Linux command
ausyscall 命令
趣味
复制后可按需替换文件名、目录或参数。
常用示例
Look up the number of a syscall
ausyscall [openat]
Look up the name
ausyscall [257]
Dump the whole syscall table
ausyscall --dump
Dump the syscall table
ausyscall [i386] --dump
Look up a syscall
ausyscall [arm64] [connect]
Require an exact match
ausyscall --exact [open]
说明
ausyscall is a small lookup utility from the Linux audit framework. It is the canonical place to translate syscall numbers seen in audit logs, `strace` output, `seccomp` filters, and BPF programs into their human-readable names (and vice-versa) for any supported architecture. Syscall numbers differ between architectures — `openat` is 257 on x86_64 but 295 on i386 — so always pass the correct architecture when inspecting logs produced on a different machine.
参数
- --dump
- List every syscall name and number for the selected architecture.
- --exact
- Require an exact name match instead of substring.
- -h, --help
- Show help.
- -V, --version
- Show version.
FAQ
What is the ausyscall command used for?
ausyscall is a small lookup utility from the Linux audit framework. It is the canonical place to translate syscall numbers seen in audit logs, `strace` output, `seccomp` filters, and BPF programs into their human-readable names (and vice-versa) for any supported architecture. Syscall numbers differ between architectures — `openat` is 257 on x86_64 but 295 on i386 — so always pass the correct architecture when inspecting logs produced on a different machine.
How do I run a basic ausyscall example?
Run `ausyscall [openat]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --dump do in ausyscall?
List every syscall name and number for the selected architecture.