I have no idea, but couldn't you use some part of the software you just compromised that makes syscalls?

There are no syscalls as the fine article explains.

Ah, wait, I mis-read your comment and it's too late to edit mine. Yes, that sounds plausible, and particularly if you have the source code, which you do for many common servers.