System calls are made using the
syscall instruction on an x86-64 version of GNU/Linux as opposed to using
int 0x80 on an x86 version of GNU/Linux.
All programs are in long mode. Depending on the type of GNU/Linux system you use, the list of system calls can be found in
/usr/include/asm/unistd_64.h for Debian-based systems or in
/usr/include/asm-x86_64/unistd.h for Slackware, etc.
- The kernel or system call interface uses registers
R9, respectively, for passing arguments in that order. A maximum of 6 parameters can be passed.
- The kernel destroys registers
- The number of the system call is passed in the register
- No argument is passed on the stack.
- The return value is placed in
RAX. An error value is in the range -1 to -4095 (
- In 32-bit mode, GNU/Linux supports 6 arguments in the system call and they are passed in the registers
EBP, with the system call number in
- For a complete list of the registers that should be used for passing parameters and for return values, refer the x86-64 ABI.
- The integer and pointer arguments are passed in the registers
R9in that order.
- The registers
XMM0-XMM7are used to pass the single and double precision floating point arguments.
- Rest of the arguments might have to be passed on the stack.
RAXregister should hold the number of SSE registers (
XMM0-XMM7) that are used in the passing of arguments.
- The registers
R12-R15are callee-saved registers and are preserved across function calls.
RBXis the optional base pointer and
RBPis the optional frame pointer.
R11is the temporary register used by the Procedure Linkage Table.
R10is used to pass a function’s static chain pointer.
- Integer or pointer type return values are returned in
- Floating point return values are returned in
- Long double precision values are returned in