resq 1 13 | .tms_stime resq 1 14 | .tms_cutime resq 1 15 | .tms_cstime resq 1 16 | endstruc 17 | 18 | global _start 19 | _start: 20 | mov rax, 100 ; sys_times 21 | mov rdi, tmsstruc 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | mov rdi, [tmsstruc + tms.tms_utime] 26 | syscall 27 | 28 | section .bss 29 | tmsstruc resb tms_size 30 | -------------------------------------------------------------------------------- /syscalls/linux/102_sys_getuid/sys_getuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getuid.o sys_getuid.asm 7 | ; ld sys_getuid.o -o sys_getuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 102 ; sys_getuid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/104_sys_getgid/sys_getgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getgid.o sys_getgid.asm 7 | ; ld sys_getgid.o -o sys_getgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 104 ; sys_getgid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/105_sys_setuid/sys_setuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setuid.o sys_setuid.asm 7 | ; ld sys_setuid.o -o sys_setuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 105 ; sys_setuid 14 | mov rdi, 65535 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/106_sys_setgid/sys_setgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setgid.o sys_setgid.asm 7 | ; ld sys_setgid.o -o sys_setgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 106 ; sys_setgid 14 | mov rdi, 65535 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/107_sys_geteuid/sys_geteuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_geteuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_geteuid.o sys_geteuid.asm 7 | ; ld sys_geteuid.o -o sys_geteuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 107 ; sys_geteuid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/108_sys_getegid/sys_getgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getegid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getegid.o sys_getegid.asm 7 | ; ld sys_getegid.o -o sys_getegid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 108 ; sys_getegid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/109_sys_setpgid/sys_setpgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setpgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setpgid.o sys_setpgid.asm 7 | ; ld sys_setpgid.o -o sys_setpgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 109 ; sys_setpgid 14 | mov rdi, 0 15 | mov rsi, 0 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/110_sys_getppid/sys_getppid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getppid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getppid.o sys_getppid.asm 7 | ; ld sys_getppid.o -o sys_getppid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 110 ; sys_getppid 15 | syscall 16 | 17 | mov rdi, rax 18 | 19 | mov rax, 60 ; sys_exit 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/111_sys_getpgrp/sys_getpgrp.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getpgrp example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getpgrp.o sys_getpgrp.asm 7 | ; ld sys_getpgrp.o -o sys_getpgrp 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 111 ; sys_getpgrp 14 | syscall 15 | 16 | mov rdi, rax 17 | 18 | mov rax, 60 ; sys_exit 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/112_sys_setsid/sys_setsid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setsid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setsid.o sys_setsid.asm 7 | ; ld sys_setsid.o -o sys_setsid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 112 ; sys_setsid 14 | syscall 15 | 16 | mov rax, 60 ; sys_exit 17 | mov rdi, 666 18 | syscall 19 | -------------------------------------------------------------------------------- /syscalls/linux/113_sys_setreuid/sys_setreuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setreuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setreuid.o sys_setreuid.asm 7 | ; ld sys_setreuid.o -o sys_setreuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 113 ; sys_setreuid 14 | mov rdi, 65535 15 | mov rsi, 65535 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/114_sys_setregid/sys_setregid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setregid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setregid.o sys_setregid.asm 7 | ; ld sys_setregid.o -o sys_setregid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 114 ; sys_setregid 14 | mov rdi, 65535 15 | mov rsi, 65535 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/115_sys_getgroups/sys_getgroups.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getgroups example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getgroups.o sys_getgroups.asm 7 | ; ld sys_getgroups.o -o sys_getgroups 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 115 ; sys_getgroups 14 | mov rdi, 256 15 | mov rsi, supgrp 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | 22 | section .bss 23 | supgrp resd 256 24 | -------------------------------------------------------------------------------- /syscalls/linux/116_sys_setgroups/sys_setgroups.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setgroups example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setgroups.o sys_setgroups.asm 7 | ; ld sys_setgroups.o -o sys_setgroups 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov dword [supgrp], 65535 14 | 15 | mov rax, 116 ; sys_setgroups 16 | mov rdi, 1 17 | mov rsi, supgrp 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | 24 | section .bss 25 | supgrp resd 1 26 | -------------------------------------------------------------------------------- /syscalls/linux/117_sys_setresuid/sys_setresuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setresuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setresuid.o sys_setresuid.asm 7 | ; ld sys_setresuid.o -o sys_setresuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 117 ; sys_setresuid 14 | mov rdi, 65535 15 | mov rsi, 65535 16 | mov rdx, 65535 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, 0 21 | syscall 22 | -------------------------------------------------------------------------------- /syscalls/linux/118_sys_getresuid/sys_getresuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getresuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getresuid.o sys_getresuid.asm 7 | ; ld sys_getresuid.o -o sys_getresuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 118 ; sys_getresuid 14 | mov rdi, ruid 15 | mov rsi, euid 16 | mov rdx, suid 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, 0 21 | syscall 22 | 23 | section .bss 24 | ruid resd 1 25 | euid resd 1 26 | suid resd 1 27 | -------------------------------------------------------------------------------- /syscalls/linux/120_sys_getresgid/sys_getresgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getresgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getresgid.o sys_getresgid.asm 7 | ; ld sys_getresgid.o -o sys_getresgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 120 ; sys_getresgid 14 | mov rdi, rgid 15 | mov rsi, egid 16 | mov rdx, sgid 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, 0 21 | syscall 22 | 23 | section .bss 24 | rgid resd 1 25 | egid resd 1 26 | sgid resd 1 27 | -------------------------------------------------------------------------------- /syscalls/linux/121_sys_getpgid/sys_getpgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getpgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getpgid.o sys_getpgid.asm 7 | ; ld sys_getpgid.o -o sys_getpgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 121 ; sys_getpgid 14 | mov rdi, 0 ; null for the calling process 15 | syscall ; or some other process.. 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/122_sys_setfsuid/sys_setfsuid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setfsuid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setfsuid.o sys_setfsuid.asm 7 | ; ld sys_setfsuid.o -o sys_setfsuid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 122 ; sys_setfsuid 14 | mov rdi, 65535 15 | syscall 16 | 17 | mov rdi, rax ; on success or failure it 18 | ; returns the previous value 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | -------------------------------------------------------------------------------- /syscalls/linux/123_sys_setfsgid/sys_setfsgid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setfsgid example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setfsgid.o sys_setfsgid.asm 7 | ; ld sys_setfsgid.o -o sys_setfsgid 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 123 ; sys_setfsgid 14 | mov rdi, 65535 15 | syscall 16 | 17 | mov rdi, rax ; on success or failure it 18 | ; returns the previous value 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | -------------------------------------------------------------------------------- /syscalls/linux/124_sys_getsid/sys_getsid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getsid example 4 | ; 5 | ; get the session ID of the calling process 6 | ; (or some other process) 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_getsid.o sys_getsid.asm 10 | ; ld sys_getsid.o -o sys_getsid 11 | 12 | BITS 64 13 | 14 | global _start 15 | _start: 16 | mov rax, 124 ; sys_getsid 17 | mov rdi, 0 ; 0 for the calling process 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | -------------------------------------------------------------------------------- /syscalls/linux/125_sys_capget/sys_capget.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_capget example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_capget.o sys_capget.asm 7 | ; ld sys_capget.o -o sys_capget 8 | 9 | BITS 64 10 | 11 | %define _LINUX_CAPABILITY_VERSION_1 0x19980330 12 | %define _LINUX_CAPABILITY_VERSION_3 0x20080522 13 | 14 | struc cap_user_header_t 15 | .version resd 1 16 | .pid resd 1 17 | endstruc 18 | 19 | struc cap_user_data_t 20 | .effective resd 1 21 | .permitted resd 1 22 | .inheritable resd 1 23 | endstruc 24 | 25 | global _start 26 | _start: 27 | mov dword [hdrp + cap_user_header_t.version], _LINUX_CAPABILITY_VERSION_3 28 | 29 | mov rax, 125 ; sys_capget 30 | mov rdi, hdrp 31 | mov rsi, datap 32 | syscall 33 | 34 | mov rax, 60 ; sys_exit 35 | mov rdi, 0 36 | syscall 37 | 38 | section .bss 39 | hdrp resb cap_user_header_t_size 40 | datap resb 2 * cap_user_data_t_size 41 | 42 | -------------------------------------------------------------------------------- /syscalls/linux/126_sys_capset/sys_capset.