Sysadapt

Sysadapt is a tool that translates legacy x86-32 ABI syscalls into AMD64 fast syscalls using ptrace.

Usage

Sysadapt comes with a shared library for invoking legacy syscalls and a sample victim program.

Build with CMake

cmake [-DVERBOSE]

VERBOSE: compile with verbosity. Refer to source code for more information

Run

./build/sysadapt build/call < in.txt

Runner

The victim program provided with sysadapt simply invokes two syscalls: read and write in order to echo Hello, World! from stdin into stdout. However, it uses 32-bit legacy ABI to write from the buffer. This is generally considered to be undefined behaviour, because 32-bit legacy ABI uses EIP, which is a 32-bit register, to access the 64-bit address space. When run under sysadapt, as shown in usage section, the syscall will be dynamically translated into the 64-bit ABI at runtime, and the program will function correctly.

Syscall32 library

The shared library provided with sysadapt contains a variadic syscall32 function which invokes a legacy 32-bit ABI syscall from given arguments. It also includes write32 and read32, which are simple wrappers over syscall32. In general, syscall32 can be used for any 32-bit syscall.

License

This product is distributed under GPLv3 license.

References

If you wish to learn more about how sysadapt operates or x86 syscalls on Linux in general, refer to these documents

• Ptrace man page
• x86-32 and 64 syscall tables
• Using C to inspect syscalls
• Intercepting Linux syscalls with ptrace
• Anatomy of a system call
• Linux-Insides: Syscalls
• Definitive guide to syscalls
• Linus Torvalds on this issue