Accessing a system call directly from user program

Question

On Ubuntu - kernel 2.6.32.2

How to call already existing system call from user code directly without help of any library? I read in books and on internet to solve this then written following code but still getting error. Please help

Want to find out the process id of current process

#include <stdio.h>
#include<linux/unistd.h> // for __NR_getpid
_syscall0(int, getpid)

int main() {
 printf("Current Process ID : %d\n",getpid());
 return 0;
}

Error While compilation :

root@Omkant:~/os# gcc -Wall getpid.c -o getpid
getpid.c:5:16: error: expected declaration specifiers or ‘...’ before ‘getpid’
getpid.c:5:1: warning: data definition has no type or storage class
getpid.c:5:1: warning: type defaults to ‘int’ in declaration of ‘_syscall0’
getpid.c: In function ‘main’:
getpid.c:8:2: warning: implicit declaration of function ‘getpid’

What's the problem in the code ? please help...

Answer 1

The manpage for _syscall(2) states:

Starting around kernel 2.6.18, the _syscall macros were removed from header files supplied to user space. Use syscall(2) instead. (Some architectures, notably ia64, never provided the _syscall macros; on those architectures, syscall(2) was always required.)

Thus, your desired approach can't work on more modern kernels. (You can clearly see that if you run the preprocessor on your code. It won't resolve the _syscall0 macro) Try to use the syscall function instead:

Here is an example for the usage, cited from syscall(2):

#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>

int
main(int argc, char *argv[])
{
    pid_t tid;
    tid = syscall(SYS_gettid);
}

As you asked for a direct way to call the Linux kernel without any userspace wrappers, I'll show you examples for the 80386 and the amd64 architecture.

First, you have to get the system call number from a table, such as this one. In case of getpid, the system call number is 39 for amd64 and 20 for 80386. Next, we create a function that calls the system for us. On the 80386 processor you use the interrupt 128 to call the system, on amd64 we use the special syscall instruction. The system call number goes into register eax, the output is also written to this register. In order to make the program easier, we write it in assembly. You can later use strace to verify it works correctly.

This is the code for 80386. It should return the lowest byte of its pid as exit status.

        .global _start
_start: mov $20,%eax       #system call number 20:
        int $128           #call the system
        mov %eax,%ebx      #move pid into register ebx
        mov $1,%eax        #system call number 1: exit, argument in ebx
        int $128           #exit

Assemble with:

as -m32 -o 80386.o 80386.s
ld -m elf_i386 -o 80386 80386.o

This is the same code for amd64:

        .global _start
_start: mov $39,%eax    #system call 39: getpid
        syscall         #call the system
        mov %eax,%edi   #move pid into register edi
        mov $60,%eax    #system call 60: exit
        syscall         #call the system

Assemble with:

as -o amd64.o amd64.s
ld -o amd64 amd64.o

Answer 2

"How to call already existing system call from user code directly without help of any library? I read in books and on internet to solve this then written following code but still getting error"

your question its like asking how to use printf without using glibc/libc , the i guess there's only one solution get the source code of printf , paste it in your code and use it

Want to find out the process id of current process

process id can be found out by using getpid function from libc which takes care of ur system call.

system calls are not defined in libraries these are functions written for accessing the kernel data.

regards, Zubraj