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_capset example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_capset.o sys_capset.asm 7 | ; ld sys_capset.o -o sys_capset 8 | 9 | BITS 64 10 | 11 | %define _LINUX_CAPABILITY_VERSION_1 0x19980330 12 | %define _LINUX_CAPABILITY_VERSION_3 0x20080522 13 | 14 | %define CAP_CHOWN 0 15 | %define CAP_DAC_OVERRIDE 1 16 | %define CAP_DAC_READ_SEARCH 2 17 | %define CAP_FOWNER 3 18 | %define CAP_FSETID 4 19 | %define CAP_KILL 5 20 | %define CAP_SETGID 6 21 | %define CAP_SETUID 7 22 | %define CAP_SETPCAP 8 23 | %define CAP_LINUX_IMMUTABLE 9 24 | %define CAP_NET_BIND_SERVICE 10 25 | %define CAP_NET_BROADCAST 11 26 | %define CAP_NET_ADMIN 12 27 | %define CAP_NET_RAW 13 28 | %define CAP_IPC_LOCK 14 29 | %define CAP_IPC_OWNER 15 30 | %define CAP_SYS_MODULE 16 31 | %define CAP_SYS_RAWIO 17 32 | %define CAP_SYS_CHROOT 18 33 | %define CAP_SYS_PTRACE 19 34 | %define CAP_SYS_PACCT 20 35 | %define CAP_SYS_ADMIN 21 36 | %define CAP_SYS_BOOT 22 37 | %define CAP_SYS_NICE 23 38 | %define CAP_SYS_RESOURCE 24 39 | %define CAP_SYS_TIME 25 40 | %define CAP_SYS_TTY_CONFIG 26 41 | %define CAP_MKNOD 27 42 | %define CAP_LEASE 28 43 | %define CAP_AUDIT_WRITE 29 44 | %define CAP_AUDIT_CONTROL 30 45 | %define CAP_SETFCAP 31 46 | %define CAP_MAC_OVERRIDE 32 47 | %define CAP_MAC_ADMIN 33 48 | 49 | %define CAP_TO_MASK(x) (1 << ((x) & 31)) 50 | 51 | struc cap_user_header_t 52 | .version resd 1 53 | .pid resd 1 54 | endstruc 55 | 56 | struc cap_user_data_t 57 | .effective resd 1 58 | .permitted resd 1 59 | .inheritable resd 1 60 | endstruc 61 | 62 | global _start 63 | _start: 64 | mov dword [hdrp + cap_user_header_t.version], _LINUX_CAPABILITY_VERSION_3 65 | mov dword [datap + cap_user_data_t.effective], (CAP_TO_MASK(CAP_SYS_MODULE)|CAP_TO_MASK(CAP_KILL)) 66 | mov dword [datap + cap_user_data_t.permitted], (CAP_TO_MASK(CAP_SYS_MODULE)|CAP_TO_MASK(CAP_KILL)) 67 | 68 | mov rax, 126 ; sys_capset 69 | mov rdi, hdrp 70 | mov rsi, datap 71 | syscall 72 | 73 | mov rax, 60 ; sys_exit 74 | mov rdi, 0 75 | syscall 76 | 77 | section .bss 78 | hdrp resb cap_user_header_t_size 79 | datap resb 2 * cap_user_data_t_size 80 | 81 | -------------------------------------------------------------------------------- /syscalls/linux/131_sys_sigaltstack/sys_sigaltstack.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sigaltstack example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sigaltstack.o sys_sigaltstack.asm 7 | ; ld sys_sigaltstack.o -o sys_sigaltstack 8 | 9 | BITS 64 10 | 11 | %define SIGSTKSZ 131072 12 | 13 | struc stack_t 14 | .ss_sp resq 1 15 | .ss_flags resq 1 16 | .ss_size resq 1 17 | endstruc 18 | 19 | global _start 20 | _start: 21 | mov rax, 12 ; sys_brk 22 | mov rdi, 0 23 | syscall 24 | 25 | mov [addr], rax 26 | 27 | add rax, SIGSTKSZ 28 | mov rdi, rax 29 | mov rax, 12 ; sys_brk 30 | syscall 31 | 32 | mov rbx, [addr] 33 | mov [stacka + stack_t.ss_sp], rbx 34 | mov dword [stacka + stack_t.ss_flags], 0 35 | mov qword [stacka + stack_t.ss_size], SIGSTKSZ 36 | 37 | mov rax, 131 ; sys_sigaltstack 38 | mov rdi, stacka 39 | mov rsi, 0 40 | syscall 41 | 42 | mov rax, 60 ; sys_exit 43 | mov rdi, 0 44 | syscall 45 | 46 | section .bss 47 | stacka resb stack_t_size 48 | addr resq 1 49 | 50 | -------------------------------------------------------------------------------- /syscalls/linux/133_sys_mknod/sys_mknod.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mknod example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_mknod.o sys_mknod.asm 7 | ; ld sys_mknod.o -o sys_mknod 8 | 9 | BITS 64 10 | 11 | %define S_IFSOCK 0140000o 12 | %define S_IFLNK 0120000o 13 | %define S_IFREG 0100000o 14 | %define S_IFBLK 0060000o 15 | %define S_IFDIR 0040000o 16 | %define S_IFCHR 0020000o 17 | %define S_IFIFO 0010000o 18 | %define S_ISUID 0004000o 19 | %define S_ISGID 0002000o 20 | %define S_ISVTX 0001000o 21 | 22 | global _start 23 | _start: 24 | mov rax, 133 ; sys_mknod 25 | mov rdi, filename 26 | mov rsi, (S_IFIFO|0666o) 27 | mov rdx, 0 28 | syscall 29 | 30 | mov rax, 60 ; sys_exit 31 | mov rdi, 0 32 | syscall 33 | 34 | section .data 35 | filename db '/tmp/iamasupernod',0 36 | -------------------------------------------------------------------------------- /syscalls/linux/135_sys_personality/sys_personality.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_personality example 4 | ; 5 | ; linux has limited support for binaries for other unix-like 6 | ; operating systems via the personality mechanism (see man 7 | ; page for full details) 8 | ; 9 | ; this syscall is used to ask for various workarounds to be 10 | ; applied. some personas have no effect at all. 11 | ; 12 | ; (sys_personality can be called with the value 0xffffffff 13 | ; to retrieve the current persona without changing it) 14 | ; 15 | ; assemble with: 16 | ; nasm -f elf64 -o sys_personality.o sys_personality.asm 17 | ; ld sys_personality.o -o sys_personality 18 | 19 | BITS 64 20 | 21 | %define personadef 0xffffffff 22 | %define PER_LINUX_32BIT 0x00800000 23 | %define PER_SVR4 0x04100001 24 | %define PER_SVR3 0x05000002 25 | %define PER_SCOSVR3 0x07000003 26 | %define PER_OSR5 0x06000003 27 | %define PER_WYSEV386 0x05000004 28 | %define PER_ISCR4 0x04000005 29 | %define PER_BSD 0x00000006 30 | %define PER_SUNOS 0x04000006 31 | %define PER_XENIX 0x05000007 32 | %define PER_LINUX32 0x00000008 33 | %define PER_LINUX32_3GB 0x08000008 34 | %define PER_IRIX32 0x04000009 35 | %define PER_IRIXN32 0x0400000a 36 | %define PER_IRIX64 0x0400000b 37 | %define PER_RISCOS 0x0000000c 38 | %define PER_SOLARIS 0x0400000d 39 | %define PER_UW7 0x0410000e 40 | %define PER_OSF4 0x0000000f 41 | %define PER_HPUX 0x00000010 42 | 43 | global _start 44 | _start: 45 | mov rax, 135 ; sys_personality 46 | mov rdi, personadef ; query it without changing it 47 | syscall 48 | 49 | mov rax, 135 ; sys_personality 50 | mov rdi, PER_LINUX32_3GB 51 | syscall ; return value may be 52 | ; the *previous* persona on 53 | ; success or -1 on error.. 54 | 55 | mov rax, 135 ; sys_personality 56 | mov rdi, personadef ; query it 57 | syscall 58 | 59 | mov rax, 60 ; sys_exit 60 | mov rdi, 0 61 | syscall 62 | -------------------------------------------------------------------------------- /syscalls/linux/136_sys_ustat/sys_ustat.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_ustat example 4 | ; 5 | ; a deprecated syscall.. use statfs 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_ustat.o sys_ustat.asm 9 | ; ld sys_ustat.o -o sys_ustat 10 | 11 | BITS 64 12 | 13 | struc ubuf 14 | .f_tfree resd 1 15 | .f_tinode resq 1 16 | .f_name resb 6 17 | .f_pack resb 6 18 | endstruc 19 | 20 | global _start 21 | _start: 22 | mov rax, 136 ; sys_ustat 23 | mov rdi, 1 ; dev_t dev 24 | mov rsi, ubufst 25 | syscall 26 | 27 | mov rax, 60 ; sys_exit 28 | mov rdi, [ubufst + ubuf.f_tinode] 29 | syscall 30 | 31 | section .bss 32 | ubufst resb ubuf_size 33 | 34 | -------------------------------------------------------------------------------- /syscalls/linux/137_sys_statfs/sys_statfs.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_statfs example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_statfs.o sys_statfs.asm 7 | ; ld sys_statfs.o -o sys_statfs 8 | 9 | BITS 64 10 | 11 | struc statfs 12 | .f_type resq 1 13 | .f_bsize resq 1 14 | .f_blocks resq 1 15 | .f_bfree resq 1 16 | .f_bavail resq 1 17 | .f_files resq 1 18 | .f_ffree resq 1 19 | .f_fsid resq 1 20 | .f_namelen resq 1 21 | .f_frsize resq 1 22 | .f_flags resq 1 23 | .f_spare resq 4 24 | endstruc 25 | 26 | global _start 27 | _start: 28 | 29 | mov rax, 137 ; sys_statfs 30 | mov rdi, pathname 31 | mov rsi, statstruc 32 | syscall 33 | 34 | mov rdi, [statstruc + statfs.f_frsize] 35 | 36 | mov rax, 60 ; sys_exit 37 | syscall 38 | 39 | section .data 40 | pathname db '/etc/issue',0 41 | 42 | section .bss 43 | statstruc resb statfs_size 44 | -------------------------------------------------------------------------------- /syscalls/linux/138_sys_fstatfs/sys_fstatfs.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fstatfs example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fstatfs.o sys_fstatfs.asm 7 | ; ld sys_fstatfs.o -o sys_fstatfs 8 | 9 | BITS 64 10 | 11 | struc statfs 12 | .f_type resq 1 13 | .f_bsize resq 1 14 | .f_blocks resq 1 15 | .f_bfree resq 1 16 | .f_bavail resq 1 17 | .f_files resq 1 18 | .f_ffree resq 1 19 | .f_fsid resq 1 20 | .f_namelen resq 1 21 | .f_frsize resq 1 22 | .f_flags resq 1 23 | .f_spare resq 4 24 | endstruc 25 | 26 | ; sys_open 27 | %define O_RDONLY 0 28 | 29 | global _start 30 | _start: 31 | mov rax, 2 ; sys_open 32 | mov rdi, pathname 33 | mov rsi, O_RDONLY 34 | syscall 35 | 36 | mov rdi, rax 37 | 38 | mov rax, 138 ; sys_fstatfs 39 | mov rsi, statstruc 40 | syscall 41 | 42 | mov rdi, [statstruc + statfs.f_frsize] 43 | 44 | mov rax, 60 ; sys_exit 45 | syscall 46 | 47 | section .data 48 | pathname db '/etc/issue',0 49 | 50 | section .bss 51 | statstruc resb statfs_size 52 | -------------------------------------------------------------------------------- /syscalls/linux/139_sys_sysfs/sys_sysfs.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sysfs example 4 | ; 5 | ; (deprecated syscall) 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_exit.o sys_sysfs.asm 9 | ; ld sys_sysfs.o -o sys_sysfs 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | mov rax, 139 ; sys_sysfs 16 | mov rdi, 3 ; option 17 | mov rsi, 0 ; <------- in other modes 18 | mov rdx, 0 ; <-' these may be used 19 | syscall 20 | 21 | mov rax, 60 ; sys_exit 22 | mov rdi, 0 23 | syscall 24 | -------------------------------------------------------------------------------- /syscalls/linux/140_sys_getpriority/sys_getpriority.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getpriority example 4 | ; 5 | ; scheduling priority of the process, process group or user 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_getpriority.o sys_getpriority.asm 9 | ; ld sys_getpriority.o -o sys_getpriority 10 | 11 | BITS 64 12 | 13 | %define PRIO_PROCESS 0 14 | %define PRIO_PGRP 1 15 | %define PRIO_USER 2 16 | 17 | global _start 18 | _start: 19 | 20 | mov rax, 140 ; sys_getpriority 21 | mov rdi, PRIO_PROCESS 22 | mov rsi, 0 23 | syscall 24 | 25 | mov rdi, rax 26 | 27 | mov rax, 60 ; sys_exit 28 | syscall 29 | 30 | -------------------------------------------------------------------------------- /syscalls/linux/141_sys_setpriority/sys_setpriority.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setpriority example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setpriority.o sys_setpriority.asm 7 | ; ld sys_setpriority.o -o sys_setpriority 8 | 9 | BITS 64 10 | 11 | %define PRIO_PROCESS 0 12 | %define PRIO_PGRP 1 13 | %define PRIO_USER 2 14 | 15 | global _start 16 | _start: 17 | 18 | mov rax, 141 ; sys_setpriority 19 | mov rdi, PRIO_PROCESS 20 | mov rsi, 0 21 | mov rdx, 19 22 | syscall 23 | 24 | mov rax, 60 ; sys_exit 25 | syscall 26 | 27 | -------------------------------------------------------------------------------- /syscalls/linux/142_sys_sched_setparam/sys_sched_setparam.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_setparam example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_setparam.o sys_sched_setparam.asm 7 | ; ld sys_sched_setparam.o -o sys_sched_setparam 8 | 9 | BITS 64 10 | 11 | struc sched_param 12 | .sched_priority resd 1 13 | endstruc 14 | 15 | global _start 16 | _start: 17 | ; ?? not much useful here ?? 18 | mov dword [spst + sched_param.sched_priority], 0 19 | 20 | mov rax, 142 ; sys_sched_setparam 21 | mov rdi, 0 22 | mov rsi, spst 23 | syscall 24 | 25 | mov rax, 60 ; sys_exit 26 | mov rdi, 0 27 | syscall 28 | 29 | section .bss 30 | spst resb sched_param_size 31 | -------------------------------------------------------------------------------- /syscalls/linux/143_sys_sched_getparam/sys_sched_getparam.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_getparam example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_getparam.o sys_sched_getparam.asm 7 | ; ld sys_sched_getparam.o -o sys_sched_getparam 8 | 9 | BITS 64 10 | 11 | struc sched_param 12 | .sched_priority resd 1 13 | endstruc 14 | 15 | global _start 16 | _start: 17 | mov rax, 143 ; sys_sched_getparam 18 | mov rdi, 0 19 | mov rsi, spst 20 | syscall 21 | 22 | mov rax, 60 ; sys_exit 23 | mov rdi, 0 24 | syscall 25 | 26 | section .bss 27 | spst resb sched_param_size 28 | -------------------------------------------------------------------------------- /syscalls/linux/144_sys_setscheduler/sys_setscheduler.