Linked process
- First, run the C preprocessor CPP and translate the C source program (A.C) into an ASCII intermediate file (A.I)
- Then C compiler CCL, translate A.I into ASCII assembly language file A.s
- Then run assembler as to translate the A.S to a relocatable target file a.o
- Eventually fully linked to an executable file a.out
Target file
How to save the data of a new program
Call Execve through the shell program to pass command-line arguments and environment parameters to the main function of the executable program. The execve then presses the parameters in the main function onto the stack when creating a new user-state stack. The final implementation of the SYS_EXECVE to truly implement the parameters in the system delivery.
When the new executable is called, the space occupied by the old executable is taken up by the new executable, so that when Execve returns, the data returned is not the result of the old executable, but the return data of the newly loaded executable file, so that the new executable can be executed.
Related points of the executable file
Start_thread by modifying the value of an EIP in the kernel stack as a starting point for a new program
Depending on the statically linked executable, Elf_entry is the starting point in the header of the executable file entry, which is the location of the main function.
If you need to rely on a dynamic link library, then elf_entry points to the starting point of the dynamic linker, the CPU control is given to LD to load the dependent library and complete the dynamic link
An EIP that needs to be pressed into the kernel stack by modifying the int 0x80 before the new executable is called
The elf executable is mapped to the 0x8048000 address by default.
Execve execution process in the kernel
- Execve The main steps to run an executable program:
Delete an existing user area: Deletes the stack space in the user portion of the current executable file
Hide private zones: Creates new space for new program text, data, and stacks that are private to the new executable and are copy-on-write.
Map shared areas: If the elf file is connected to a shared destination, it needs to be dynamically linked and mapped to a shared area in the user's virtual address space.
- Set Program counter: Set the EIP to point to the entry address of the new executable file
Such as:
The EXECVE function executes the process in the kernel
Call Execve () in the user state to cause the system to break and execute the corresponding function in the kernel state sys_execve
The SYS_EXECVE function calls the DO_EXECVE function, which reads into the executable file.
The system then calls Search_binary_handler to find the appropriate handler based on the type of executable file. Create a struct-linux_binfmt structure based on each file and connect it to a list of IQ, and the system will traverse the list to find the corresponding structure.
The corresponding load_binary function is called to begin loading the executable file.
The system uses Load_elf_binary to load an elf-type executable file. The function reads the head of the elf file and reads the data into the header of the elf file.
If there is a dynamic link library, you need to map the dynamic link to the shared zone. At this point, you need to use LOAD_ELF_INTERP to load the image and set the return address to the portal of the LOAD_ELF_INTERP dynamic linker.
As shown in the following:
Experimental purpose of Experiment part
Use GDB to track the processing of SYS_EXECVE kernel functions, analyze the system call processing of the exec* function, and understand how the Linux kernel loads and launches an executable program.
Experimental process
Executes the menuos, which loads the Execve
Set breakpoints
The order in which to mount and run an executable file is:
Sys_execve (), Do_execve (), Do_execve_common (), EXEC_BINPRM (), Search_binary_handler () _binary (), Start_thread ()
Summarize
When a Linux kernel or program (such as a shell) uses the fork function to create a child process, the child process often calls an EXEC function to execute another program.
When a process invokes an EXEC function, the process executes a program that is completely replaced with a new program, and the new program starts with its main function
Linux Kernel analysis-executable program loading