Article by Ayman Alheraki on May 5 2025 11:15 AM
syscall and int 21h in Assembly Language
In assembly language, there's no concept of "functions" like in high-level programming languages. Instead, there's a mechanism to interact with the operating system to perform essential tasks like reading files, printing text, accessing the network, etc.
This is where instructions like syscall and int 21h come into play.
int 21h?int stands for Interrupt.
21h is the interrupt number used by DOS (Disk Operating System) to provide system services.
When you execute int 21h, the CPU triggers a software interrupt, and control is transferred to the interrupt handler in the operating system, which executes the desired function depending on the value in the AH register.
Example:
mov ah, 09h ; Function: print stringmov dx, offset msg ; Address of message in DXint 21h ; Call DOS interruptint 21h:Printing text
Reading user input
File handling
Disk access
Program termination
int 21h a CPU Instruction?No, interrupts are supported by the CPU, but the meaning of int 21h is defined by the operating system.
syscall?Introduced in modern systems like Linux and Windows NT.
syscall is a special CPU instruction (e.g., on x86-64) that enables direct transition to kernel mode.
The system call number is placed in a specific register (usually rax in x86-64).
Parameters are passed in other registers (rdi, rsi, rdx, ...).
The syscall instruction is executed, switching execution to kernel mode, where the OS decodes the request and performs the operation.
Example (x86-64 Linux):
mov rax, 1 ; syscall number: writemov rdi, 1 ; file descriptor: stdoutmov rsi, msg ; pointer to messagemov rdx, len ; message lengthsyscall ; invoke kernel servicesyscall and int 0x80:int 0x80 was the classic way in 32-bit Linux.
syscall is faster, used in 64-bit mode, and reduces context-switch overhead.
| CPU / OS | System Call Mechanism | Notes |
|---|---|---|
| x86 / DOS | int 21h | Limited interface, relies on AH register. |
| x86 / Linux (32-bit) | int 0x80 | System call number in eax. |
| x86-64 / Linux (64-bit) | syscall | More efficient, uses specific registers. |
| x86-64 / Windows | syscall (indirect) | Routed via ntdll.dll and system call stubs. |
| ARM / Linux | svc #0 | Supervisor Call, similar to syscall; used in Android/embedded. |
| RISC-V / Linux | ecall | Official system call instruction for RISC-V. |
The CPU provides the mechanism (e.g., int, syscall, svc, ecall) to enter kernel mode.
The operating system defines the meaning, services, and behaviors.
In short: the CPU opens the gate, but the OS decides what lies beyond it.
As systems evolve, there's increasing focus on speed, security, and multi-core performance.
Technologies like eBPF, and WebAssembly System Interface (WASI) aim to offer safe, portable runtime APIs that go beyond traditional int and syscall.
int 21h was a traditional way to call system services in DOS.
syscall is a modern, fast method for requesting services directly from the kernel.
Both depend on the operating system to implement functionality.
Each CPU and OS has its own mechanism, but the core idea is the same: safe and structured transfer of control from user code to the system kernel.