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setscheduler example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_setscheduler.o sys_setscheduler.asm 7 | ; ld sys_setscheduler.o -o sys_setscheduler 8 | 9 | BITS 64 10 | 11 | %define SCHED_OTHER 0 12 | %define SCHED_FIFO 1 13 | %define SCHED_RR 2 14 | %define SCHED_BATCH 3 15 | %define SCHED_ISO 4 16 | %define SCHED_IDLE 5 17 | %define SCHED_DEADLINE 6 18 | 19 | struc sched_param 20 | .sched_priority resd 1 21 | endstruc 22 | 23 | global _start 24 | _start: 25 | mov dword [spstr + sched_param.sched_priority], 0 ; must be 0 here 26 | 27 | mov rax, 144 ; sys_setscheduler 28 | mov rdi, 0 29 | mov rsi, SCHED_BATCH 30 | mov rdx, spstr 31 | syscall 32 | 33 | mov rax, 60 ; sys_exit 34 | mov rdi, 0 35 | syscall 36 | 37 | section .bss 38 | spstr resb sched_param_size 39 | -------------------------------------------------------------------------------- /syscalls/linux/145_sys_getscheduler/sys_getscheduler.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getscheduler example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getscheduler.o sys_getscheduler.asm 7 | ; ld sys_getscheduler.o -o sys_getscheduler 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 145 ; sys_getscheduler 14 | mov rdi, 0 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/146_sys_sched_get_priority_max/sys_sched_get_priority_max.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_get_priority_max example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_get_priority_max.o sys_sched_get_priority_max.asm 7 | ; ld sys_sched_get_priority_max.o -o sys_sched_get_priority_max 8 | 9 | BITS 64 10 | 11 | %define SCHED_OTHER 0 12 | %define SCHED_FIFO 1 13 | %define SCHED_RR 2 14 | %define SCHED_BATCH 3 15 | %define SCHED_ISO 4 16 | %define SCHED_IDLE 5 17 | %define SCHED_DEADLINE 6 18 | 19 | global _start 20 | _start: 21 | mov rax, 146 ; sys_sched_get_priority_max 22 | mov rdi, SCHED_DEADLINE 23 | syscall 24 | 25 | mov rdi, rax 26 | 27 | mov rax, 60 ; sys_exit 28 | syscall 29 | 30 | -------------------------------------------------------------------------------- /syscalls/linux/147_sys_sched_get_priority_min/sys_sched_get_priority_min.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_get_priority_min example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_get_priority_min.o sys_sched_get_priority_min.asm 7 | ; ld sys_sched_get_priority_min.o -o sys_sched_get_priority_min 8 | 9 | BITS 64 10 | 11 | %define SCHED_OTHER 0 12 | %define SCHED_FIFO 1 13 | %define SCHED_RR 2 14 | %define SCHED_BATCH 3 15 | %define SCHED_ISO 4 16 | %define SCHED_IDLE 5 17 | %define SCHED_DEADLINE 6 18 | 19 | global _start 20 | _start: 21 | mov rax, 147 ; sys_sched_get_priority_min 22 | mov rdi, SCHED_DEADLINE 23 | syscall 24 | 25 | mov rdi, rax 26 | 27 | mov rax, 60 ; sys_exit 28 | syscall 29 | 30 | -------------------------------------------------------------------------------- /syscalls/linux/149_sys_mlock/sys_mlock.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mlock example 4 | ; 5 | ; A syscall to lock some memory in RAM 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mlock.o sys_mlock.asm 9 | ; ld sys_mlock.o -o sys_mlock 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | 16 | mov rax, 12 ; sys_brk 17 | mov rdi, 0 18 | syscall ; get current 19 | 20 | push rax 21 | 22 | add rax, 4096 ; add 4096 bytes 23 | mov rdi, rax ; 24 | mov rax, 12 ; allocating 25 | syscall ; some memory 26 | 27 | mov rax, 149 ; sys_mlock 28 | pop rdi 29 | mov rsi, 4096 30 | syscall 31 | 32 | mov rax, 60 ; sys_exit 33 | mov rdi, 0 34 | syscall 35 | 36 | -------------------------------------------------------------------------------- /syscalls/linux/150_sys_munlock/sys_munlock.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_munlock example 4 | ; 5 | ; A syscall to unlock some previously locked memory 6 | ; from RAM so it can be swapped out again 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_munlock.o sys_munlock.asm 10 | ; ld sys_munlock.o -o sys_munlock 11 | 12 | BITS 64 13 | 14 | global _start 15 | _start: 16 | 17 | mov rax, 12 ; sys_brk 18 | mov rdi, 0 19 | syscall ; get current 20 | 21 | mov [savbrk], rax 22 | 23 | add rax, 4096 ; add 4096 bytes 24 | mov rdi, rax ; 25 | mov rax, 12 ; allocating 26 | syscall ; some memory 27 | 28 | mov rax, 149 ; sys_mlock 29 | mov rdi, [savbrk] 30 | mov rsi, 4096 ; lock this in RAM to prevent 31 | syscall ; swapping 32 | 33 | mov rax, 150 ; sys_munlock 34 | mov rdi, [savbrk] ; unlock it once finished 35 | mov rsi, 4096 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .bss 43 | savbrk resd 1 44 | -------------------------------------------------------------------------------- /syscalls/linux/151_sys_mlockall/sys_mlockall.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mlockall example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_mlockall.o sys_mlockall.asm 7 | ; ld sys_mlockall.o -o sys_mlockall 8 | 9 | BITS 64 10 | 11 | %define MCL_CURRENT 1 12 | %define MCL_FUTURE 2 13 | 14 | global _start 15 | _start: 16 | mov rax, 151 ; sys_mlockall 17 | mov rdi, MCL_CURRENT 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | -------------------------------------------------------------------------------- /syscalls/linux/152_sys_munlockall/sys_munlockall.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_munlockall example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_munlockall.o sys_munlockall.asm 7 | ; ld sys_munlockall.o -o sys_munlockall 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 152 ; sys_munlockall 14 | syscall 15 | 16 | mov rax, 60 ; sys_exit 17 | mov rdi, 0 18 | syscall 19 | -------------------------------------------------------------------------------- /syscalls/linux/153_sys_vhangup/sys_vhangup.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_vhangup example 4 | ; 5 | ; simulates a hangup on the current terminal 6 | ; 7 | ; CAP_SYS_TTY_CONFIG capability is required to call 8 | ; 9 | ; assemble with: 10 | ; nasm -f elf64 -o sys_vhangup.o sys_vhangup.asm 11 | ; ld sys_vhangup.o -o sys_vhangup 12 | 13 | BITS 64 14 | 15 | global _start 16 | _start: 17 | mov rax, 153 ; sys_vhangup 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | -------------------------------------------------------------------------------- /syscalls/linux/155_sys_pivot_root/sys_pivot_root.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_pivot_root example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_pivot_root.o sys_pivot_root.asm 7 | ; ld sys_pivot_root.o -o sys_pivot_root 8 | ; 9 | ; mkdir /ramroot 10 | ; mount -n -t tmpfs -o size=500M none /ramroot 11 | ; cd /ramroot 12 | ; mkdir oldroot 13 | ; 14 | ; NOTE: ye may get EINVAL as current root cannot be on the 15 | ; 'rootfs' (initial ramfs) 16 | 17 | BITS 64 18 | 19 | global _start 20 | _start: 21 | mov rax, 80 ; sys_chdir 22 | mov rdi, newroot 23 | syscall 24 | 25 | mov rax, 155 ; sys_pivot_root 26 | mov rdi, currdur 27 | mov rsi, putold 28 | syscall 29 | 30 | mov rax, 60 ; sys_exit 31 | mov rdi, 0 32 | syscall 33 | 34 | section .data 35 | currdur db '.',0 36 | newroot db '/ramroot',0 37 | putold db 'oldroot',0 38 | -------------------------------------------------------------------------------- /syscalls/linux/157_sys_prctl/sys_prctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_prctl example 4 | ; 5 | ; prctl allows for all kinds of weird stuff 6 | ; to be done to a process.. 7 | ; 8 | ; see man page for details 9 | ; 10 | ; assemble with: 11 | ; nasm -f elf64 -o sys_prctl.o sys_prctl.asm 12 | ; ld sys_prctl.o -o sys_prctl 13 | 14 | BITS 64 15 | 16 | ; set or get signal a process will get when 17 | ; it's parent dies 18 | %define PR_SET_PDEATHSIG 1 19 | %define PR_GET_PDEATHSIG 2 20 | 21 | ; get/set current->mm->dumpable 22 | %define PR_GET_DUMPABLE 3 23 | %define PR_SET_DUMPABLE 4 24 | 25 | ; get/set process name 26 | %define PR_SET_NAME 15 27 | %define PR_GET_NAME 16 28 | 29 | ; get/set process seccomp mode 30 | %define PR_GET_SECCOMP 21 31 | %define PR_SET_SECCOMP 22 32 | 33 | ; get/set ability to use the timestamp counter 34 | ; instruction 35 | %define PR_GET_TSC 25 36 | %define PR_SET_TSC 26 37 | %define PR_TSC_ENABLE 1 ; allow the use of the timestamp counter 38 | %define PR_TSC_SIGSEGV 2 ; throw a SIGSEGV instead of reading 39 | 40 | ; get/set 'securebits' (man 7 capabilities) 41 | %define PR_GET_SECUREBITS 27 42 | %define PR_SET_SECUREBITS 28 43 | 44 | ; read or change the ambient capability set 45 | %define PR_CAP_AMBIENT 47 46 | %define PR_CAP_AMBIENT_IS_SET 1 47 | %define PR_CAP_AMBIENT_RAISE 2 48 | %define PR_CAP_AMBIENT_LOWER 3 49 | %define PR_CAP_AMBIENT_CLEAR_ALL 4 50 | 51 | ; get/set the capability bounding set 52 | %define PR_CAPBSET_READ 23 53 | %define PR_CAPBSET_DROP 24 54 | 55 | ; prevent the granting of any new privilege 56 | %define PR_SET_NO_NEW_PRIVS 38 57 | %define PR_GET_NO_NEW_PRIVS 39 58 | 59 | ; get/set timer 'slack' (poll/select/nanosleep) 60 | %define PR_SET_TIMERSLACK 29 61 | %define PR_GET_TIMERSLACK 30 62 | 63 | ; enable/disable collection of perf events 64 | %define PR_TASK_PERF_EVENTS_DISABLE 31 65 | %define PR_TASK_PERF_EVENTS_ENABLE 32 66 | 67 | global _start 68 | _start: 69 | 70 | mov rax, 157 ; sys_prctl 71 | mov rdi, PR_GET_TSC 72 | mov rsi, result 73 | syscall 74 | 75 | mov rax, 157 ; sys_prctl 76 | mov rdi, PR_SET_TSC 77 | mov rsi, PR_TSC_SIGSEGV 78 | syscall 79 | 80 | mov rax, 60 ; sys_exit 81 | syscall 82 | 83 | section .bss 84 | result resd 1 85 | -------------------------------------------------------------------------------- /syscalls/linux/158_sys_arch_prctl/sys_arch_prctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_arch_prctl example 4 | ; 5 | ; allows for some architecture specific stuff on 6 | ; x86-64 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_arch_prctl.o sys_arch_prctl.asm 10 | ; ld sys_arch_prctl.o -o sys_arch_prctl 11 | 12 | BITS 64 13 | 14 | %define ARCH_SET_GS 0x1001 15 | %define ARCH_SET_FS 0x1002 16 | %define ARCH_GET_FS 0x1003 17 | %define ARCH_GET_GS 0x1004 18 | 19 | global _start 20 | _start: 21 | 22 | mov rax, 158 ; sys_arch_prctl 23 | mov rdi, ARCH_SET_FS 24 | mov rsi, 8008 25 | syscall 26 | 27 | mov rax, 158 ; sys_arch_prctl 28 | mov rdi, ARCH_GET_FS 29 | mov rsi, result 30 | syscall 31 | 32 | mov rdi, [result] 33 | 34 | mov rax, 60 ; sys_exit 35 | syscall 36 | 37 | section .bss 38 | result resq 1 39 | -------------------------------------------------------------------------------- /syscalls/linux/159_sys_adjtimex/sys_adjtimex.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_adjtimex example 4 | ; 5 | ; "David L. Mills / RFC 5905 clock adjustment" 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_adjtimex.o sys_adjtimex.asm 9 | ; ld sys_adjtimex.o -o sys_adjtimex 10 | 11 | BITS 64 12 | 13 | %define ADJ_OFFSET 0x0001 14 | %define ADJ_FREQUENCY 0x0002 15 | %define ADJ_MAXERROR 0x0004 16 | %define ADJ_ESTERROR 0x0008 17 | %define ADJ_STATUS 0x0010 18 | %define ADJ_TIMECONST 0x0020 19 | %define ADJ_TAI 0x0080 20 | %define ADJ_SETOFFSET 0x0100 21 | %define ADJ_MICRO 0x1000 22 | %define ADJ_NANO 0x2000 23 | %define ADJ_TICK 0x4000 24 | 25 | ; it's a big old structure.. 