Kernel Syscalls

From The iPhone Wiki
Revision as of 14:13, 10 February 2012 by Morpheus (talk | contribs) (Usage)
Jump to: navigation, search

Note on these

Args go in their normal registers, like arg1 in R0, as usual...

CPU

Usage

MOV R12, #x // number from list
swi 0x80
bx lr

List

  • Clear Instruction Cache: 0
  • Flush Data Cache: 1
  • _pthread_set_self: 2
  • Unknown: 3

Unix

Usage

MOV IP, #x // number from following list into Intraprocedural, a.k.a. r12
SVC 0x80   // Formerly, SWI (software interrupt)

For example:

(gdb) disass chown 0x30d2ad54 <chown>: mov r12, #16  ; 0x10, being # of chown 0x30d2ad58 <chown+4>: svc 0x00000080


Most of these are the same as you would find in the XNU open source kernel, with ARM idiosyncrasies aside (and #372, ledger)

List

  • exit: 1
  • fork: 2
  • read: 3
  • write: 4
  • open: 5
  • close: 6
  • wait4: 7
  • link: 9
  • unlink: 10
  • chdir: 12
  • fchdir: 13
  • mknod: 14
  • chmod: 15
  • chown: 16
  • getfsstat: 18
  • getpid: 20
  • setuid: 23
  • getuid: 24
  • geteuid: 25
  • ptrace: 26
  • recvmsg: 27
  • sendmsg: 28
  • recvfrom: 29
  • accept: 30
  • getpeername: 31
  • getsockname: 32
  • access: 33
  • chflags: 34
  • fchflags: 35
  • sync: 36
  • kill: 37
  • getppid: 39
  • dup: 41
  • pipe: 42
  • getegid: 43
  • profil: 44
  • sigaction: 46
  • getgid: 47
  • sigprocmask: 48
  • getlogin: 49
  • setlogin: 50
  • acct: 51
  • sigpending: 52
  • signalstack: 53
  • ioctl: 54
  • reboot: 55
  • revoke: 56
  • symlink: 57
  • readlink: 58
  • execve: 59
  • umask: 60
  • chroot: 61
  • msync: 65
  • vfork: 66
  • munmap: 73
  • mprotect: 74
  • madvise: 75
  • mincore: 78
  • getgroups: 79
  • setgroups: 80
  • getpgrp: 81
  • setpgid: 82
  • setitimer: 83
  • swapon: 85
  • getitimer: 86
  • getdtablesize: 89
  • dup2: 90
  • fnctl: 92
  • select: 93
  • fsync: 95
  • setpriority: 96
  • socket: 97
  • connect: 98
  • getpriority: 100
  • bind: 104
  • setsockopt: 105
  • listen: 106
  • sigsuspend: 111
  • gettimeofday: 116
  • getrusage: 117
  • getsockopt: 118
  • readv: 120
  • writev: 121
  • settimeofday: 122
  • fchown: 123
  • fchmod: 124
  • setreuid: 126
  • setregid: 127
  • rename: 128
  • flock: 131
  • mkfifo: 132
  • sendto: 133
  • shutdown: 134
  • socketpair: 135
  • mkdir: 136
  • rmdir: 137
  • utimes: 138
  • futimes: 139
  • adjtime: 140
  • gethostuuid: 142
  • setsid: 145
  • getpgid: 151
  • setprivexec: 152
  • pread: 153
  • pwrite: 154
  • statfs: 157
  • fstatfs: 158
  • unmount: 159
  • quotactl: 165
  • mount: 167
  • csops: 169
  • waitid: 173
  • add_profil: 176
  • kdebug_trace: 180
  • setgid: 181
  • setegid: 182
  • seteuid: 183
  • sigreturn: 184
  • chod: 185
  • fdatasync: 187
  • stat: 188
  • fstat: 189
  • lstat: 190
  • pathconf: 191
  • fpathconf: 192
  • getrlimit: 194
  • setrlimit: 195
  • getdirentries: 196
  • mmap: 197
  • lseek: 199
  • truncate: 200
  • ftruncate: 201
  • __sysctl: 202
  • mlock: 203
  • munlock: 204
  • undelete: 205
  • mkcomplex: 216
  • statv: 217
  • lstatv: 218
  • fstatv: 219
  • getattrlist: 220
  • setattrlist: 221
  • getdirentriesattr: 222
  • exchangedata: 223
  • fsgetpath: 224
  • searchfs: 225
  • delete: 226
  • copyfile: 227
  • fgetattrlist: 228
  • fsetattrlist: 229
  • poll: 230
  • watchevent: 231
  • waitevent: 232
  • modwatch: 233
  • getxattr: 234
  • fgetxattr: 235
  • setxattr: 236
  • fsetxattr: 237
  • removexattr: 238
  • fremovexattr: 239
  • listxattr: 240
  • flistxattr: 241
  • fsctl: 242
  • initgroups: 243
  • posix_spawn: 244
  • ffsctl: 245
  • minherit: 250
  • shm_open: 266
  • shm_unlink: 267
  • sem_open: 268
  • sem_close: 269
  • sem_unlink: 270
  • sem_wait: 271
  • sem_trywait: 272
  • sem_post: 273
  • sem_getvalue: 274
  • sem_init: 275
  • sem_destroy: 276
  • open_extended: 277
  • umask_extended: 278
  • stat_extended: 279
  • lstat_extended: 280
  • fstat_extended: 281
  • chmod_extended: 282
  • fchmod_extended: 283
  • access_extended: 284
  • settid: 285
  • gettid: 286
  • setsgroups: 287
  • getsgroups: 288
  • setwgroups: 289
  • getwgroups: 290
  • mkfifo_extended: 291
  • mkdir_extended: 292
  • identitysvc: 293
  • shared_region_check_np: 294
  • shared_region_map_np: 295
  • vm_pressure_monitor: 296
  • __pthread_mutex_destroy: 301
  • __pthread_mutex_init: 302
  • __pthread_mutex_lock: 303
  • __pthread_mutex_trylock: 304
  • __pthread_mutex_unlock: 305
  • __pthread_cond_init: 306
  • __pthread_cond_destroy: 307
  • __pthread_cond_broadcast: 308
  • __pthread_cond_signal: 309
  • getsid: 310
  • settid_with_pid: 311
  • __pthread_cond_timedwait: 312
  • aio_fsync: 313
  • aio_return: 314
  • aio_suspend: 315
  • aio_cancel: 316
  • aio_error: 317
  • aio_read: 318
  • aio_write: 319
  • lio_listio: 320
  • __pthread_cond_wait: 321
  • iopolicysys: 322
  • mlockall: 324
  • munlockall: 325
  • issetugid: 327
  • __pthread_kill: 328
  • __pthread_sigmask: 329
  • __sigwait: 330
  • __disable_threadsignal: 331
  • __pthread_markcancel: 332
  • __pthread_canceled: 333
  • proc_info: 336
  • stat64: 338
  • fstat64: 339
  • lstat64: 340
  • stat64_extended: 341
  • lstat64_extended: 342
  • fstat64_extended: 343
  • getdirectories64: 344
  • statfs64: 345
  • fstatfs64: 346
  • getfsstat64: 347
  • __pthread_chdir: 348
  • __pthread_fchdir: 349
  • kqueue: 362
  • kevent: 363
  • lchown: 364
  • stack_snapshot: 365
  • kevent64: 369
  • __semwait_signal: 370
  • __semwait_signal_nocancel: 371
  • ledger: 372 - This Syscall exists only in iOS, having been taken out of OS X a while ago.

