C/C++ function definitions without assembly

First, you have to understand the concept of rings.
A kernel runs in ring 0, meaning it has a full access to memory and opcodes.
A program runs usually in ring 3. It has a limited access to memory, and cannot use all the opcodes.

So when a software need more privileges (for opening a file, writing to a file, allocating memory, etc), it needs to asks the kernel.
This can be done in many ways. Software interrupts, SYSENTER, etc.

Let’s take the example of software interrupts, with the printf() function:
1 – Your software calls printf().
2 – printf() processes your string, and args, and then needs to execute a kernel function, as writing to a file can’t be done in ring 3.
3 – printf() generates a software interrupt, placing in a register the number of a kernel function (in that case, the write() function).
4 – The software execution is interrupted, and the instruction pointer moves to the kernel code. So we are now in ring 0, in a kernel function.
5 – The kernel process the request, writing to the file (stdout is a file descriptor).
6 – When done, the kernel returns to the software’s code, using the iret instruction.
7 – The software’s code continues.

So functions of the C standard library can be implemented in C. All it has to do is to know how to call the kernel when it need more privileges.

Leave a Comment

tech