26 | struc timex 27 | .modes resd 1 28 | .offset resq 1 29 | .freq resq 1 30 | .maxerr resq 1 31 | .esterr resq 1 32 | .status resd 1 33 | .const resq 1 34 | .precis resq 1 35 | .tlrnce resq 1 36 | .timev resq 2 37 | .tick resq 1 38 | .ppsfrq resq 1 39 | .jitter resq 1 40 | .shift resd 1 41 | .stabil resq 1 42 | .jitcnt resq 1 43 | .calcnt resq 1 44 | .errcnt resq 1 45 | .stbcnt resq 1 46 | .tai resd 1 47 | endstruc 48 | 49 | global _start 50 | _start: 51 | mov dword [timexst + timex.modes], ADJ_NANO 52 | 53 | mov rax, 159 ; sys_adjtimex 54 | mov rdi, timexst 55 | syscall 56 | 57 | mov rax, 60 ; sys_exit 58 | mov rdi, 0 59 | syscall 60 | 61 | section .bss 62 | timexst resb timex_size 63 | -------------------------------------------------------------------------------- /syscalls/linux/162_sys_sync/sys_sync.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sync example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sync.o sys_sync.asm 7 | ; ld sys_sync.o -o sys_sync 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 162 ; sys_sync 14 | syscall 15 | 16 | mov rax, 60 ; sys_exit 17 | mov rdi, 0 18 | syscall 19 | 20 | -------------------------------------------------------------------------------- /syscalls/linux/163_sys_acct/sys_acct.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_acct example 4 | ; 5 | ; enable process accounting and store information 6 | ; in a previously created file 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_acct.o sys_acct.asm 10 | ; ld sys_acct.o -o sys_acct 11 | 12 | BITS 64 13 | 14 | ; sys_open 15 | %define O_MODES 0x42 16 | 17 | global _start 18 | _start: 19 | mov rax, 2 ; sys_open 20 | mov rdi, filename 21 | mov rsi, O_MODES 22 | mov rdx, 666o 23 | syscall 24 | 25 | mov rax, 163 ; sys_acct 26 | mov rdi, filename ; switch on 27 | syscall 28 | 29 | mov rax, 163 ; sys_acct 30 | mov rdi, 0 ; switch off 31 | syscall 32 | 33 | mov rax, 60 ; sys_exit 34 | syscall 35 | 36 | section .data 37 | filename db '/tmp/accts',0 38 | -------------------------------------------------------------------------------- /syscalls/linux/164_sys_settimeofday/sys_settimeofday.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_settimeofday example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_settimeofday.o sys_settimeofday.asm 7 | ; ld sys_settimeofday.o -o sys_settimeofday 8 | 9 | BITS 64 10 | 11 | struc timeval 12 | .tv_sec resq 1 13 | .tv_usec resq 1 14 | endstruc 15 | 16 | global _start 17 | _start: 18 | mov rax, 96 ; sys_gettimeofday 19 | mov rdi, tvstr 20 | mov rsi, 0 21 | syscall 22 | 23 | mov rax, 164 ; sys_settimeofday 24 | mov rdi, tvstr 25 | mov rsi, 0 26 | syscall 27 | 28 | mov rax, 60 ; sys_exit 29 | mov rdi, 0 30 | syscall 31 | 32 | section .bss 33 | tvstr resb timeval_size 34 | -------------------------------------------------------------------------------- /syscalls/linux/179_sys_quotactl/sys_quotactl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_quotactl example 4 | ; 5 | ; many weird things can be done with this one 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_quotactl.o sys_quotactl.asm 9 | ; ld sys_quotactl.o -o sys_quotactl 10 | 11 | %define SUBCMDMASK 0x00ff 12 | %define SUBCMDSHIFT 8 13 | %define QCMD(cmd, type) (((cmd) << SUBCMDSHIFT) | ((type) & SUBCMDMASK)) 14 | 15 | %define MAXQUOTAS 2 16 | %define GRPQUOTA 1 17 | %define USRQUOTA 0 18 | 19 | %define Q_SYNC 0x800001 20 | %define Q_QUOTAON 0x800002 21 | %define Q_QUOTAOFF 0x800003 22 | %define Q_GETFMT 0x800004 23 | %define Q_GETINFO 0x800005 24 | %define Q_SETINFO 0x800006 25 | %define Q_GETQUOTA 0x800007 26 | %define Q_SETQUOTA 0x800008 27 | 28 | BITS 64 29 | 30 | global _start 31 | _start: 32 | mov rax, 179 ; sys_quotactl 33 | mov rdi, QCMD(Q_QUOTAOFF,USRQUOTA) 34 | mov rsi, dev 35 | mov rdx, 0 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .data 43 | dev db '/dev/mapper/devmachine--vg-root',0 ; a block device 44 | -------------------------------------------------------------------------------- /syscalls/linux/186_sys_gettid/sys_gettid.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_gettid example 4 | ; 5 | ; gettid returns the callers thread ID 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_gettid.o sys_gettid.asm 9 | ; ld sys_gettid.o -o sys_gettid 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | 16 | mov rax, 186 ; sys_gettid 17 | syscall 18 | 19 | mov rdi, rax 20 | 21 | mov rax, 60 ; sys_exit 22 | syscall 23 | 24 | -------------------------------------------------------------------------------- /syscalls/linux/187_sys_readahead/sys_readahead.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_readahead example 4 | ; 5 | ; readahead triggers reading on a file in an attempt 6 | ; to make subsequent reads be satisfied from the cache 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_readahead.o sys_readahead.asm 10 | ; ld sys_readahead.o -o sys_readahead 11 | 12 | BITS 64 13 | 14 | ; sys_open 15 | %define O_RDONLY 0 16 | %define O_WRONLY 1 17 | %define O_RDWR 2 18 | 19 | global _start 20 | _start: 21 | 22 | mov rax, 2 ; sys_open 23 | mov rdi, filename 24 | mov rsi, O_RDONLY 25 | syscall 26 | 27 | mov rdi, rax 28 | 29 | mov rax, 187 ; sys_readahead 30 | mov rsi, 0 ; offset 31 | mov rdx, 4096 ; count 32 | syscall 33 | 34 | mov rax, 60 ; sys_exit 35 | mov rdi, 0 36 | syscall 37 | 38 | section .data 39 | filename db '/etc/passwd',0 40 | -------------------------------------------------------------------------------- /syscalls/linux/188_sys_setxattr/sys_setxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_setxattr example 4 | ; 5 | ; set some extended attribute 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_setxattr.o sys_setxattr.asm 9 | ; ld sys_setxattr.o -o sys_setxattr 10 | 11 | BITS 64 12 | 13 | %define XATTR_CREATE 0x1 14 | %define XATTR_REPLACE 0x2 15 | 16 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 17 | 18 | global _start 19 | _start: 20 | mov rax, 2 ; sys_open 21 | mov rdi, filename 22 | mov rsi, O_MODES 23 | mov rdx, 0644o 24 | syscall 25 | 26 | mov rax, 188 ; sys_setxattr 27 | mov rdi, filename 28 | mov rsi, attrname 29 | mov rdx, valueatt 30 | mov r10, 26 31 | mov r8, 0 32 | syscall 33 | 34 | mov rax, 60 ; sys_exit 35 | mov rdi, 0 36 | syscall 37 | 38 | section .data 39 | filename db '/tmp/somefilen',0 40 | attrname db 'user.something',0 41 | valueatt db 'abcdefghijklmnopqrstuvwxyz' 42 | -------------------------------------------------------------------------------- /syscalls/linux/189_sys_lsetxattr/sys_lsetxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lsetxattr example 4 | ; 5 | ; set some extended attributes on a soft link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_lsetxattr.o sys_lsetxattr.asm 9 | ; ld sys_lsetxattr.o -o sys_lsetxattr 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 189 ; sys_lsetxattr 29 | mov rdi, filename2 30 | mov rsi, xattrname 31 | mov rdx, xattrvals 32 | mov r10, 26 33 | mov r8, 0 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | mov rdi, 0 38 | syscall 39 | 40 | section .data 41 | filename1 db '/tmp/somethinggood',0 42 | filename2 db '/tmp/somethingelse',0 43 | xattrname db 'security.obscurity',0 ; can't use user. with link(?) 44 | xattrvals db 'abcdefghijklmnopqrstuvwxyz' 45 | -------------------------------------------------------------------------------- /syscalls/linux/190_sys_fsetxattr/sys_fsetxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fsetxattr example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fsetxattr.o sys_fsetxattr.asm 7 | ; ld sys_fsetxattr.o -o sys_fsetxattr 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov rdi, rax 22 | 23 | mov rax, 190 ; sys_fsetxattr 24 | mov rsi, attrname 25 | mov rdx, attrdata 26 | mov r10, 26 27 | mov r8, 0 28 | syscall 29 | 30 | mov rax, 60 ; sys_exit 31 | mov rdi, 0 32 | syscall 33 | 34 | section .data 35 | filename db '/tmp/underover',0 36 | attrname db 'user.someattrs',0 37 | attrdata db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 38 | -------------------------------------------------------------------------------- /syscalls/linux/191_sys_getxattr/sys_getxattr.asm: -------------------------------------------------------------------------------- 1 | ;linuxthor 2 | ; 3 | ; sys_getxattr example 4 | ; 5 | ; get some extended attribute 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_getxattr.o sys_getxattr.asm 9 | ; ld sys_getxattr.o -o sys_getxattr 10 | 11 | BITS 64 12 | 13 | %define XATTR_CREATE 0x1 14 | %define XATTR_REPLACE 0x2 15 | 16 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 17 | 18 | global _start 19 | _start: 20 | mov rax, 2 ; sys_open 21 | mov rdi, filename 22 | mov rsi, O_MODES 23 | mov rdx, 0644o 24 | syscall 25 | 26 | mov rax, 188 ; sys_setxattr 27 | mov rdi, filename 28 | mov rsi, attrname 29 | mov rdx, valueatt 30 | mov r10, 26 31 | mov r8, 0 32 | syscall 33 | 34 | mov rax, 191 ; sys_getxattr 35 | mov rdi, filename 36 | mov rsi, attrname 37 | mov rdx, result 38 | mov r10, 4096 39 | syscall 40 | 41 | mov rax, 60 ; sys_exit 42 | mov rdi, 0 43 | syscall 44 | 45 | section .data 46 | filename db '/tmp/fileybeach',0 47 | attrname db 'user.sandcastle',0 48 | valueatt db 'abcdefghijklmnopqrstuvwxyz' 49 | 50 | section .bss 51 | result resb 4096 52 | -------------------------------------------------------------------------------- /syscalls/linux/192_sys_lgetxattr/sys_lgetxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lgetxattr example 4 | ; 5 | ; get some extended attributes on a soft link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_lgetxattr.o sys_lgetxattr.asm 9 | ; ld sys_lgetxattr.o -o sys_lgetxattr 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 189 ; sys_lsetxattr 29 | mov rdi, filename2 30 | mov rsi, xattrname 31 | mov rdx, xattrvals 32 | mov r10, 26 33 | mov r8, 0 34 | syscall 35 | 36 | mov rax, 192 ; sys_lgetxattr 37 | mov rdi, filename2 38 | mov rsi, xattrname 39 | mov rdx, result 40 | mov r10, 4096 41 | syscall 42 | 43 | mov rax, 60 ; sys_exit 44 | mov rdi, 0 45 | syscall 46 | 47 | section .data 48 | filename1 db '/tmp/somethingmeaty',0 49 | filename2 db '/tmp/somethingsilky',0 50 | xattrname db 'security.obscurity',0 ; can't use user. with link(?) 