svc · 0x80 · the macos syscall reference

Every macOS syscall, every XNU release.

A searchable reference for BSD syscalls, Mach traps, and diagnostic calls — with full version history, prototypes, and security notes.

Browse syscalls Read the articles

BSD · 367 syscallsMach · 73 trapsMachDep · 16 calls

Detecting syscall abuse with macOS Endpoint Security in 2026

Endpoint Security is the modern, supported path for syscall-level detection on macOS — but its event taxonomy doesn't map 1-to-1 with syscalls. Here's the practical mapping for security work.

5/29/2026

endpoint-securitymacosedrsecurity

task_for_pid: macOS's most dangerous Mach trap

How task_for_pid works, why Apple gates it the way it does, and what its entitlement model means for security tooling on macOS.

5/28/2026

machtask_for_pidsecuritycode-injection

Tracing macOS syscalls with dtrace on Apple Silicon

A practical guide to using DTrace to trace BSD syscalls and Mach traps on modern macOS — including SIP requirements, working scripts, and what to do when Apple's syscall probes go missing.

5/27/2026

dtracemacossyscallstracing