How the Linux kernel loads and launches an executable program

Chen Tie + Original works reproduced please specify the source + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

The learning process is actually imitating the teacher's process, in case skilled enough, it becomes their own. The Kernel Code section is a bit of a pain, but this week comes back to the user shell level, after all some understanding. The entire learning process is recorded as follows, but also their own growth experience.

One, the executable file generation process. The executable that we're talking about is the binary code that executes to the CPU, and it's what we edit. This process I will simply point out, with the following shell command to explain. Results.

245 VI hello.c 246 GCC-E-o hello.cpp hello.c-m32 247 gcc-x cpp-output-s-o hello.s hello.cpp-m32 248 gcc-x A Ssembler-c hello.s-o hello.o-m32 249 gcc-0 Hello hello.o-m32 gcc-o Hello hello.o-m32 251 gcc-o Hello.sta Tic Hello.o-m32-static

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/88/wKiom1UvrPOAmTUnAAHur_bXTzc580.jpg "title=" EXEC1. PNG "height=" 141 "width=" 524 "alt=" wkiom1uvrpoamtunaahur_bxtzc580.jpg "/>

Our executable file on Windows is a PE file. Under Linux is the ELF format.

Text Editor Edit source code file, pre-compilation processing, compiled to. s file, compile build target. o file-by-Link program connects the destination file to an executable file.

Second, for statically linked elf files, basically at load time corresponding to add the program entry address, the corresponding code data loaded into the corresponding memory space, and then gradually execute code. Here is my Elf header case.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/84/wKioL1UvtEKj9qreAANbzIAsmK0653.jpg "title=" Helloelf. PNG "height=" 362 "width=" 732 "alt=" wkiol1uvtekj9qreaanbziasmk0653.jpg "/>

I'll use GDB to look at the code entry address at execution time. Since our main function is actually called by _start, we set breakpoints to break _start. The results are as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/89/wKiom1UvtlfwSy6zAAHP1T1CPl4233.jpg "title=" start. PNG "height=" 262 "width=" 719 "alt=" wkiom1uvtlfwsy6zaahp1t1cpl4233.jpg "/>

Third, the common Linux executable program is executed under the shell, so the corresponding pre-execution process. For example,/bin/ls-l This command is to fork out a process, call the EXECVE system call, and then invoke the specific EXECLP call to pass the relevant command-line arguments to the program's main function.

Iv. usually our program also requires the use of dynamic link libraries. It is divided into dynamic link at load time and dynamic link at runtime. Demo Code,

To generate a shared library from this command:

gcc-shared Shlibexample.c-o Libshlibexample.so-m32

The following command generates a run-time link library:

gcc-shared Dllibexample.c-o Libdllibexample.so-m32

Generate files and run as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6B/89/wKiom1UvwPXiBp1xAASMH3nWbE8396.jpg "title=" DLL. PNG "height=" 275 "width=" 722 "alt=" wkiom1uvwpxibp1xaasmh3nwbe8396.jpg "/>

V. EXECVE system calls are special system calls, just like fork system calls. The fork system call returns two times, one time to return the parent process execution, one return to the specific point ret_from_fork execution, and then back to the user state. The EXECVE system call overwrites the current executable program in the kernel and is no longer the original executable when returned.

The shell calls Execve to pass command-line arguments and environment parameters to the main function of the executable program:
int Execve (const char * filename,char * CONST argv[],CHAR * Const envp[]);
All library functions, exec*, are EXECVE package routines.

system call sys_execve resolves the executable file format DO_EXECVE->DO_EXECVE_COMMON->EXEC_BINPRM and then executes Search_binary_ Handler find the parsing module that conforms to the file format indicated by the file header. For the elf file under Linux, Fmt->load_binary (BPRM) is actually performing the static int load_elf_binary (struct LINUX_BINPRM *bprm).

When executing start_thread (regs, Elf_entry, bprm->p), if it is statically linked, Elf_entry is the entry that is indicated on the header of the file. After entering the kernel

Start_thread (Struct pt_regs *regs, unsigned long new_ip, unsigned long  NEW_SP) {    set_user_gs (regs, 0);    regs->fs         = 0;    regs->ds         = __USER_DS;    regs->es         = __USER_DS;    regs->ss         = __USER_DS;    regs->cs         = __user_cs;    regs->ip        =  new_ip;    regs->sp        = new_sp;     regs->flags        = X86_EFLAGS_IF;     /*     * force it to the iret return path by making  it look as if there was     * some work  pending.     */    set_thread_flag (TIF_NOTIFY_RESUME);}

EXECVE updated the process's IP and SP with the new IP and SP before returning. For programs that need to be dynamically linked, Elf_entry loads the entry address of the dynamic linker ld.

Summary, in the Linux environment, the executable file is in the elf format, the file header indicates that the file is loaded into the memory of the necessary information, followed by the form of segments of the code and data, the division is mainly based on the read and write properties loaded into memory. The system call EXECVE is responsible for the dispatch of the executable file, first carries on the correlation parameter transfer and the pre-call environment processing, then loads the executable file the information, looks for the corresponding executable file parsing module, for the elf format executable file, according to the format request load to the corresponding address space in memory, If it is statically linked, start with the entry address indicated in the header of the file, and if it is an executable file that relies on the dynamic link library, it needs to start with the portal address of the dynamic linker ld.

This article is from the "Studypark" blog, make sure to keep this source http://swordautumn.blog.51cto.com/1485402/1633663

How the Linux kernel loads and launches an executable program