Hi all,
The following short program demonstrates direct kernel
calls (avoiding int 80h). For assembler programmers this
appears trivial, but it appears to have caused confusion for
those working in other languages.

all the best, jeff

---- cut here - program start ---
;Programs can call kernel directly and bypass "int 80h" by
;looking up a kernel entry point on the stack. The stack
;is organized as follows:
; - parameter count
; - parameter 1 (ptr to our name)
; - (additional ptrs here)
; - 0 = terminator for paramerer ptrs
; - enviro ptr 1
; - enviro ptr 2
; - (additional ptrs here)
; - 0 = terminator for enviro ptrs
; - aux information area, with dword pairs. Each
; pair consists of code,data. The type of data
; is specified by code. A code of 20h is the
; sysenter kernel entry address.
; - 0 = terminator for aux area
; - strings table
;
; compile with: nasm -felf -g program_name
; link with: ld program_name.o program_name
;
; The following code search the stack for kernel entry
; and stores it. Then, it displays a message using the
; kernel entry vector.
;

[section .text]
global _start
_start:
mov esi,esp
mov ecx,2 ;find second terminator
lp1:
lodsd ;get stack value
or eax,eax ;zero?
jnz lp1 ;loop if non-zero
loop lp1 ;loop ecx times
lp2:
lodsd ;get code
cmp eax,byte 20h
lodsd ;get data for this code
jne lp2 ;jmp if wrong code
found_it:
mov [syscall],eax ;save syscall ptr
;test sys call
mov eax, 4 ; write
mov ebx, 1 ; fd 1: stdout
mov ecx, msg ; string to print (not 0-terminated!)
mov edx,msg_end - msg
call [syscall]
mov eax, 1 ; exit
mov ebx, 0 ; return value
call [syscall]
;----------
[section .data]
syscall: dd 0 ; for making syscalls
msg db 0ah,"Syscall vector found", 0Ah
msg_end: