0

I've seen examples of Hello World program in Assembly, one in MacOS and the other in Linux. But the difference between them is that MacOS uses absolute memory location for system calls and Linux doesn't. Why is that? Why MacOS can't just use 1 or whatever number the kernel uses for system call write?

; MacOS
mov       rax, 0x02000004         ; system call for write
; Linux
mov       rax, 1                  ; system call for write
Noa Kirel
  • 63
  • 6

1 Answers1

4

Why do you think it's an absolute memory location? The syscall number is defined in syscalls.master and the number for write is 4

4   AUE_NULL    ALL { user_ssize_t write(int fd, user_addr_t cbuf, user_size_t nbyte); }

However you also need to add some magic number to it because syscalls are grouped into partitions

#define SYSCALL_CLASS_NONE  0   /* Invalid */
#define SYSCALL_CLASS_MACH  1   /* Mach */  
#define SYSCALL_CLASS_UNIX  2   /* Unix/BSD */
#define SYSCALL_CLASS_MDEP  3   /* Machine-dependent */
#define SYSCALL_CLASS_DIAG  4   /* Diagnostics */

The number for Unix/BSD is 2 so the number for write would be (SYSCALL_CLASS_UNIX << 24) + 4 which is equal to 0x02000004

phuclv
  • 37,963
  • 15
  • 156
  • 475
  • Where did you get 24 and 4 from? – nullspace Jan 21 '22 at 05:51
  • @nullspace it's in [osfmk/mach/i386/syscall_sw.h](https://opensource.apple.com/source/xnu/xnu-792.13.8/osfmk/mach/i386/syscall_sw.h): *For 64-bit users, the 32-bit syscall number is partitioned with the high-order bits representing the class and low-order bits being the syscall number within that class*. Read [basic assembly not working on Mac (x86_64+Lion)?](https://stackoverflow.com/q/11179400/995714) for more information – phuclv Jan 21 '22 at 12:34