0

I have a very basic assembly program that runs in Linux userland:

section .text
global _start

_start:
    mov edx, 14
    mov ecx, msg
    mov ebx, 1
    mov eax, 4
    syscall

    mov eax, 1
    syscall

section .data
msg db "Hello, World!", 0xA

However, this doesn't work as it is, but only if I replace the syscalls with int 0x80. Don't these do the same thing? I know that syscall was designed to be lower-latency, but other than that, I didn't think there was a difference. Why doesn't it work?

Improve this question
2
  • Maybe you're looking for sysenter? Linux maps a page with the user-space sysenter wrapper into the virtual address space of 32bit processes. This is the VDSO. Commented Dec 30, 2015 at 20:00
  • there are so called man-pages you really have to look up. especially about syscall, syscalls and the syscalls you want to call. you find everything you had to know about there. Commented Dec 30, 2015 at 21:36

2 Answers 2

Reset to default
2

syscall works only in x86-64 operating systems and you should put the system call number in rax register instead of eax. See this website for more information.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

No system call numbers need more than 32bits to represent!! mov r32, imm32 zeros the upper32 of the 64bit register. Writing mov rax, 231 will just lead to wasted bytes in the machine code, with some assemblers. (Either REX.W=1 mov r, imm32 (sign-extending) or worse REX.W=1 mov r, imm64.)
1

The syscall instruction doesn't store "return RIP" or "return RSP" anywhere, so these are typically stored in registers in previous instructions before the syscall instruction is used.

I suspect that on Linux RCX and RDX are used for this purpose; and that all the other parameters end up in different registers because of this.

Improve this answer

1 Comment

RCX and R11, actually

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.