On Thu, Jul 31, 2003 at 04:12:27PM -0400, Ryan Sommers wrote: > When making a system call to the kernel why is it necessary to push the > syscall value onto the stack when you don't call another function? > > Example: > > access.the.bsd.kernel: > int 80h > ret > > func: > mov eax, 4 ; Write > call access.the.bsd.kernel > ; End > > Works. However: > func: > mov eax, 4 ; Write > int 80h > ; End > > Doesn't. > This is because in a C library, all system calls are wrapped into C functions, so the stack looks like this when in the syscall code in libc:
return address to a program
syscall args
So the kernel knows how to account for a return address to access
actual arguments.
So when calling the kernel directly (not through a C library
wrapper function), we need to align the stack to fake the kernel
we're calling it from the syscall code in libc.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software Ltd,
[EMAIL PROTECTED] FreeBSD committer
pgp00000.pgp
Description: PGP signature