51 | xattrvals db 'abcdefghijklmnopqrstuvwxyz' 52 | 53 | section .bss 54 | result resb 4096 55 | -------------------------------------------------------------------------------- /syscalls/linux/193_sys_fgetxattr/sys_fgetxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fgetxattr example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fgetxattr.o sys_fgetxattr.asm 7 | ; ld sys_fgetxattr.o -o sys_fgetxattr 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov [fd], rax 22 | 23 | mov rax, 190 ; sys_fsetxattr 24 | mov rdi, [fd] 25 | mov rsi, attrname 26 | mov rdx, attrdata 27 | mov r10, 26 28 | mov r8, 0 29 | syscall 30 | 31 | mov rax, 193 ; sys_fgetxattr 32 | mov rdi, [fd] 33 | mov rsi, attrname 34 | mov rdx, result 35 | mov r10, 4096 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .data 43 | filename db '/tmp/ohohohyes',0 44 | attrname db 'user.easybeefy',0 45 | attrdata db 'ABCDEFGH1JKLMN0PQRSTUVWXYZ' 46 | 47 | section .bss 48 | fd resb 1 49 | result resb 4096 50 | -------------------------------------------------------------------------------- /syscalls/linux/194_sys_listxattr/sys_listxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_listxattr example 4 | ; 5 | ; list extended attributes 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_listxattr.o sys_listxattr.asm 9 | ; ld sys_listxattr.o -o sys_listxattr 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 188 ; sys_setxattr 24 | mov rdi, filename 25 | mov rsi, xattrname 26 | mov rdx, xattrvals 27 | mov r10, 26 28 | mov r8, 0 29 | syscall 30 | 31 | mov rax, 194 ; sys_listxattr 32 | mov rdi, filename 33 | mov rsi, result 34 | mov rdx, 4096 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | mov rdi, 0 39 | syscall 40 | 41 | section .data 42 | filename db '/tmp/somesomesome',0 43 | xattrname db 'user.bumgarden',0 44 | xattrvals db 'abcdefghijklmnopqrstuvwxyz' 45 | 46 | section .bss 47 | result resb 4096 48 | -------------------------------------------------------------------------------- /syscalls/linux/195_sys_llistxattr/sys_llistxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_llistxattr example 4 | ; 5 | ; list some extended attributes on a soft link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_llistxattr.o sys_llistxattr.asm 9 | ; ld sys_llistxattr.o -o sys_llistxattr 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 189 ; sys_lsetxattr 29 | mov rdi, filename2 30 | mov rsi, xattrname 31 | mov rdx, xattrvals 32 | mov r10, 26 33 | mov r8, 0 34 | syscall 35 | 36 | mov rax, 195 ; sys_llistxattr 37 | mov rdi, filename2 38 | mov rsi, result 39 | mov rdx, 4096 40 | syscall 41 | 42 | mov rax, 60 ; sys_exit 43 | mov rdi, 0 44 | syscall 45 | 46 | section .data 47 | filename1 db '/tmp/something1',0 48 | filename2 db '/tmp/something2',0 49 | xattrname db 'security.obscurity',0 ; can't use user. with link(?) 50 | xattrvals db 'abcdefghijklmnopqrstuvwxyz' 51 | 52 | section .bss 53 | result resb 4096 54 | -------------------------------------------------------------------------------- /syscalls/linux/196_sys_flistxattr/sys_flistxattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_flistxattr example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_flistxattr.o sys_flistxattr.asm 7 | ; ld sys_flistxattr.o -o sys_flistxattr 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov [fd], rax 22 | 23 | mov rax, 190 ; sys_fsetxattr 24 | mov rdi, [fd] 25 | mov rsi, attrname 26 | mov rdx, attrdata 27 | mov r10, 26 28 | mov r8, 0 29 | syscall 30 | 31 | mov rax, 196 ; sys_flistxattr 32 | mov rdi, [fd] 33 | mov rsi, result 34 | mov rdx, 4096 35 | syscall 36 | 37 | mov rax, 60 ; sys_exit 38 | mov rdi, 0 39 | syscall 40 | 41 | section .data 42 | filename db '/tmp/undulate',0 43 | attrname db 'user.someunds',0 44 | attrdata db 'ABCDEFGHIJKLMN0PQRSTUVWXYZ' 45 | 46 | section .bss 47 | fd resb 1 48 | result resb 4096 49 | -------------------------------------------------------------------------------- /syscalls/linux/197_sys_removexattr/sys_removexattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_removexattr example 4 | ; 5 | ; remove some extended attribute 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_removexattr.o sys_removexattr.asm 9 | ; ld sys_removexattr.o -o sys_removexattr 10 | 11 | BITS 64 12 | 13 | %define XATTR_CREATE 0x1 14 | %define XATTR_REPLACE 0x2 15 | 16 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 17 | 18 | global _start 19 | _start: 20 | mov rax, 2 ; sys_open 21 | mov rdi, filename 22 | mov rsi, O_MODES 23 | mov rdx, 0644o 24 | syscall 25 | 26 | mov rax, 188 ; sys_setxattr 27 | mov rdi, filename 28 | mov rsi, attrname 29 | mov rdx, valueatt 30 | mov r10, 26 31 | mov r8, 0 32 | syscall 33 | 34 | mov rax, 197 ; sys_removexattr 35 | mov rdi, filename 36 | mov rsi, attrname 37 | syscall 38 | 39 | mov rax, 60 ; sys_exit 40 | mov rdi, 0 41 | syscall 42 | 43 | section .data 44 | filename db '/tmp/somefilez',0 45 | attrname db 'user.somesome1',0 46 | valueatt db 'abcdefghijklmnopqrstuvwxyz' 47 | -------------------------------------------------------------------------------- /syscalls/linux/198_sys_lremovexattr/sys_lremovexattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_lremovexattr example 4 | ; 5 | ; remove some extended attributes on a soft link 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_lremovexattr.o sys_lremovexattr.asm 9 | ; ld sys_removexattr.o -o sys_lremovexattr 10 | 11 | BITS 64 12 | 13 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 14 | 15 | global _start 16 | _start: 17 | mov rax, 2 ; sys_open 18 | mov rdi, filename1 19 | mov rsi, O_MODES 20 | mov rdx, 0644o 21 | syscall 22 | 23 | mov rax, 88 ; sys_symlink 24 | mov rdi, filename1 25 | mov rsi, filename2 26 | syscall 27 | 28 | mov rax, 189 ; sys_lsetxattr 29 | mov rdi, filename2 30 | mov rsi, xattrname 31 | mov rdx, xattrvals 32 | mov r10, 26 33 | mov r8, 0 34 | syscall 35 | 36 | mov rax, 198 ; sys_lremovexattr 37 | mov rdi, filename2 38 | mov rsi, xattrname 39 | syscall 40 | 41 | mov rax, 60 ; sys_exit 42 | mov rdi, 0 43 | syscall 44 | 45 | section .data 46 | filename1 db '/tmp/somethingfood',0 47 | filename2 db '/tmp/somethingdead',0 48 | xattrname db 'security.obscurity',0 ; can't use user. with link(?) 49 | xattrvals db 'abcdefghijklmnopqrstuvwxyz' 50 | -------------------------------------------------------------------------------- /syscalls/linux/199_sys_fremovexattr/sys_fremovexattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fremovexattr example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_fremovexattr.o sys_fremovexattr.asm 7 | ; ld sys_fremovexattr.o -o sys_fremovexattr 8 | 9 | BITS 64 10 | 11 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 12 | 13 | global _start 14 | _start: 15 | mov rax, 2 ; sys_open 16 | mov rdi, filename 17 | mov rsi, O_MODES 18 | mov rdx, 0644o 19 | syscall 20 | 21 | mov [fd], rax 22 | 23 | mov rax, 190 ; sys_fsetxattr 24 | mov rdi, [fd] 25 | mov rsi, attrname 26 | mov rdx, attrdata 27 | mov r10, 26 28 | mov r8, 0 29 | syscall 30 | 31 | mov rax, 199 ; sys_fremovexattr 32 | mov rdi, [fd] 33 | mov rsi, attrname 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | mov rdi, 0 38 | syscall 39 | 40 | section .data 41 | filename db '/tmp/mmmmmbeef',0 42 | attrname db 'user.beefyface',0 43 | attrdata db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 44 | 45 | section .bss 46 | fd resb 1 47 | -------------------------------------------------------------------------------- /syscalls/linux/200_sys_tkill/sys_tkill.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_tkill example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_tkill.o sys_tkill.asm 7 | ; ld sys_tkill.o -o sys_tkill 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 200 ; sys_tkill 14 | mov rdi, 1234 15 | mov rsi, 9 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | -------------------------------------------------------------------------------- /syscalls/linux/201_sys_time/sys_time.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_time example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_time.o sys_time.asm 7 | ; ld sys_time.o -o sys_time 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 201 ; sys_time 15 | mov rdi, time ; if argument is non 16 | syscall ; null it's stored there 17 | ; and is also the 18 | mov rdi, rax ; return value 19 | 20 | mov rax, 60 ; sys_exit 21 | syscall 22 | 23 | section .bss 24 | time resq 1 25 | -------------------------------------------------------------------------------- /syscalls/linux/202_sys_futex/sys_futex.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_futex example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_futex.o sys_futex.asm 7 | ; ld sys_futex.o -o sys_futex 8 | 9 | BITS 64 10 | 11 | %define FUTEX_WAIT 0 12 | %define FUTEX_WAKE 1 13 | %define FUTEX_FD 2 14 | %define FUTEX_REQUEUE 3 15 | %define FUTEX_CMP_REQUEUE 4 16 | %define FUTEX_WAKE_OP 5 17 | %define FUTEX_LOCK_PI 6 18 | %define FUTEX_UNLOCK_PI 7 19 | %define FUTEX_TRYLOCK_PI 8 20 | %define FUTEX_WAIT_BITSET 9 21 | %define FUTEX_WAKE_BITSET 10 22 | %define FUTEX_WAIT_REQUEUE_PI 11 23 | %define FUTEX_CMP_REQUEUE_PI 12 24 | 25 | %define FUTEX_PRIVATE_FLAG 128 26 | %define FUTEX_CLOCK_REALTIME 256 27 | %define FUTEX_CMD_MASK ~(FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME) 28 | 29 | %define FUTEX_WAIT_PRIVATE (FUTEX_WAIT | FUTEX_PRIVATE_FLAG) 30 | %define FUTEX_WAKE_PRIVATE (FUTEX_WAKE | FUTEX_PRIVATE_FLAG) 31 | %define FUTEX_REQUEUE_PRIVATE (FUTEX_REQUEUE | FUTEX_PRIVATE_FLAG) 32 | %define FUTEX_CMP_REQUEUE_PRIVATE (FUTEX_CMP_REQUEUE | FUTEX_PRIVATE_FLAG) 33 | %define FUTEX_WAKE_OP_PRIVATE (FUTEX_WAKE_OP | FUTEX_PRIVATE_FLAG) 34 | %define FUTEX_LOCK_PI_PRIVATE (FUTEX_LOCK_PI | FUTEX_PRIVATE_FLAG) 35 | %define FUTEX_UNLOCK_PI_PRIVATE (FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG) 36 | %define FUTEX_TRYLOCK_PI_PRIVATE (FUTEX_TRYLOCK_PI | FUTEX_PRIVATE_FLAG) 37 | %define FUTEX_WAIT_BITSET_PRIVATE (FUTEX_WAIT_BITSET | FUTEX_PRIVATE_FLAG) 38 | %define FUTEX_WAKE_BITSET_PRIVATE (FUTEX_WAKE_BITSET | FUTEX_PRIVATE_FLAG) 39 | %define FUTEX_WAIT_REQUEUE_PI_PRIVATE (FUTEX_WAIT_REQUEUE_PI | \ 40 | FUTEX_PRIVATE_FLAG) 41 | %define FUTEX_CMP_REQUEUE_PI_PRIVATE (FUTEX_CMP_REQUEUE_PI | \ 42 | FUTEX_PRIVATE_FLAG) 43 | 44 | global _start 45 | _start: 46 | mov rax, 202 ; sys_futex 47 | mov rdi, futex 48 | mov rsi, FUTEX_WAKE 49 | mov rdx, 1 50 | syscall 51 | 52 | mov rax, 60 ; sys_exit 53 | mov rdi, 0 54 | syscall 55 | 56 | section .bss 57 | futex resd 1 58 | 59 | -------------------------------------------------------------------------------- /syscalls/linux/203_sys_sched_setaffinity/sys_sched_setaffinity.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_setaffinity example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_setaffinity.o sys_sched_setaffinity.asm 7 | ; ld sys_sched_setaffinity.o -o sys_sched_setaffinity 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov qword [cpu_set_t], 1 14 | 15 | mov rax, 203 ; sys_sched_getaffinity 16 | mov rdi, 0 ; some pid or 0 for calling thread 17 | mov rsi, 1 18 | mov rdx, cpu_set_t 19 | syscall 20 | 21 | mov rdi, rax 22 | 23 | mov rax, 60 ; sys_exit 24 | syscall 25 | 26 | section .bss 27 | cpu_set_t resb 128 28 | -------------------------------------------------------------------------------- /syscalls/linux/204_sys_sched_getaffinity/sys_sched_getaffinity.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sched_getaffinity example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_sched_getaffinity.o sys_sched_getaffinity.asm 7 | ; ld sys_sched_getaffinity.o -o sys_sched_getaffinity 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 204 ; sys_sched_getaffinity 14 | mov rdi, 0 ; some pid or 0 for calling thread 15 | mov rsi, 128 16 | mov rdx, cpu_set_t 17 | syscall 18 | 19 | mov rdi, rax 20 | 21 | mov rax, 60 ; sys_exit 22 | syscall 23 | 24 | section .bss 25 | cpu_set_t resb 128 26 | -------------------------------------------------------------------------------- /syscalls/linux/213_sys_epoll_create/sys_epoll_create.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_epoll_create example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_epoll_create.o sys_epoll_create.asm 7 | ; ld sys_epoll_create.o -o sys_epoll_create 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 213 ; sys_epoll_create 14 | mov rdi, 101 ; size (ignored-ish - cannot be 0) 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/217_sys_getdents64/sys_getdents64.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getdents64 example 4 | ; 5 | ; fills a buffer with a number of the struct linux_dirent64.. 