Lab7:linux how the kernel loads and launches an executable program

Li Junfeng + Original works reproduced please specify the source + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

I. Experimental principles

1.elf executable file format

The elf file consists of 4 parts, namely the Elf header (elf header), the Program Header table, the section Header table, and the section headers tables. In fact, a file does not necessarily contain all the content, and their location may not be as shown in this arrangement, only the position of the elf head is fixed, the rest of the parts of the location, size and other information is determined by the values of the elf head.

2. Target file

The target file has at least the contents of the compiled machine refers to the code, data. Yes, in addition to these content, the target file also includes some of the information needed to link, such as symbol table, debugging information, string, and so on.

3. target file type

(1) relocatable (relocatable) file

Save the code and the appropriate data to create an executable file or a shared file together with other object files.

(2) executable (executable) file

Holds a program for execution; This file indicates how exec (Ba_os) created the process image of the program.

(3) Sharing an object file

Save the code and the appropriate data to be linked by the following two linker. The first is the connection editor [see LD (SD_CMD)], which can be used to relocate and share an object file to create additional objects. The second is a dynamic linker that unites an executable file and other shared object files to create a process image.

4. Executable program generation process

5. Links

A link is a process that collects and organizes the different code and data required by the program so that the program can be loaded into memory and executed. The linking process is divided into two steps:

(1) Space and address assignment

Scans all of the input target files, obtains the lengths, properties, and locations of their segments, and collects the symbol definitions and symbol references from the input target file, and unifies them into a global symbol table. In this step, the linker will be able to get the length of all input target files, merge them, calculate the lengths and positions of each segment in the output file, and establish a mapping relationship.

(2) symbolic parsing and relocation

Use all the information collected in the first step above, read the data in the middle of the input file, reposition the information, and perform symbolic resolution and relocation, adjust the address in the code, and so on. The second step, in fact, is the core of the link process, especially the relocation process.

6. Differences between static, shared, and dynamic libraries

there are some functions in the C language that do not need to be compiled, and some functions can be used in multiple files. In general, these functions perform some standard tasks, such as database input/output operations or screen controls. These functions can be compiled beforehand and placed in special target code files, which are called libraries. The functions in the library file can be connected to the application through the connector program. This eliminates the need to compile these common functions every time you develop a program.   the

Library can be used in three ways: static, shared, and dynamic. The code for the static library is connected to the developer-developed application at compile time, and the shared library is loaded only when the program starts running, and at compile time simply specify the library functions that need to be used. Dynamic libraries are another form of change for shared libraries. A dynamic library is also loaded while the program is running, but unlike a shared library, the library function used is not loaded until the program runs, but when the statement in the program needs to use the function. The dynamic library frees up the memory occupied by the dynamic library while the program is running, freeing up space for other programs to use. Because shared libraries and dynamic libraries do not include the contents of library functions in the program, they only contain references to library functions, so the size of the code is smaller. The

Static library can be considered a collection of some target code. According to the custom, the ". A" is generally used as the file suffix name. Use the AR (archiver) command to create a static library. Because shared libraries have a greater advantage, static libraries are not often used. But the static library is simple to use, there is still room for use, and will always exist. The

Static library can save recompilation time by eliminating the need to compile when the application is built. But as the compiler gets faster today, it doesn't seem to matter. If other developers want to use your code, and you don't want to give it the source, providing a static library is a choice. In theory, the application uses a static library, which is 1-5% faster than using a dynamically loaded library, but it may not be the case for inexplicable reasons. From this perspective, the static library may not be a good choice except for ease of use. The

Shared library
Shared library is loaded when the program starts. When an application loads a shared library, other applications can still mount the same shared library. Linux-based usage, shared libraries have other flexible and subtle features: The
Update Library does not affect the application's use of older, non-backward-compatible versions, and when a particular program is executed, it can overwrite the entire library or update a specific function in the library, which does not affect the program that is already running. They will still use libraries that have already been loaded.

Two. Experimental steps

1. First write the EXEC function into our system, the TEST.c file, as shown in:

2. Recompile the operating system and the results are as follows:

3. Run the test command as shown in:

4. Below the breakpoint, as shown in:

5. Step into the SYS_EXECVE function as shown in:

6. Step into the Load_elf_binary function as shown in:

7. Stepping into the Start_thread function

8. View the value of the NEW_IP as shown in:

9. Look at the ELF header of the executable file as shown in:

10. You can find the entry point address of the program is the value of NEW_IP

Three. Experimental summary

Paying particular attention to where the new executable program starts? Why does the new executable program execute smoothly after the EXECVE system call returns? What is the difference between a static-linked executable program and a dynamically-linked executable EXECVE system call return?

EXECVE Process:

(1) The filename of the executable file from the user space to the kernel space filename = getname (name);

(2) Open executable file: File = open_exec (filename);
(3) Initialize the LINUX_BINPRM data structure used to store all information associated with the binary executable when it is loaded: RetVal = Bprm_mm_init (BPRM);
(4) Collect the parameters and environment variables required to run the BPRM: three consecutive copy_strings ()

(5) The core of the function is: Search_binary_handler. Loads the executable file.

The new executable program changes the kernel stack eip as a starting point for the new program, and Start_thread returns to the user state from the next instruction of the int 0x80 to the entry location of the newly loaded executables, starting with NEW_IP. When executing to the EXECVE system call, enter the kernel state, overwrite the executable program of the current process with EXECVE () loaded executables, and when the EXECVE system call returns, returns the execution starting point of the new executable program (main function), So the new executable program can execute smoothly after the EXECVE system call returns. When the EXECVE system call returns, if it is a static link, Elf_entry points to the header specified by the executable (the location of the main function 0x8048000), and if you need to rely on the dynamic link library, Elf_entry points to the starting point of the dynamic linker. Dynamic linking is mainly done by the dynamic linker ld.

This week's experiment is almost as difficult as the previous experiment, but it is very difficult to understand and I hope that I can use my spare time to understand digestion, (*^__^*)

Lab7:linux how the kernel loads and launches an executable program