-
Notifications
You must be signed in to change notification settings - Fork 3
System Calls
Neutron uses the syscall instruction to perform system calls from userland. This instruction clobbers the rcx and r11 registers. On top of that, Neutron gets syscall parameters from the registers, more specifically rdi, rsi, rdx, r8, r9, r10 in that order and saves the return value into rax. Neutron also uses the rbx register. The rest of the registers (r10, r12, r13, r14, r15, rbp and rsp) are saved by the kernel. The included nlib library takes care of this, so you don't have to if you're using it.
Upon executing the syscall instruction, the rdi register should contain the function number in the higher 32 bits, and the lower 32 bits of the same register should contain the subfunction number.
A system call always returns a value. If the value returned is 0xFFFFFFFFFFFFFFFF and it should not be returned by the nature of the system call, this means that there was a security-related error, or the function/subfunction number is invalid.
1 - Task management
2 - Filesystem
3 - Kernel messages
Please contact me if you have any questions or comments