6 | ; 7 | ; struct linux_dirent64 { 8 | ; ino64_t d_ino; /* 64-bit inode number */ 9 | ; off64_t d_off; /* 64-bit offset to next structure */ 10 | ; unsigned short d_reclen; /* Size of this dirent */ 11 | ; unsigned char d_type; /* File type */ 12 | ; char d_name[]; /* Filename (null-terminated) */ 13 | ; }; 14 | ; 15 | ; assemble with: 16 | ; nasm -f elf64 -o sys_getdents64.o sys_getdents64.asm 17 | ; ld sys_getdents64.o -o sys_getdents64 18 | 19 | BITS 64 20 | 21 | ; sys_open 22 | %define O_RDONLY 0 23 | 24 | global _start 25 | _start: 26 | mov rax, 2 ; sys_open 27 | mov rdi, dir 28 | mov rsi, O_RDONLY 29 | syscall 30 | 31 | mov rdi, rax 32 | 33 | mov rax, 217 ; sys_getdents64 34 | mov rsi, dirents 35 | mov rdx, 4096 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .data 43 | dir db '/usr/bin',0 44 | 45 | section .bss 46 | dirents resb 4096 47 | -------------------------------------------------------------------------------- /syscalls/linux/219_sys_restart_syscall/sys_restart_syscall.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_restart_syscall example 4 | ; 5 | ; see notes in manpage about (not) calling this 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_restart_syscall.o sys_restart_syscall.asm 9 | ; ld sys_restart_syscall.o -o sys_restart_syscall 10 | 11 | BITS 64 12 | 13 | global _start 14 | _start: 15 | mov rax, 219 ; sys_restart_syscall 16 | syscall 17 | 18 | mov rax, 60 ; sys_exit 19 | mov rdi, 0 20 | syscall 21 | 22 | -------------------------------------------------------------------------------- /syscalls/linux/222_sys_timer_create/sys_timer_create.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timer_create example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timer_create.o sys_timer_create.asm 7 | ; ld sys_timer_create.o -o sys_timer_create 8 | 9 | BITS 64 10 | 11 | struc sigevent 12 | .sigev_value resq 1 13 | .sigev_signo resd 1 14 | .sigev_notif resd 1 15 | .sigev_un resb 48 16 | endstruc 17 | 18 | %define CLOCK_REALTIME 0 19 | %define CLOCK_MONOTONIC 1 20 | %define CLOCK_PROCESS_CPUTIME_ID 2 21 | %define CLOCK_THREAD_CPUTIME_ID 3 22 | %define CLOCK_MONOTONIC_RAW 4 23 | %define CLOCK_REALTIME_COARSE 5 24 | %define CLOCK_MONOTONIC_COARSE 6 25 | %define CLOCK_BOOTTIME 7 26 | %define CLOCK_REALTIME_ALARM 8 27 | %define CLOCK_BOOTTIME_ALARM 9 28 | 29 | %define SIGEV_NONE 1 30 | %define SIGEV_SIGNAL 2 31 | %define SIGEV_THREAD 3 32 | 33 | global _start 34 | _start: 35 | mov dword [sigev + sigevent.sigev_notif], SIGEV_NONE 36 | 37 | mov rax, 222 ; sys_timer_create 38 | mov rdi, CLOCK_MONOTONIC 39 | mov rsi, sigev 40 | mov rdx, tval 41 | syscall 42 | 43 | mov rax, 60 ; sys_exit 44 | mov rdi, [tval] 45 | syscall 46 | 47 | section .bss 48 | sigev resb sigevent_size 49 | tval resq 1 50 | -------------------------------------------------------------------------------- /syscalls/linux/223_sys_timer_settime/sys_timer_settime.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timer_settime example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timer_settime.o sys_timer_settime.asm 7 | ; ld sys_timer_settime.o -o sys_timer_settime 8 | 9 | BITS 64 10 | 11 | struc sigevent 12 | .sigev_value resq 1 13 | .sigev_signo resd 1 14 | .sigev_notif resd 1 15 | .sigev_un resb 48 16 | endstruc 17 | 18 | struc itimerspec 19 | .it_intvl_sec resq 1 ; <------- interval 20 | .it_intvl_nsec resq 1 ; <---' 21 | .it_value_sec resq 1 ; <------- initial expiration 22 | .it_value_nsec resq 1 ; <---' 23 | endstruc 24 | 25 | ; sys_timer_create 26 | %define CLOCK_MONOTONIC 1 27 | %define SIGEV_NONE 1 28 | 29 | %define TIMER_ABSTIME 1 30 | 31 | global _start 32 | _start: 33 | mov dword [sigev + sigevent.sigev_notif], SIGEV_NONE 34 | mov qword [itims + itimerspec.it_intvl_sec], 1 35 | mov qword [itims + itimerspec.it_intvl_nsec], 80 36 | mov qword [itims + itimerspec.it_value_sec], 3 37 | mov qword [itims + itimerspec.it_value_nsec], 60 38 | 39 | mov rax, 222 ; sys_timer_create 40 | mov rdi, CLOCK_MONOTONIC 41 | mov rsi, sigev 42 | mov rdx, tval 43 | syscall 44 | 45 | mov rdi, rax 46 | 47 | mov rax, 223 ; sys_timer_settime 48 | mov rsi, TIMER_ABSTIME 49 | mov rdx, itims 50 | mov r10, 0 51 | syscall 52 | 53 | mov rax, 60 ; sys_exit 54 | mov rdi, [tval] 55 | syscall 56 | 57 | section .bss 58 | sigev resb sigevent_size 59 | itims resb itimerspec_size 60 | tval resq 1 61 | 62 | -------------------------------------------------------------------------------- /syscalls/linux/224_sys_timer_gettime/sys_timer_gettime.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timer_gettime example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timer_gettime.o sys_timer_gettime.asm 7 | ; ld sys_timer_gettime.o -o sys_timer_gettime 8 | 9 | BITS 64 10 | 11 | struc sigevent 12 | .sigev_value resq 1 13 | .sigev_signo resd 1 14 | .sigev_notif resd 1 15 | .sigev_un resb 48 16 | endstruc 17 | 18 | struc itimerspec 19 | .it_intvl_sec resq 1 ; <------- interval 20 | .it_intvl_nsec resq 1 ; <---' 21 | .it_value_sec resq 1 ; <------- initial expiration 22 | .it_value_nsec resq 1 ; <---' 23 | endstruc 24 | 25 | ; sys_timer_create 26 | %define CLOCK_MONOTONIC 1 27 | %define SIGEV_NONE 1 28 | 29 | ; sys_timer_settime 30 | %define TIMER_ABSTIME 1 31 | 32 | global _start 33 | _start: 34 | mov dword [sigev + sigevent.sigev_notif], SIGEV_NONE 35 | mov qword [itims + itimerspec.it_intvl_sec], 1 36 | mov qword [itims + itimerspec.it_intvl_nsec], 80 37 | mov qword [itims + itimerspec.it_value_sec], 3 38 | mov qword [itims + itimerspec.it_value_nsec], 60 39 | 40 | mov rax, 222 ; sys_timer_create 41 | mov rdi, CLOCK_MONOTONIC 42 | mov rsi, sigev 43 | mov rdx, tval 44 | syscall 45 | 46 | mov [td], rax 47 | 48 | mov rax, 223 ; sys_timer_settime 49 | mov rsi, TIMER_ABSTIME 50 | mov rdi, [td] 51 | mov rdx, itims 52 | mov r10, 0 53 | syscall 54 | 55 | mov rax, 224 ; sys_timer_gettime 56 | mov rdi, [td] 57 | mov rsi, xtims 58 | syscall 59 | 60 | mov rax, 60 ; sys_exit 61 | mov rdi, [tval] 62 | syscall 63 | 64 | section .bss 65 | sigev resb sigevent_size 66 | itims resb itimerspec_size 67 | xtims resb itimerspec_size 68 | tval resq 1 69 | td resq 1 70 | -------------------------------------------------------------------------------- /syscalls/linux/225_sys_timer_getoverrun/sys_timer_getoverrun.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timer_getoverrun example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timer_getoverrun.o sys_timer_getoverrun.asm 7 | ; ld sys_timer_getoverrun.o -o sys_timer_getoverrun 8 | 9 | BITS 64 10 | 11 | struc sigevent 12 | .sigev_value resq 1 13 | .sigev_signo resd 1 14 | .sigev_notif resd 1 15 | .sigev_un resb 48 16 | endstruc 17 | 18 | struc itimerspec 19 | .it_intvl_sec resq 1 ; <------- interval 20 | .it_intvl_nsec resq 1 ; <---' 21 | .it_value_sec resq 1 ; <------- initial expiration 22 | .it_value_nsec resq 1 ; <---' 23 | endstruc 24 | 25 | ; sys_timer_create 26 | %define CLOCK_MONOTONIC 1 27 | %define SIGEV_NONE 1 28 | 29 | ; sys_timer_settime 30 | %define TIMER_ABSTIME 1 31 | 32 | global _start 33 | _start: 34 | mov dword [sigev + sigevent.sigev_notif], SIGEV_NONE 35 | mov qword [itims + itimerspec.it_intvl_sec], 1 36 | mov qword [itims + itimerspec.it_intvl_nsec], 80 37 | mov qword [itims + itimerspec.it_value_sec], 3 38 | mov qword [itims + itimerspec.it_value_nsec], 60 39 | 40 | mov rax, 222 ; sys_timer_create 41 | mov rdi, CLOCK_MONOTONIC 42 | mov rsi, sigev 43 | mov rdx, tval 44 | syscall 45 | 46 | mov [td], rax 47 | 48 | mov rax, 223 ; sys_timer_settime 49 | mov rsi, TIMER_ABSTIME 50 | mov rdi, [td] 51 | mov rdx, itims 52 | mov r10, 0 53 | syscall 54 | 55 | mov rax, 224 ; sys_timer_gettime 56 | mov rdi, [td] 57 | mov rsi, xtims 58 | syscall 59 | 60 | mov rax, 225 ; sys_timer_getoverrun 61 | mov rdi, [td] 62 | syscall 63 | 64 | mov rax, 60 ; sys_exit 65 | mov rdi, [tval] 66 | syscall 67 | 68 | section .bss 69 | sigev resb sigevent_size 70 | itims resb itimerspec_size 71 | xtims resb itimerspec_size 72 | tval resq 1 73 | td resq 1 74 | -------------------------------------------------------------------------------- /syscalls/linux/226_sys_timer_delete/sys_timer_delete.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timer_delete example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timer_delete.o sys_timer_delete.asm 7 | ; ld sys_timer_delete.o -o sys_timer_delete 8 | 9 | BITS 64 10 | 11 | struc sigevent 12 | .sigev_value resq 1 13 | .sigev_signo resd 1 14 | .sigev_notif resd 1 15 | .sigev_un resb 48 16 | endstruc 17 | 18 | ; sys_timer_create 19 | %define CLOCK_MONOTONIC 1 20 | %define SIGEV_NONE 1 21 | 22 | global _start 23 | _start: 24 | mov dword [sigev + sigevent.sigev_notif], SIGEV_NONE 25 | 26 | mov rax, 222 ; sys_timer_create 27 | mov rdi, CLOCK_MONOTONIC 28 | mov rsi, sigev 29 | mov rdx, tval 30 | syscall 31 | 32 | mov rax, 226 ; sys_timer_delete 33 | mov rdi, [tval] 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | mov rdi, [tval] 38 | syscall 39 | 40 | section .bss 41 | sigev resb sigevent_size 42 | tval resq 1 43 | -------------------------------------------------------------------------------- /syscalls/linux/231_sys_exit_group/sys_exit_group.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_exit_group example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_exit_group.o sys_exit_group.asm 7 | ; ld sys_exit_group.o -o sys_exit_group 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | 14 | mov rax, 231 ; sys_exit_group 15 | mov rdi, 666 16 | syscall 17 | -------------------------------------------------------------------------------- /syscalls/linux/233_sys_epoll_ctl/sys_epoll_ctl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_epoll_ctl example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_epoll_ctl.o sys_epoll_ctl.asm 7 | ; ld sys_epoll_ctl.o -o sys_epoll_ctl 8 | 9 | BITS 64 10 | 11 | struc epoll_event 12 | .events resd 1 13 | .data resd 3 14 | endstruc 15 | 16 | %define EPOLL_CTL_ADD 1 17 | %define EPOLL_CTL_DEL 2 18 | %define EPOLL_CTL_MOD 3 19 | 20 | %define EPOLLIN 0x001 21 | %define EPOLLPRI 0x002 22 | %define EPOLLOUT 0x004 23 | 24 | global _start 25 | _start: 26 | mov rax, 213 ; sys_epoll_create 27 | syscall 28 | 29 | mov rdi, rax 30 | 31 | mov rax, 233 ; sys_epoll_ctl 32 | mov rsi, EPOLL_CTL_ADD 33 | mov rdx, 0 34 | mov dword [epollevt + epoll_event.events], EPOLLIN 35 | mov r10, epollevt 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .bss 43 | epollevt resb epoll_event_size 44 | -------------------------------------------------------------------------------- /syscalls/linux/234_sys_tgkill/sys_tgkill.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_tgkill example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_tgkill.o sys_tgkill.asm 7 | ; ld sys_tgkill.o -o sys_tgkill 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 200 ; sys_tkill 14 | mov rdi, 1234 15 | mov rsi, 1 16 | mov rdx, 9 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, 0 21 | syscall 22 | -------------------------------------------------------------------------------- /syscalls/linux/235_sys_utimes/sys_utimes.