Author Topic: syscalls - MacOS  (Read 28 times)

Offline fredericopissarra

  • Full Member
  • **
  • Posts: 265
  • Country: br
syscalls - MacOS
« on: January 27, 2023, 11:06:16 AM »
Just an info for you all...

MacOS is derived from FreeBSD and its syscalls follows the SysV ABI for i386 with extensions and a minor difference for x86-64: Instead of changing RCX by R10, MacOS uses RCX... and, again, yep... i386 table is used in x86-64 mode, so sys_exit is 1 and sys_write is 4.

I don't have a MacOS machine to test this, by this 'hello.asm' should work on MacOS in x86-64 mode:
Code: [Select]
  bits 64
  default rel   ; program need to be PIE.

  section .rodata

msg:     db `Hello\n`
msg_len  equ $ - msg

  section .text

  global _start

  align 4
_start:
  mov  eax,4      ; sys_write (must be 1 on Linux)
  mov  edi,1      ; stdout
  lea  rsi,[msg]
  mov  edx,msg_len
  syscall

  mov  eax,1      ; sys_exit (must be 60 on Linux)
  xor  edi,edi
  syscall
For i386 mode int 0x80 is used the same way as in Linux...

Reading some material I found that maybe the sections could be renamed to __text and __rodata. But I don't know where to find the official MacOS Reference to confirm.
« Last Edit: January 27, 2023, 11:13:25 AM by fredericopissarra »