{"id":16714025,"url":"https://github.com/therealdreg/r2-syscall-printer","last_synced_at":"2025-04-10T06:09:46.076Z","repository":{"id":97023840,"uuid":"316436619","full_name":"therealdreg/r2-syscall-printer","owner":"therealdreg","description":"I created r2-syscall-printer (radare r2pipe script) because I need now Linux-kernel interface call convention support (x86 \u0026  x86_64): %rdi, %rsi, %rdx, %r10, %r8, %r9. Also you can use this tool as standalone-app to print syscall table info","archived":false,"fork":false,"pushed_at":"2023-08-11T06:22:51.000Z","size":241,"stargazers_count":6,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T07:13:51.218Z","etag":null,"topics":["debugging","debugging-tool","linux-kernel","r2pipe","radare2","radare2-plugin","reverse-engineering","standalone-app","syscall-table"],"latest_commit_sha":null,"homepage":"https://rootkit.es/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2020-11-27T07:59:12.000Z","updated_at":"2023-08-22T12:18:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"40144290-2dd2-4d6d-98ab-10d032c32a3a","html_url":"https://github.com/therealdreg/r2-syscall-printer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fr2-syscall-printer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fr2-syscall-printer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fr2-syscall-printer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fr2-syscall-printer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/r2-syscall-printer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248166925,"owners_count":21058481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debugging","debugging-tool","linux-kernel","r2pipe","radare2","radare2-plugin","reverse-engineering","standalone-app","syscall-table"],"created_at":"2024-10-12T20:48:52.373Z","updated_at":"2025-04-10T06:09:46.065Z","avatar_url":"https://github.com/therealdreg.png","language":"Python","funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"readme":"Please, consider make a donation: https://github.com/sponsors/therealdreg\n\n# r2-syscall-printer\n\n**WARNING: this is a POC, and the code is pure CRAP**\n\nThe current amd64 call convention in r2 supported is User-level call convention: %rdi, %rsi, %rdx, **%rcx, %r8, %r9**\n\nI created this r2pipe script to support x86 \u0026 amd64 kernel interface call convention: %rdi, %rsi, %rdx, **%r10, %r8, %r9**\n\n**Also you can use this tool as standalone-app to print syscall table info for Linux x86 \u0026 amd64**\n\n64 bit process:\n![alt text](r2-syscall-printer64.png)\n\n32 bit process:\n![alt text](r2-syscall-printer.png)\n\nThe official r2-support for amd64 kernel interface call convention is comming, check my pr and pancake pr: \n* https://github.com/radareorg/radare2/pull/17954 \n* https://github.com/radareorg/radare2/pull/17960\n\n## Usage:\n\nFor 64bit processes:\n```\n#!pipe python3 r2-syscall-printer.py \n```\n\nFor 32bit processes inside r2 session use /32: \n```\n#!pipe python3 r2-syscall-printer.py /32\n```\n\nTo display extra info (like in the screenshot image) use /extra:\n```\n#!pipe python3 r2-syscall-printer.py /extra\n#!pipe python3 r2-syscall-printer.py /32 /extra\n```\n\n## Use as standalone tool\n\n* /sysinfoX: for hexadecimal syscall ID \n* /sysinfoD: for decimal syscall ID\n* /printable: prints full syscall table\n* /exit: show info \u0026 exit\n* /32: put the current sys_call_table mode for 32 bit (default 64)\n\nGetting 32bits-table-info about syscall 0xAB and 3 (decimal):\n```\ndreg@fr33project:~# python3 /root/r2-syscall-printer/r2-syscall-printer.py /32 /sysinfoXAB /sysinfoD3 /exit\narch: 32 bits\nsyscall: 171 (decimal)\nEntry(name='getresgid', params=[Param(reg='$ebx', param='gid_t *rgidp'), Param(reg='$ecx', param='gid_t *egidp'), Param(reg='$edx', param='gid_t *sgidp')])\nsyscall: 3 (decimal)\nEntry(name='read', params=[Param(reg='$ebx', param='unsigned int fd'), Param(reg='$ecx', param='char *buf'), Param(reg='$edx', param='size_t count')])\n```\n\nGetting 64bits-table-info about syscall 0xFF and 13 (decimal):\n```\ndreg@fr33project:~# python3 /root/r2-syscall-printer/r2-syscall-printer.py /sysinfoXFF /sysinfoD13 /exit\narch: 64 bits\nsyscall: 255 (decimal)\nEntry(name='inotify_rm_watch', params=[Param(reg='$rdi', param='int fd'), Param(reg='$rsi', param='__s32 wd')])\nsyscall: 13 (decimal)\nEntry(name='rt_sigaction', params=[Param(reg='$rdi', param='int sig'), Param(reg='$rsi', param='const struct sigaction *act'), Param(reg='$rdx', param='struct sigaction *oact'), Param(reg='$r10', param='size_t sigsetsize')])\n```\n\nPrinting full 32bits-table-info syscall info:\n```\ndreg@fr33project:~# python3 /root/r2-syscall-printer/r2-syscall-printer.py /32 /printable /exit\narch: 32 bits\n{   0: Entry(name='restart_syscall', params=[]),\n    1: Entry(name='exit', params=[Param(reg='$ebx', param='int error_code')]),\n    2: Entry(name='fork', params=[]),\n    3: Entry(name='read', params=[Param(reg='$ebx', param='unsigned int fd'), Param(reg='$ecx', param='char *buf'), Param(reg='$edx', param='size_t count')]),\n    4: Entry(name='write', params=[Param(reg='$ebx', param='unsigned int fd'), Param(reg='$ecx', param='const char *buf'), Param(reg='$edx', param='size_t count')]),\n    ...\n```\n\nPrinting full 64bits-table-info syscall info:\n```\ndreg@fr33project:~# python3 /root/r2-syscall-printer/r2-syscall-printer.py /printable /exit\narch: 64 bits\n{   0: Entry(name='read', params=[Param(reg='$rdi', param='unsigned int fd'), Param(reg='$rsi', param='char *buf'), Param(reg='$rdx', param='size_t count')]),\n    1: Entry(name='write', params=[Param(reg='$rdi', param='unsigned int fd'), Param(reg='$rsi', param='const char *buf'), Param(reg='$rdx', param='size_t count')]),\n    2: Entry(name='open', params=[Param(reg='$rdi', param='const char *filename'), Param(reg='$rsi', param='int flags'), Param(reg='$rdx', param='umode_t mode')]),\n    3: Entry(name='close', params=[Param(reg='$rdi', param='unsigned int fd')]),\n    4: Entry(name='stat', params=[Param(reg='$rdi', param='const char *filename'), Param(reg='$rsi', param='struct __old_kernel_stat *statbuf')]),\n    5: Entry(name='fstat', params=[Param(reg='$rdi', param='unsigned int fd'), Param(reg='$rsi', param='struct __old_kernel_stat *statbuf')]),\n    ...\n```\n\n# Credits\n\nTables from GEF-extras (syscall-args) - GDB Enhanced Features for exploit devs \u0026 reversers\n* http://gef.rtfd.io/\n* https://github.com/hugsy/gef\n* https://github.com/hugsy/gef-extras\n\n# TODO\n\n* Improve the code, more pythonic please\n* Auto detect process arch32/64 for default display in radare2\n\n# Contributors\n\n* nobody loves me\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fr2-syscall-printer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Fr2-syscall-printer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fr2-syscall-printer/lists"}