ausyscall
Translate syscall number to name
TLDR
Display syscall number of a specific system call
Display name of a specific system call number
Display all system calls for a specific architecture
SYNOPSIS
ausyscall architecture syscall_number | syscall_name
PARAMETERS
architecture
Specifies the architecture to use for system call name/number resolution. Examples include i386
, x86_64
, arm
, etc.
syscall_number
An integer representing the system call number.
syscall_name
The name of the system call (e.g., open
, read
).
DESCRIPTION
The ausyscall
command in Linux is used to translate system call numbers to names and vice-versa, and can also be used with gdb (or other debuggers) to set breakpoints on specific system calls. Its primary function is to aid in debugging and security auditing by providing a user-friendly interface for system call identification.
By specifying a system call number, ausyscall
will output the corresponding name. Conversely, providing a system call name will return its associated number. This is particularly helpful when analyzing system logs or debugging applications that make use of system calls. Furthermore, when used with a debugger, ausyscall
simplifies the process of placing breakpoints on system calls by allowing you to specify the system call by name instead of requiring knowledge of the underlying system call table.
CAVEATS
The availability of system call names/numbers depends on the architecture specified. Incorrect architecture specification will lead to incorrect results. System call tables can vary across kernel versions. Therefore the number/name provided may be different in other systems. The ausyscall
tool is available on systems with the audit package.
EXAMPLES
To find the system call number for open
on x86_64 architecture:ausyscall x86_64 open
To find the system call name for number 2 on i386 architecture:ausyscall i386 2
HISTORY
ausyscall
is part of the Linux Audit system, which was designed to provide detailed information about security events. The Audit system itself has been under development for many years, initially to provide a security auditing solution to comply with regulatory requirements. ausyscall
was created as a command-line tool to provide a simple and easy way to interact with the system call mappings, essential to audit capabilities.