System Calls
Programs that run in user space and require the services of the operating system must follow
a prescribed method of interacting with the operating system, which differs from one
operating system to another. In generic terms, we say that user programs must perform
???system calls??? to request that the operating system perform some operation on their
behalf. On many x86-based operating systems, user programs can make system calls by
utilizing a software-based interrupt mechanism via the x86 int 0x80 instruction or the
dedicated sysenter system call instruction. The Microsoft Windows family of operating
systems is somewhat different, in that it generally expects user programs to make standard
function calls into core Windows library functions that will handle the details of the system
call on behalf of the user. Virtually all significant capabilities required by shellcode
are controlled by the operating system, including file access, network access, and process
creation; as such, it is important for shellcode authors to understand how to access these
services on the platforms for which they are authoring shellcode. You will learn more
about accessing Linux system calls in Chapter 10. The x86 flavors of BSD and Solaris use a
very similar mechanism, and all three are well documented by the Last Stage of Delirium
(LSoD) in their ???UNIX Assembly Codes Development??? paper (see ???References???).
Pages:
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382