System Call Modules

System call modules are simply KLDs that install a system call. In operating systems, a system call, also known as a system service request, is the mechanism an application uses to request service from the operating system's kernel.

Note

In Chapter 2, Chapter 3, and Chapter 6, you'll be writing rootkits that either hack the existing system calls or install new ones. Thus, this section serves as a primer.

There are three items that are unique to each system call module: the system call function, the sysent structure, and the offset value.

The System Call Function

The system call function implements the system call. Its function prototype is defined in the <sys/sysent.h> header as:

 typedef int sy_call_t(struct thread *, void *);  ...

Get Designing BSD Rootkits now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Designing BSD Rootkits by

System Call Modules

Note

The System Call Function

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly