From: muta...@gmail.com   
      
   On Tuesday, July 6, 2021 at 1:21:08 PM UTC+10, muta...@gmail.com wrote:   
      
   > > Yes with vsyscall you don't need int 80h if that suits you...   
      
   > Yes, switching to vsyscall sounds like what I want in   
   > order to produce clean executables.   
      
   I've done some initial investigation of this.  The Linux   
   startup code is interesting - there is no return address.   
      
   I have seen that what I need is some global variable,   
   called e.g. __vsyscall and then it is a simple matter   
   of replacing:   
      
   int $0x80   
      
   with   
      
   call *__vsyscall   
      
   So the challenge is to set __vsyscall.   
      
   This is all 32-bit so I can just define the actual variable as:   
      
   .long __vsyscall   
      
   I believe.   
      
   But to set this global variable I would be using C code.   
      
   Here is what I currently have:   
      
   /* We can get away with a minimal startup code, plus make it   
      a C program. There is no return address. Instead, on the   
      stack is a count, followed by all the parameters as pointers */   
      
   int _start(char *p)   
   {   
       int rc;   
      
       rc = __start(*(int *)(&p - 1), &p);   
       __exita(rc);   
       return (rc);   
   }   
      
      
   So, before calling __start, I need to set __vsyscall.   
      
   Is it a simple matter of jumping the number of parameters   
   provided in argc, which will put me at envp, and then   
   continue scanning until a NULL. And then the next value   
   will be the value I need to copy into __vsyscall?   
      
   Does this work even for non-ELF?   
      
   Thanks. Paul.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)