# Syscall

A **sys**tem **call** is a request made by a program to the kernel to perform a specific function, such as input/output operations, memory allocation, or process control.

**Syscalls** are typically made through an **interrupt instruction**, which is a special type of instruction that stops the execution and transfers control to the kernel. The kernel then performs the requested service and returns control to the program once it is completed.

{% hint style="info" %}
Certain syscalls are similar to libc functions such as `open()`, `fork()` or `read()`; this is because these functions are simply syscalls wrappers, making it much easier for programmers.
{% endhint %}

{% hint style="success" %}
[Here](https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md) is a list of syscalls for x86/x64  and arm architectures
{% endhint %}

## Make a Syscall

The instruction used to make a system call vary for each instruction set architecture. Here is some example :&#x20;

* [x86](/pwn/architectures/x86-x64/instruction-set.md) --> `int x080`
* [x64](/pwn/architectures/x86-x64/instruction-set.md) --> `syscall` os `sysenter`
* [aarch32](/pwn/architectures/aarch32/instruction-set.md) --> `svc`
* etc.

Once the **syscall instruction** is called, the kernel will check the value stored into a specific register ( [accumulator register](/pwn/architectures/x86-x64/registers.md) for x86/x64 i.e. EAX or RAX ) - **This is the syscall number** which defines **what syscall gets run**.&#x20;

Parameters are stored into the others register dependent of each syscall needs.&#x20;

{% hint style="info" %}
Nowaday syscalls aren't realy used for standard call such as `exit` or `write` due to `vDSO.`

**`vDSO` is a mechanism used to accelerate certain system calls** in Linux by providing a memory area allocated in user space **that exposes some kernel functionality in a safe manner.**
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.ctfrecipes.com/pwn/general-knowledge/syscall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.