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_utimes example 4 | ; 5 | ; set to some values or null for current time 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_utimes.o sys_utimes.asm 9 | ; ld sys_utimes.o -o sys_utimes 10 | 11 | BITS 64 12 | 13 | struc utimes 14 | .tv_sec0 resd 1 ; access time 15 | .tv_usec0 resd 1 ; <---' 16 | .tv_sec1 resd 1 ; modification time 17 | .tv_usec1 resd 1 ; <---' 18 | endstruc 19 | 20 | ; sys_open 21 | %define O_MODES 0x42 22 | 23 | global _start 24 | _start: 25 | mov rax, 2 ; sys_open 26 | mov rdi, filename 27 | mov rsi, O_MODES 28 | mov rdx, 0666o 29 | syscall 30 | 31 | mov rax, 235 ; sys_utimes 32 | mov rdi, filename 33 | mov rsi, utims 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | mov rdi, 0 38 | syscall 39 | 40 | section .data 41 | filename db '/tmp/timesr',0 42 | 43 | section .bss 44 | utims resb utimes_size 45 | 46 | -------------------------------------------------------------------------------- /syscalls/linux/239_sys_getmempolicy/sys_getmempolicy.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getmempolicy example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getmempolicy.o sys_getmempolicy.asm 7 | ; ld sys_getmempolicy.o -o sys_getmempolicy 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 239 ; sys_getmempolicy 14 | mov rdi, mode 15 | mov rsi, nmask 16 | mov rdx, 1 ; rounded to sizeof(unsigned long)*8 17 | mov r10, 0 18 | mov r8, 0 19 | syscall 20 | 21 | mov rax, 60 ; sys_exit 22 | mov rdi, 0 23 | syscall 24 | 25 | section .bss 26 | mode resd 1 27 | nmask resq 1 28 | -------------------------------------------------------------------------------- /syscalls/linux/240_sys_mq_open/sys_mq_open.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mq_open example 4 | ; 5 | ; open (and maybe create) a new POSIX mq 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mq_open.o sys_mq_open.asm 9 | ; ld sys_mq_open.o -o sys_mq_open 10 | 11 | BITS 64 12 | 13 | struc mq_attr 14 | .mq_flags resq 1 15 | .mq_maxmsg resq 1 16 | .mq_msgsize resq 1 17 | .mq_curmsgs resq 1 18 | .mq_reserve resq 4 19 | endstruc 20 | 21 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 22 | 23 | global _start 24 | _start: 25 | mov rax, 240 ; sys_mq_open 26 | mov rdi, filename 27 | mov rsi, O_FLAGS 28 | mov rdx, 0644o 29 | mov qword [mqstruct + mq_attr.mq_maxmsg], 10 30 | mov qword [mqstruct + mq_attr.mq_msgsize], 4096 31 | mov r10, mqstruct ; other fields ignored 32 | syscall ; for mq_open 33 | 34 | mov rax, 60 ; sys_exit 35 | mov rdi, 0 36 | syscall 37 | 38 | section .data 39 | filename db 'something',0 40 | 41 | section .bss 42 | mqstruct resd mq_attr_size 43 | -------------------------------------------------------------------------------- /syscalls/linux/241_sys_mq_unlink/sys_mq_unlink.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mq_unlink example 4 | ; 5 | ; unlink a POSIX mq 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mq_unlink.o sys_mq_unlink.asm 9 | ; ld sys_mq_unlink.o -o sys_mq_unlink 10 | 11 | BITS 64 12 | 13 | struc mq_attr 14 | .mq_flags resq 1 15 | .mq_maxmsg resq 1 16 | .mq_msgsize resq 1 17 | .mq_curmsgs resq 1 18 | .mq_reserve resq 4 19 | endstruc 20 | 21 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 22 | 23 | global _start 24 | _start: 25 | mov rax, 240 ; sys_mq_open 26 | mov rdi, filename 27 | mov rsi, O_FLAGS 28 | mov rdx, 0644o 29 | mov qword [mqstruct + mq_attr.mq_maxmsg], 10 30 | mov qword [mqstruct + mq_attr.mq_msgsize], 4096 31 | mov r10, mqstruct ; other fields ignored 32 | syscall ; for mq_open 33 | 34 | mov rax, 241 ; sys_mq_unlink 35 | mov rdi, filename 36 | syscall 37 | 38 | mov rax, 60 ; sys_exit 39 | mov rdi, 0 40 | syscall 41 | 42 | section .data 43 | filename db 'someposixmq',0 44 | 45 | section .bss 46 | mqstruct resd mq_attr_size 47 | -------------------------------------------------------------------------------- /syscalls/linux/242_sys_mq_timedsend/sys_mq_timedsend.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mq_timedsend example 4 | ; 5 | ; send a message on a POSIX mq 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mq_timedsend.o sys_mq_timedsend.asm 9 | ; ld sys_mq_timedsend.o -o sys_mq_timedsend 10 | 11 | BITS 64 12 | 13 | struc mq_attr 14 | .mq_flags resq 1 15 | .mq_maxmsg resq 1 16 | .mq_msgsize resq 1 17 | .mq_curmsgs resq 1 18 | .mq_reserve resq 4 19 | endstruc 20 | 21 | struc timespec 22 | .tv_sec resq 1 23 | .tv_nsec resq 1 24 | endstruc 25 | 26 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 27 | 28 | global _start 29 | _start: 30 | mov rax, 240 ; sys_mq_open 31 | mov rdi, filename 32 | mov rsi, O_FLAGS 33 | mov rdx, 0644o 34 | mov qword [mqstruct + mq_attr.mq_maxmsg], 10 35 | mov qword [mqstruct + mq_attr.mq_msgsize], 4096 36 | mov r10, mqstruct ; other fields ignored 37 | syscall ; for mq_open 38 | 39 | mov rdi, rax ; mqd_t handle 40 | 41 | ; A timeout can be set on messages.. 42 | mov qword [tsstruct + timespec.tv_sec], 10 43 | mov qword [tsstruct + timespec.tv_nsec], 100 44 | 45 | mov rax, 242 ; sys_mq_timedsend 46 | mov rsi, msg ; message text 47 | mov rdx, 26 ; message length 48 | mov r10, 1 ; message priority 49 | mov r8, tsstruct 50 | syscall 51 | 52 | mov rax, 241 ; sys_mq_unlink 53 | mov rdi, filename 54 | syscall 55 | 56 | mov rax, 60 ; sys_exit 57 | mov rdi, 0 58 | syscall 59 | 60 | section .data 61 | filename db 'testposixmq',0 62 | msg db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 63 | 64 | section .bss 65 | mqstruct resd mq_attr_size 66 | tsstruct resd timespec_size 67 | -------------------------------------------------------------------------------- /syscalls/linux/243_sys_mq_timedreceive/sys_mq_timedreceive.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mq_timedreceive example 4 | ; 5 | ; receive a message on a POSIX mq 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_mq_timedreceive.o sys_mq_timedreceive.asm 9 | ; ld sys_mq_timedreceive.o -o sys_mq_timedreceive 10 | 11 | BITS 64 12 | 13 | struc mq_attr 14 | .mq_flags resq 1 15 | .mq_maxmsg resq 1 16 | .mq_msgsize resq 1 17 | .mq_curmsgs resq 1 18 | .mq_reserve resq 4 19 | endstruc 20 | 21 | struc timespec 22 | .tv_sec resq 1 23 | .tv_nsec resq 1 24 | endstruc 25 | 26 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 27 | 28 | global _start 29 | _start: 30 | mov rax, 240 ; sys_mq_open 31 | mov rdi, filename 32 | mov rsi, O_FLAGS 33 | mov rdx, 0644o 34 | mov qword [mqstruct + mq_attr.mq_maxmsg], 10 35 | mov qword [mqstruct + mq_attr.mq_msgsize], 4096 36 | mov r10, mqstruct 37 | syscall 38 | 39 | mov [mqd_t], rax ; mqd_t handle 40 | 41 | mov rax, 242 ; sys_mq_timedsend 42 | mov rdi, [mqd_t] 43 | mov rsi, msg ; message text 44 | mov rdx, 26 ; message length 45 | mov r10, 0 46 | mov r8, tsstruct 47 | syscall 48 | 49 | mov rax, 243 ; sys_mq_timedreceive 50 | mov rdi, [mqd_t] 51 | mov rsi, data ; buffer 52 | mov rdx, 4096 ; buffer size 53 | mov r10, 0 54 | mov r8, tsstruct 55 | syscall 56 | 57 | mov rax, 241 ; sys_mq_unlink 58 | mov rdi, filename 59 | syscall 60 | 61 | mov rax, 60 ; sys_exit 62 | mov rdi, 0 63 | syscall 64 | 65 | section .data 66 | filename db 'testposixmq',0 67 | msg db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 68 | 69 | section .bss 70 | mqd_t resb 1 71 | data resb 4096 72 | mqstruct resd mq_attr_size 73 | tsstruct resd timespec_size 74 | -------------------------------------------------------------------------------- /syscalls/linux/245_sys_mq_getsetattr/sys_mq_getsetattr.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_mq_getsetattr example 4 | ; 5 | ; a spooky syscall with dire warnings against using it 6 | ; in the manpage! 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_mq_getsetattr.o sys_mq_getsetattr.asm 10 | ; ld sys_mq_getsetattr.o -o sys_mq_getsetattr 11 | 12 | BITS 64 13 | 14 | struc mq_attr 15 | .mq_flags resq 1 16 | .mq_maxmsg resq 1 17 | .mq_msgsize resq 1 18 | .mq_curmsgs resq 1 19 | .mq_reserve resq 4 20 | endstruc 21 | 22 | %define O_FLAGS 0x42 ; O_RDWR|O_CREAT 23 | 24 | global _start 25 | _start: 26 | mov rax, 240 ; sys_mq_open 27 | mov rdi, filename 28 | mov rsi, O_FLAGS 29 | mov rdx, 0644o 30 | mov qword [mqstruct + mq_attr.mq_maxmsg], 10 31 | mov qword [mqstruct + mq_attr.mq_msgsize], 4096 32 | mov r10, mqstruct 33 | syscall 34 | 35 | mov rdi, rax 36 | 37 | mov rax, 245 ; sys_mq_getsetattr 38 | mov qword [otstruct + mq_attr.mq_maxmsg], 20 39 | mov qword [otstruct + mq_attr.mq_msgsize], 2048 40 | mov rsi, otstruct 41 | mov rdx, mqstruct ; ??? 42 | syscall 43 | 44 | mov rax, 60 ; sys_exit 45 | mov rdi, 0 46 | syscall 47 | 48 | section .data 49 | filename db 'somemq',0 50 | 51 | section .bss 52 | mqstruct resd mq_attr_size 53 | otstruct resd mq_attr_size 54 | -------------------------------------------------------------------------------- /syscalls/linux/248_sys_add_key/sys_add_key.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_add_key example 4 | ; 5 | ; add keyrings or keys to the kernel key management facility 6 | ; 7 | ; assemble with: 8 | ; nasm -f elf64 -o sys_add_key.o sys_add_key.asm 9 | ; ld sys_add_key.o -o sys_add_key 10 | 11 | BITS 64 12 | 13 | %define KEY_SPEC_THREAD_KEYRING -1 14 | %define KEY_SPEC_PROCESS_KEYRING -2 15 | %define KEY_SPEC_SESSION_KEYRING -3 16 | %define KEY_SPEC_USER_KEYRING -4 17 | %define KEY_SPEC_USER_SESSION_KEYRING -5 18 | %define KEY_SPEC_GROUP_KEYRING -6 19 | %define KEY_SPEC_REQKEY_AUTH_KEY -7 20 | %define KEY_SPEC_REQUESTOR_KEYRING -8 21 | 22 | global _start 23 | _start: 24 | mov rax, 248 ; sys_add_key 25 | mov rdi, usr 26 | mov rsi, desc 27 | mov rdx, val 28 | mov r10, len 29 | mov r8, KEY_SPEC_PROCESS_KEYRING 30 | syscall 31 | 32 | mov rdi, rax 33 | 34 | mov rax, 60 ; sys_exit 35 | syscall 36 | 37 | section .data 38 | usr db 'user',0 39 | desc db 'a description',0 40 | val db 'the payload is this - some data',0 41 | len equ $-val 42 | 43 | -------------------------------------------------------------------------------- /syscalls/linux/253_sys_inotify_init/sys_inotify_init.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_inotify_init example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_inotify_init.o sys_inotify_init.asm 7 | ; ld sys_inotify_init.o -o sys_inotify_init 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 253 ; sys_inotify_init 14 | syscall 15 | 16 | mov rax, 60 ; sys_exit 17 | mov rdi, 0 18 | syscall 19 | -------------------------------------------------------------------------------- /syscalls/linux/254_sys_inotify_add_watch/sys_inotify_add_watch.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_inotify_add_watch example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_inotify_add_watch.o sys_inotify_add_watch.asm 7 | ; ld sys_inotify_add_watch.o -o sys_inotify_add_watch 8 | 9 | BITS 64 10 | 11 | %define IN_ACCESS 0x00000001 12 | %define IN_MODIFY 0x00000002 13 | %define IN_ATTRIB 0x00000004 14 | %define IN_CLOSE_WRITE 0x00000008 15 | %define IN_CLOSE_NOWRITE 0x00000010 16 | %define IN_OPEN 0x00000020 17 | %define IN_MOVED_FROM 0x00000040 18 | %define IN_MOVED_TO 0x00000080 19 | %define IN_CREATE 0x00000100 20 | %define IN_DELETE 0x00000200 21 | %define IN_DELETE_SELF 0x00000400 22 | %define IN_MOVE_SELF 0x00000800 23 | 24 | %define IN_CLOSE (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE) 25 | %define IN_MOVE (IN_MOVED_FROM | IN_MOVED_TO) 26 | 27 | %define IN_ONLYDIR 0x01000000 28 | %define IN_DONT_FOLLOW 0x02000000 29 | %define IN_EXCL_UNLINK 0x04000000 30 | %define IN_MASK_CREATE 0x10000000 31 | %define IN_MASK_ADD 0x20000000 32 | %define IN_ISDIR 0x40000000 33 | %define IN_ONESHOT 0x80000000 34 | 35 | global _start 36 | _start: 37 | mov rax, 253 ; sys_inotify_init 38 | syscall 39 | 40 | mov rdi, rax 41 | 42 | mov rax, 254 ; sys_inotify_add_watch 43 | mov rsi, pathname 44 | mov rdx, (IN_OPEN|IN_CLOSE) 45 | syscall 46 | 47 | mov rax, 60 ; sys_exit 48 | mov rdi, 0 49 | syscall 50 | 51 | section .data 52 | pathname db '/etc/issue',0 53 | 54 | -------------------------------------------------------------------------------- /syscalls/linux/255_sys_inotify_rm_watch/sys_inotify_rm_watch.