syscallogist

An experiment in determining/cataloging the range of possible syscall behavior through empirical testing

0BSD License

Stars
7
View Code on GitHub
Ecosystems: Zig

syscallogist

syscallogy: The study of syscalls.

syscallogist: A program that studies syscalls.

An experiment in determining/cataloging the range of possible syscall behavior through empirical testing. The idea is:

  • Write a program that (1) gets information about the execution environment (OS, filesystem, etc), and (2) runs a series of tests (e.g. calling various syscalls) and records the results.
  • Run that program on many different operating systems/filesystems/etc and catalog the results in a database of some sort
  • Use the resulting database to make various inferences about the behavior of syscalls (what errors are possible and when, what the range of possible values is, etc)

In theory, this information is available in the relevant documentation, but in practice, not everything is documented. This is especially true when it comes to possible errors (and particularly on Windows).

This is still in the very early stages. It currently only tests the behavior of NtQueryInformationFile on Windows (and only with a subset of possible FILE_INFORMATION_CLASS types), and fstat on Linux.

Truncated example output when run on Windows:

NtQueryInformationFile: stdin_nul
  FileBasicInformation
    NTSTATUS: INVALID_INFO_CLASS
  FileStandardInformation
    NTSTATUS: SUCCESS
    AllocationSize: 0
    EndOfFile: 0
    NumberOfLinks: 1
    DeletePending: 0
    Directory: 0

NtQueryInformationFile: stdin_pipe
  FileBasicInformation
    NTSTATUS: SUCCESS
    CreationTime: 0
    LastAccessTime: 0
    LastWriteTime: 0
    ChangeTime: 0
    FileAttributes: 128
  FileStandardInformation
    NTSTATUS: SUCCESS
    AllocationSize: 8192
    EndOfFile: 0
    NumberOfLinks: 1
    DeletePending: 1
    Directory: 0

NtQueryInformationFile: stdin_close
  FileBasicInformation
    NTSTATUS: INVALID_HANDLE
  FileStandardInformation
    NTSTATUS: INVALID_HANDLE

NtQueryInformationFile: self_exe
  FileBasicInformation
    NTSTATUS: SUCCESS
    CreationTime: 133607567251975688
    LastAccessTime: 133607567258022339
    LastWriteTime: 133607567251505257
    ChangeTime: 133607567251995706
    FileAttributes: 32
  FileStandardInformation
    NTSTATUS: SUCCESS
    AllocationSize: 1323008
    EndOfFile: 1323008
    NumberOfLinks: 1
    DeletePending: 0
    Directory: 0

Compiling & Usage

Last tested with Zig 0.13.0-dev.231+28476a5ee. Only compiles/runs on Windows and Linux currently.

zig build
./zig-out/bin/syscallogist.exe
Related Projects
timeout

POSIX.1-2024 timeout

12 Sep 2024 0
zig-std-lib-fuzzing

A set of fuzzers for fuzzing various parts of the Zig standard library

21 Sep 2021 41
OffensiveZig

Some attempts at using Zig(https://ziglang.org/) in penetration testing.

23 Nov 2020 200
gotta-go-fast

Performance Tracking for Zig

18 May 2020 232
get-known-folder-path

A Zig implementation of SHGetKnownFolderPath

08 Dec 2023 6
ZigConway

Graphic demonstration featuring ZIG & SDL2

12 Sep 2024 0
zigzag

An operating system written from scratch in Zig

09 Aug 2024 1
zig-qoi

Quite OK Image format encoder/decoder written in Zig

25 Nov 2021 131
zig-objc

Objective-C runtime bindings for Zig (Zig calling ObjC).

02 Jan 2023 174
zlog

Appplication-level logging library for Zig

16 Sep 2024 0
ZigBlobs

Graphic demonstration featuring ZIG & SDL2

21 Aug 2024 0
zig-steamworks

Steamwork bindings for Zig

06 Jun 2023 14
libxev

libxev is a cross-platform, high-performance event loop that provides abstractions for non-blocki...

07 Jan 2023 2,014
grindcov

Code coverage for compiled binaries using Callgrind, mostly geared towards Zig code

11 Sep 2021 15
pc

Difference calculations for the terminal

13 Aug 2023 11