[Skunkleton]

At least for x86, you can get this same information fairly easily directly from the source. The table is located at arch/x86/entry/syscalls/syscall_64.tbl, from there you can grep for the function with git grep. For example, git grep 'SYSCALL_DEFINE.*read'.

[tomsthumb]

why bother with git grep vs. just vanilla grep. i could see the use if you're working with an older binary, but you didn't mention.

[Skunkleton]

If you ran something like grep -r SYSCALL_DEFINE.read from the top level of the linux source it would search through not just your source code, but also all of the artifacts of building the kernel. Basically, git grep is faster in this case because it filters the searched files down to only ones that are checked in. You could achieve a similar effect with standard tools like this: find -type f -regex '.\.[hc]' | xargs grep 'SYSCALL_DEFINE.*read'

[leni536]

    grep -r --include='*.[hc]' 'SYSCALL_DEFINE.*read'

[Skunkleton]

Nice. I hadn't used --include before.

[bmn__]

See also: programmer's grep clones. https://beyondgrep.com/more-tools/#Other%20grep-like%20tools

They work fine even where git-grep is not an option. Example:

    ack 'SYSCALL_DEFINE.*read'