Series

macOS syscalls 101

3 posts in this series. Read them in order or jump to any one.

How macOS syscalls work in 2026
What actually happens when an arm64 Mac program issues an SVC instruction — from the user-space stub down to the BSD syscall dispatcher and back.
Mach traps vs BSD syscalls: two kernels in one Mac
XNU is a Mach-3 microkernel with a BSD personality bolted on top. That hybrid is why macOS has two distinct syscall families — here's what each is for, and how they differ in practice.
Tracing macOS syscalls with dtrace on Apple Silicon
A practical guide to using DTrace to trace BSD syscalls and Mach traps on modern macOS — including SIP requirements, working scripts, and what to do when Apple's syscall probes go missing.

All posts in this series

How macOS syscalls work in 2026

What actually happens when an arm64 Mac program issues an SVC instruction — from the user-space stub down to the BSD syscall dispatcher and back.

5/25/2026

macosxnusyscallsarm64

Mach traps vs BSD syscalls: two kernels in one Mac

XNU is a Mach-3 microkernel with a BSD personality bolted on top. That hybrid is why macOS has two distinct syscall families — here's what each is for, and how they differ in practice.

5/26/2026

xnumachbsdkernel

Tracing macOS syscalls with dtrace on Apple Silicon

A practical guide to using DTrace to trace BSD syscalls and Mach traps on modern macOS — including SIP requirements, working scripts, and what to do when Apple's syscall probes go missing.

5/27/2026

dtracemacossyscallstracing