System call instrumentation on Linux/x86-64 using memory-indirect calls (in vain?), part one
Summary
A technical dive into Linux/x86-64 system call instrumentation using memory-indirect techniques, discussing the limitations of 2-byte system calls and multiple punning strategies (zpoline, E9Patch) and segmentation-based approaches. It weighs trade-offs in memory, attack surface, and practicality, and sets up a follow-up exploring LDTs and far jumps.