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_inotify_rm_watch example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_inotify_rm_watch.o sys_inotify_rm_watch.asm 7 | ; ld sys_inotify_rm_watch.o -o sys_inotify_rm_watch 8 | 9 | BITS 64 10 | 11 | ; sys_inotify_add_watch 12 | %define IN_CLOSE_WRITE 0x00000008 13 | %define IN_CLOSE_NOWRITE 0x00000010 14 | %define IN_OPEN 0x00000020 15 | %define IN_CLOSE (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE) 16 | 17 | global _start 18 | _start: 19 | mov rax, 253 ; sys_inotify_init 20 | syscall 21 | 22 | mov [wd], rax 23 | 24 | mov rax, 254 ; sys_inotify_add_watch 25 | mov rdi, [wd] 26 | mov rsi, pathname 27 | mov rdx, (IN_OPEN|IN_CLOSE) 28 | syscall 29 | 30 | mov rsi, rax 31 | 32 | mov rax, 255 ; sys_inotify_rm_watch 33 | mov rdi, [wd] 34 | syscall 35 | 36 | mov rax, 60 ; sys_exit 37 | mov rdi, 0 38 | syscall 39 | 40 | section .data 41 | pathname db '/etc/issue',0 42 | 43 | section .bss 44 | wd resq 1 45 | -------------------------------------------------------------------------------- /syscalls/linux/272_sys_unshare/sys_unshare.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_unshare example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_unshare.o sys_unshare.asm 7 | ; ld sys_unshare.o -o sys_unshare 8 | 9 | BITS 64 10 | 11 | %define CLONE_NEWUTS 0x04000000 12 | %define CLONE_NEWIPC 0x08000000 13 | %define CLONE_NEWUSER 0x10000000 14 | %define CLONE_NEWPID 0x20000000 15 | %define CLONE_NEWNET 0x40000000 16 | 17 | global _start 18 | _start: 19 | mov rax, 272 ; sys_unshare 20 | mov rdi, CLONE_NEWPID 21 | syscall 22 | 23 | mov rax, 60 ; sys_exit 24 | mov rdi, 0 25 | syscall 26 | -------------------------------------------------------------------------------- /syscalls/linux/277_sys_sync_file_range/sys_sync_file_range.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_sync_file_range example 4 | ; 5 | ; DANGER! :) 6 | ; the man page says this syscall is "extremely dangerous" to use! 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_sync_file_range.o sys_sync_file_range.asm 10 | ; ld sys_sync_file_range.o -o sys_sync_file_range 11 | 12 | BITS 64 13 | 14 | %define SYNC_FILE_RANGE_WAIT_BEFORE 1 15 | %define SYNC_FILE_RANGE_WRITE 2 16 | %define SYNC_FILE_RANGE_WAIT_AFTER 4 17 | %define SYNC_FILE_RANGE_WRITE_AND_WAIT (SYNC_FILE_RANGE_WRITE | \ 18 | SYNC_FILE_RANGE_WAIT_BEFORE | \ 19 | SYNC_FILE_RANGE_WAIT_AFTER) 20 | 21 | ; sys_open 22 | %define O_MODES 0x42 23 | 24 | global _start 25 | _start: 26 | mov rax, 2 ; sys_open 27 | mov rdi, filepath 28 | mov rsi, O_MODES 29 | mov rdx, 0666o 30 | syscall 31 | 32 | mov [fd], rax 33 | 34 | mov rax, 1 ; sys_write 35 | mov rdi, [fd] 36 | mov rsi, msg 37 | mov rdx, 26 38 | syscall 39 | 40 | mov rax, 277 ; sys_sync_file_range 41 | mov rdi, [fd] 42 | mov rsi, 0 ; offset 43 | mov rdx, 26 44 | mov r10, SYNC_FILE_RANGE_WRITE 45 | syscall 46 | 47 | mov rax, 60 ; sys_exit 48 | mov rdi, 0 49 | syscall 50 | 51 | section .data 52 | filepath db '/tmp/atmpfiletmp',0 53 | msg db 'abcdefghijklnopqrstuvwxyz' 54 | 55 | section .bss 56 | fd resb 1 57 | -------------------------------------------------------------------------------- /syscalls/linux/283_sys_timerfd_create/sys_timerfd_create.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_timerfd_create example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_timerfd_create.o sys_timerfd_create.asm 7 | ; ld sys_timerfd_create.o -o sys_timerfd_create 8 | 9 | BITS 64 10 | 11 | %define CLOCK_REALTIME 0 12 | %define CLOCK_MONOTONIC 1 13 | %define CLOCK_PROCESS_CPUTIME_ID 2 14 | %define CLOCK_THREAD_CPUTIME_ID 3 15 | %define CLOCK_MONOTONIC_RAW 4 16 | %define CLOCK_REALTIME_COARSE 5 17 | %define CLOCK_MONOTONIC_COARSE 6 18 | %define CLOCK_BOOTTIME 7 19 | %define CLOCK_REALTIME_ALARM 8 20 | %define CLOCK_BOOTTIME_ALARM 9 21 | 22 | global _start 23 | _start: 24 | 25 | mov rax, 283 ; sys_timerfd_create 26 | mov rdi, CLOCK_MONOTONIC 27 | mov rsi, 0 28 | syscall 29 | 30 | mov rdi, rax 31 | 32 | mov rax, 60 ; sys_exit 33 | syscall 34 | 35 | -------------------------------------------------------------------------------- /syscalls/linux/284_sys_eventfd/sys_eventfd.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_eventfd example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_eventfd.o sys_eventfd.asm 7 | ; ld sys_eventfd.o -o sys_eventfd 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 284 ; sys_eventfd 14 | mov rdi, 0xcafebeef 15 | syscall 16 | 17 | mov rax, 60 ; sys_exit 18 | mov rdi, 0 19 | syscall 20 | -------------------------------------------------------------------------------- /syscalls/linux/285_sys_fallocate/sys_fallocate.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_fallocate example 4 | ; 5 | ; manipulate space allocated to a file in various ways 6 | ; useful to ensure space is available (or perhaps for 7 | ; performance - see manpage for details) 8 | ; 9 | ; assemble with: 10 | ; nasm -f elf64 -o sys_fallocate.o sys_fallocate.asm 11 | ; ld sys_fallocate.o -o sys_fallocate 12 | 13 | BITS 64 14 | 15 | ;sys_open 16 | %define O_MODES 0x42 ; O_RDWR|O_CREAT 17 | ;sys_fallocate 18 | %define FALLOC_FL_KEEP_SIZE 0x01 19 | %define FALLOC_FL_PUNCH_HOLE 0x02 20 | %define FALLOC_FL_ZERO_RANGE 0x10 21 | %define FALLOC_FL_INSERT_RANGE 0x20 22 | %define FALLOC_FL_COLLAPSE_RANGE 0x08 23 | 24 | global _start 25 | _start: 26 | mov rax, 2 ; sys_open 27 | mov rdi, filename 28 | mov rsi, O_MODES 29 | mov rdx, 0644o 30 | syscall 31 | 32 | mov rdi, rax 33 | 34 | mov rax, 285 ; sys_fallocate 35 | mov rsi, FALLOC_FL_ZERO_RANGE 36 | mov rdx, 0 ; offset 37 | mov r10, 4096 ; length 38 | syscall 39 | 40 | mov rax, 60 ; sys_exit 41 | mov rdi, 0 42 | syscall 43 | 44 | section data 45 | filename db '/tmp/superfile',0 46 | -------------------------------------------------------------------------------- /syscalls/linux/292_sys_dup3/sys_dup3.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_dup3 example 4 | ; 5 | ; dup3 is like dup2 with an extra 'flags' 6 | ; argument where O_CLOEXEC can be set 7 | ; 8 | ; assemble with: 9 | ; nasm -f elf64 -o sys_dup3.o sys_dup3.asm 10 | ; ld sys_dup3.o -o sys_dup3 11 | 12 | BITS 64 13 | 14 | %define O_CLOEXEC 0x80000 15 | 16 | global _start 17 | _start: 18 | 19 | mov rax, 292 ; sys_dup3 20 | mov rdi, 0 ; old fd 21 | mov rsi, 13 ; new fd 22 | mov rdx, O_CLOEXEC 23 | syscall 24 | 25 | mov rdi, rax 26 | 27 | mov rax, 60 ; sys_exit 28 | syscall 29 | 30 | -------------------------------------------------------------------------------- /syscalls/linux/294_sys_inotify_init1/sys_inotify_init1.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_inotify_init1 example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_inotify_init1.o sys_inotify_init1.asm 7 | ; ld sys_inotify_init1.o -o sys_inotify_init1 8 | 9 | BITS 64 10 | 11 | %define IN_NONBLOCK 0x80000 12 | %define IN_CLOEXEC 0x800 13 | 14 | global _start 15 | _start: 16 | mov rax, 294 ; sys_inotify_init1 17 | mov rdi, IN_NONBLOCK 18 | syscall 19 | 20 | mov rax, 60 ; sys_exit 21 | mov rdi, 0 22 | syscall 23 | -------------------------------------------------------------------------------- /syscalls/linux/306_sys_syncfs/sys_syncfs.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_syncfs example 4 | ; 5 | ; sys_syncfs is like sys_sync but takes as an 6 | ; argument an fd and syncs the filesystem where 7 | ; it resides 8 | ; 9 | ; assemble with: 10 | ; nasm -f elf64 -o sys_syncfs.o sys_syncfs.asm 11 | ; ld sys_syncfs.o -o sys_syncfs 12 | 13 | BITS 64 14 | 15 | %define O_RDONLY 0 16 | %define O_WRONLY 1 17 | %define O_RDWR 2 18 | 19 | global _start 20 | _start: 21 | 22 | mov rax, 2 ; sys_open 23 | mov rdi, filename 24 | mov rsi, O_RDONLY 25 | syscall 26 | 27 | mov rdi, rax 28 | 29 | mov rax, 306 ; sys_syncfs 30 | syscall 31 | 32 | mov rax, 60 ; sys_exit 33 | syscall 34 | 35 | section .data 36 | filename db '/etc/issue',0 37 | -------------------------------------------------------------------------------- /syscalls/linux/309_sys_getcpu/sys_getcpu.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getcpu example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getcpu.o sys_getcpu.asm 7 | ; ld sys_getcpu.o -o sys_getcpu 8 | 9 | BITS 64 10 | 11 | global _start 12 | _start: 13 | mov rax, 309 ; sys_getcpu 14 | mov rdi, cpui 15 | mov rsi, node 16 | mov rdx, 0 ; now unused field 17 | syscall 18 | 19 | mov rax, 60 ; sys_exit 20 | mov rdi, [cpui] 21 | syscall 22 | 23 | section .bss 24 | cpui resb 1 25 | node resb 1 26 | -------------------------------------------------------------------------------- /syscalls/linux/318_sys_getrandom/sys_getrandom.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_getrandom example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_getrandom.o sys_getrandom.asm 7 | ; ld sys_getrandom.o -o sys_getrandom 8 | 9 | BITS 64 10 | 11 | %define GRND_NONBLOCK 0x01 12 | %define GRND_RANDOM 0x02 13 | 14 | global _start 15 | _start: 16 | mov rax, 318 ; sys_getrandom 17 | mov rdi, buf 18 | mov rsi, len 19 | mov rdx, GRND_NONBLOCK 20 | syscall 21 | 22 | mov rax, 60 ; sys_exit 23 | mov rdi, 0 24 | syscall 25 | 26 | section .bss 27 | buf resb 1024 28 | len equ $- buf 29 | -------------------------------------------------------------------------------- /syscalls/linux/319_sys_memfd_create/sys_memfd_create.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; sys_memfd_create example 4 | ; 5 | ; assemble with: 6 | ; nasm -f elf64 -o sys_memfd_create.o sys_memfd_create.asm 7 | ; ld sys_memfd_create.o -o sys_memfd_create 8 | 9 | BITS 64 10 | 11 | %define MFD_CLOEXEC 0x0001 12 | %define MFD_ALLOW_SEALING 0x0002 13 | %define MFD_HUGETLB 0x0004 14 | 15 | global _start 16 | _start: 17 | mov rax, 319 ; sys_memfd_create 18 | mov rdi, name 19 | mov rsi, MFD_CLOEXEC 20 | syscall 21 | 22 | mov rax, 60 ; sys_exit 23 | mov rdi, 0 24 | syscall 25 | 26 | section .data 27 | name db 'amemoryfd',0 28 | -------------------------------------------------------------------------------- /wsl.asm: -------------------------------------------------------------------------------- 1 | ; linuxthor 2 | ; 3 | ; detect windows subsystem for linux via 4 | ; /proc/version 5 | ; 6 | ; assemble with: 7 | ; nasm -f elf64 -o wsl.o wsl.asm 8 | ; gcc wsl.o -o wsl 9 | ; 10 | 11 | BITS 64 12 | 13 | global main 14 | 15 | main: 16 | mov rax, 257 ; sys_openat 17 | mov rdi, 0 18 | mov rsi, prv 19 | mov rdx, 0x0000 20 | mov r10, 0 21 | syscall 22 | 23 | mov rdi, rax 24 | xor rax, rax 25 | mov rsi, vers 26 | mov rdx, 256 27 | syscall 28 | 29 | mov rbx, rax 30 | mov rsi, [mic] 31 | loop: 32 | mov rdi, [vers+r14] 33 | cmp rsi, rdi 34 | je wsl ; wsl 35 | inc r14 36 | dec rbx 37 | cmp rbx, 0 38 | jg loop 39 | 40 | mov rdx, rax 41 | mov rax, 1 42 | mov rdi, 1 43 | mov rsi, vers 44 | syscall 45 | 46 | xor eax, eax 47 | ret 48 | 49 | wsl: 50 | mov rax, 1 51 | mov rdi, 1 52 | mov rsi, con 53 | mov rdx, conl 54 | syscall 55 | 56 | mov rax, 1 57 | ret 58 | 59 | section .data 60 | prv db '/proc/version',0 61 | mic db 'Microsoft' 62 | con db 'WSL',0x0a,0 63 | conl equ $-con 64 | 65 | section .bss 66 | vers resb 256 67 | 68 | --------------------------------------------------------------------------------