The following syscalls are for BSD's Mandatory Access Control, on top of which Apple's "SandBox" (sandbox.kext) is implemented

  • __mac_execve: 380
  • __mac_syscall: 381
  • __mac_get_file: 382
  • __mac_set_file: 383
  • __mac_get_link: 384
  • __mac_set_link: 385
  • __mac_get_proc: 386
  • __mac_set_proc: 387
  • __mac_get_fd: 388
  • __mac_set_fd: 389
  • __mac_get_pid: 390
  • __mac_get_lcid: 391
  • __mac_get_lctx: 392
  • __mac_set_lctx: 393

  • setlcid: 394
  • getlcid: 395

The "nocancel"s are the same as their cancellable counterparts. In most cases, the latter are just wrappers, with a call to __pthread_testcancel(1);

  • read_nocancel: 396
  • write_nocancel: 397
  • open_nocancel: 398
  • close_nocancel: 399
  • wait4_nocancel: 400
  • recvmsg_nocancel: 401
  • sendmsg_nocancel: 402
  • recvfrom_nocancel: 403
  • accept_nocancel: 404
  • msync_nocancel: 405
  • fnctl_nocancel: 406
  • select_nocancel: 407
  • fsync_nocancel: 408
  • connect_nocancel: 409
  • sigsuspend_nocancel: 410
  • readv_nocancel: 411
  • writev_nocancel: 412
  • sendto_nocancel: 413
  • pread_nocancel: 414
  • pwrite_nocancel: 415
  • waitid_nocancel: 416
  • poll_nocancel: 417
  • sem_wait_nocancel: 420
  • aio_suspend_nocancel: 421
  • __sigwait_nocancel: 422
  • __semwait_signal_nocancel: 423

  • __mac_mount: 424
  • __mac_get_mount: 425
  • __mac_getfsstat: 426
  • fsgetpath_1: 427
  • _audit_session_self: 428
  • audit_session_join: 429
  • fileport_makeport: 430
  • fileport_makefd: 431
  • audit_session_port: 432
  • pid_suspend: 433
  • pid_resume: 434
  • pid_hibernate: 435
  • pid_shutdown_sockets: 436
  • (unused): 437
  • shared_region_map_and_slide_np: 438 (used in ASLR)