系统调用在mac OS 操作系统上 x86_64 使用syscall,32位使用 int 0x80。
中断号定义在#import <sys/syscall.h>
syscall.h
#ifndef _SYS_SYSCALL_H_
#define _SYS_SYSCALL_H_
#include <sys/appleapiopts.h>
#ifdef __APPLE_API_PRIVATE
#define SYS_syscall 0
#define SYS_exit 1
#define SYS_fork 2
#define SYS_read 3
#define SYS_write 4
#define SYS_open 5
#define SYS_close 6
#define SYS_wait4 7
调用分几种
syscall_sw.h的定义
#define SYSCALL_CLASS_NONE 0 /* Invalid */
#define SYSCALL_CLASS_MACH 1 /* Mach */
#define SYSCALL_CLASS_UNIX 2 /* Unix/BSD */
#define SYSCALL_CLASS_MDEP 3 /* Machine-dependent */
#define SYSCALL_CLASS_DIAG 4 /* Diagnostics */
#define SYSCALL_CLASS_IPC 5 /* Mach IPC */
/* Macros to simpllfy constructing syscall numbers. */
#define SYSCALL_CONSTRUCT_MACH(syscall_number) \
((SYSCALL_CLASS_MACH << SYSCALL_CLASS_SHIFT) | \
(SYSCALL_NUMBER_MASK & (syscall_number)))
#define SYSCALL_CONSTRUCT_UNIX(syscall_number) \
((SYSCALL_CLASS_UNIX << SYSCALL_CLASS_SHIFT) | \
(SYSCALL_NUMBER_MASK & (syscall_number)))
#define SYSCALL_CONSTRUCT_MDEP(syscall_number) \
((SYSCALL_CLASS_MDEP << SYSCALL_CLASS_SHIFT) | \
(SYSCALL_NUMBER_MASK & (syscall_number)))
#define SYSCALL_CONSTRUCT_DIAG(syscall_number) \
((SYSCALL_CLASS_DIAG << SYSCALL_CLASS_SHIFT) | \
(SYSCALL_NUMBER_MASK & (syscall_number)))
对于Mach调用,调用的中断号是:中断号+ (1<<24)
对于Unix调用,调用的中断号是:中断号+ (2<<24)
exit的中断号是1,所以调用时的rax参数是0x2000001。
rdi是调用exit()的参数
libsystem_kernel.dylib`mach_msg_trap:
0x7fff6bf982b0 <+0>: movq %rcx, %r10
0x7fff6bf982b3 <+3>: movl $0x2000001f, %eax ; imm = 0x2000001F
0x7fff6bf982b8 <+8>: syscall
-> 0x7fff6bf982ba <+10>: retq
0x7fff6bf982bb <+11>: nop
rax = 0x0000000002000001
rbx = 0x0000000000000003
rcx = 0x0000000000000000
rdx = 0x0000000000000000
rdi = 0x0000000000000003
rsi = 0x0000000000000000
arm64上,x16保存调用号,svc #0x80表示系统调用,x0表示调用的参数
libsystem_kernel.dylib`mach_msg_trap:
0x1b967855c <+0>: mov x16, #-0x1f
0x1b9678560 <+4>: svc #0x80
-> 0x1b9678564 <+8>: ret
x0 = 0x0000000000000003
x1 = 0x0000000000000000
x2 = 0x00000000000120a8
x3 = 0x00000001dc14d440 __sF + 304
x4 = 0x000000018d8e9a08 libsystem_c.dylib`_none_wcrtomb
x5 = 0x000000016f502db0
x6 = 0x000000016f503140
x7 = 0x0000000000000f60
x8 = 0x0000000000000000
x9 = 0x00000000dc14d4b7
x10 = 0x0000000000000000
x11 = 0x0000000000000002
x12 = 0x0000000000000002
x13 = 0x0000000000000000
x14 = 0x0000000000000001
x15 = 0x0000000000000002
x16 = 0x0000000000000001
x17 = 0x000000018d8dcd98 libsystem_c.dylib`_cleanup
x18 = 0x0000000000000000
x19 = 0x0000000000000003
x20 = 0x0000000100e043b0
x21 = 0x00000001d94d5000 UIKitCore`UIUserNotificationAction._parameters
x22 = 0x0000000000000001
x23 = 0x0000000000000000
x24 = 0x000000002b870064
x25 = 0x0000000000000000
x26 = 0x00000001cd97ff71
x27 = 0x0000000000000010
x28 = 0x00000001d94c1000 (void *)0x00000001dc1be1e0: _UIVisualEffectSubview
fp = 0x000000016f502f10
lr = 0x000000018d8de280 libsystem_c.dylib`signal__
sp = 0x000000016f502f00
pc = 0x00000001b93d9dac libsystem_kernel.dylib`__exit + 4
cpsr = 0x60000000
https://github.com/apple/darwin-xnu/blob/main/osfmk/mach/syscall_sw.h
https://opensource.apple.com/source/xnu/xnu-1504.3.12/bsd/kern/syscalls.master
https://www.bilibili.com/read/cv9033324
https://opensource.apple.com/source/xnu/xnu-4570.1.46/osfmk/mach/i386/syscall_sw.h.auto.html