Yi Silam + original works do not reprint + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000 "Week 7 executable program load 1. Pre-processing, compiling, Format of links and destination files
2. Format of the target file elf target files and links
What is the target file like?
The contents of the target file have at least the compiled machine instruction code and data. Yes, in addition to these content, the target file also includes some of the information needed to link, such as symbol table, debugging information, string, and so on.
Elf:exectable and linkable format. Executable and linked formats.
It is the standard for file formats, and the executable connection format is developed and published by the UNIX System Lab (USL) as an application binary interface (application binary Interface (ABI). Tool Interface Standard Committee (TIS) selected the evolving Elf standard as a portable binary file format for working with different operating systems on 32-bit Intel systems.
What is the ABI and target file format?
ABI is also called the target file, the application binary interface. Binary compatibility issues. In terms of complexity:
- 符号修饰标准、变量内层布局、函数调用方式等这些跟可执行代码二进制兼容性相关的内容称为ABI(Application Binary Interface)。
- Common ABI formats:
three kinds of target files in Elf (elf: Executable connection format) :
- A relocatable file holds the code and the appropriate data to create an executable file or a shared file with other object files. (* * mostly. o files * *)
- An executable file holds a program for execution, which indicates how exec creates a program process image.
- A shared object (target) file holds the code and the appropriate data, which is linked to the following two linker. The first is the link Editor , which can be used to relocate and share an object file to create additional objects. The second is a dynamic linker that unites an executable file and other shared object files to create a process image.
- Elf Target file format:
- ELF File Structure description
Elf file header: How to view the head of an elf file
shiyanlou:Code/ $ readelf -h hello
Segment Header table
-The location and size of the sections in the target file
-At the end of the target file
- Link:
- A link is a process that collects and organizes the different code and data required by the program so that the program can be loaded into memory and executed.
- The linking process is divided into two steps:-Space and address assignment:-Scans all of the input target files, obtains the lengths, attributes, and locations of their segments, and collects the symbol definitions and symbol references from the input target file, uniformly placed into a global symbol table. In this step, the linker will be able to get the length of all input target files, merge them, calculate the lengths and positions of each segment in the output file, and establish a mapping relationship. -Symbolic parsing and relocation:-use all the information collected in the first step above, read the data in the middle of the input file, reposition the information, and perform symbolic resolution and relocation, adjust the address in the code, and so on. The second step, in fact, is the core of the link process, especially the relocation process.
Statically linked Elf executables and process address space target files, executables, and process space
-General static links will put all the code in a code snippet. -Dynamically linked processes will have multiple code snippets.
Executable Target files and loading
- The executable target file is similar to the relocatable destination file format
- Loading of executable target files is done by the loader
Typical Elf executable target file
Some tools for working with target files
2. Executable programs, shared libraries, and dynamic links
The work before the executable program is loaded. -Executable Execution Environment:-Command line parameters and shell environment, generally we execute a program of the shell environment, our experiment directly using EXECVE system call. -$ ls-l/usr/bin lists directory information under/usr/bin-the shell itself does not limit the number of command-line arguments, and the number of command-line arguments is limited by the command itself----for example, int main (int argc, char *argv[])----as such, int main (int argc, char *argv[], char envp[])-the shell calls Execve to pass command-line arguments and environment parameters to the main function of the executable program----int execve (const char * Filename,char * CONST argv[],CHAR * Const envp[]); -The library function exec is an encapsulation routine for execve-how are command-line arguments and environment variables saved and passed? - command-line arguments and environment strings are placed in the user-state stack
- shell程序->>execve->> sys_execve- 然后在初始化新程序堆栈时拷贝进去- 先函数调用参数传递,在系统调用参数传递
Example of dynamic link and runtime dynamic link application at load time
dynamic linking is divided into the dynamic link and runtime dynamic link when the executable program is loaded .
3. Analysis of key issues related to loading executable program loading of executable program
SYSEXECVE kernel process-sysexecve internally resolves executable file format
- Doexecve, do execveCommon, execBINPRM
- Searchbinaryhandler conforms to the parsing module of the search file format, as follows (to find the corresponding file format processing module according to the file header information):
- The following place is equivalent to the part of the Observer Code:
- For the elf format executable fmt->loadbinary (BPRM), the execution should be loadelf_binary its interior is and the elf file format parsing part needs and the elf file format standard together read
- How does the Linux kernel support a variety of different executable file formats?
- The following belong to the Observer:
- ---elfformat and initelf_binfmt, is this the observer in the Observer pattern? (The answer is above.) )
- Where is the starting point for executable execution? How can I get the EXECVE system call back to the user state when the new program is executed?
- Modifying an EIP for an int 0x80 into the kernel stack
- Loadelfbinary--* * start_thread** A starting point for the new program by modifying the value of the EIP in the kernel stack.
Internal process of Sys_execve
- The elf executable is mapped to the 0x8048000 address by default.
- Dynamically linked Executables load linker ld first
- Give the CPU control to the LD to load the dependent library and complete the dynamic link.
- The file elf_entry for the static link library is the starting point for the new program execution.
Using GDB to track the process of SYS_EXECVE kernel functions
Executable program loading and Zhuangsheng dream Butterfly Story
- Zhuangsheng Dream Butterfly--Wake up confused is Zhuang Zhou dream of butterfly or butterfly dream of Zhuang Zhou?
- Zhuang Zhou (call Execve's executable program) to sleep (call Execve into the kernel), Wake up (System call Execve back to the user state) found himself a butterfly (executable program loaded by EXECVE)
Simple analysis on loading of dynamically linked executable program
- In fact, the dependency of the dynamic link library forms a graph.
- is the kernel responsible for loading the dynamic link libraries that the executable program relies on?
- When a asked piece is interpreter is dependent.
- The loading process of a dynamic-link library is a graph traversal.
- After loading and linking, LD gives control of the CPU to the executable program.
20135239 Benefits Silam Linux Kernel analysis executable loader
