Linux Kernel Analysis Seventh Week study summary-executable program loading
Huang (Original works reproduced please specify the source)
"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000
"Learning Notes"
(a) preprocessing, compiling, linking, and format of the target file
1. How can I get the executable program?
C code--preprocessing--assembly code--Target code--executable file
Preprocessing is responsible for including the include file and macro replacement work.
Both Hello and hello.o are files in the elf format.
2. Format of the target file elf
(1) Common elf format files:
(2) abi--Application Binary interface
In the target file, he is already binary compatible, that is, adapting to binary directives.
(3) Three kinds of target files in Elf:
- A relocatable (relocatable) file holds the code and the appropriate data to create an executable file or a shared file with other object files. (mostly. o files)
- An executable (executable) file holds a program for execution, which indicates how EXEC (BA_OS) creates the process image of the program.
- A shared object file holds the code and the appropriate data to be linked by the following two linker. The first is the connection editor [see LD (SD_CMD)], which can be used to relocate and share an object file to create additional objects . The second is a dynamic linker that unites an executable file and other shared object files to create a process image. (mostly. so files)
(4) Target file format
On the left is the elf format, the right is the execution time format, where the ELF head describes the organization of the file, the program bid tells the system how to create a process memory image, section Header table contains information describing the file sections.
When creating or adding a process image, the system theoretically copies a segment of a file into a virtual memory segment.
Text segment copied to the beginning of the process, Data segment copied to a segment of the virtual address ...
There is a mapping between the executable file format and the process address space.
3. Statically linked elf executable file and process address space
(1) The corresponding relationship between Elf and Linux process virtual space memory is as follows:
The program starts with 0x804800.
The first line of code that the executable file loads into memory to begin execution.
A general static link will put all the code in the same code snippet.
A dynamically connected process will have multiple code snippets.
(ii) executable programs, shared libraries, and dynamic loading
1. Work before loading the executable program
(1) command-line arguments and the shell environment, generally we execute a program of the shell environment, our experiment directly using the EXECVE system call.
- $ ls-l/usr/bin Listing directory information under/usr/bin
- The shell itself does not limit the number of command-line arguments, the number of command-line arguments is limited by the command itself
- For example, int main (int argc, char *argv[])
- Also, int main (int argc, char *argv[], char *envp[])
- The shell calls Execve to pass command-line arguments and environment parameters to the main function of the executable program.
- int Execve (const char * filename,char * CONST argv[],CHAR * Const envp[]);
- The library function exec* are EXECVE encapsulation routines
(2) How command-line arguments and environment variables are passed and saved
command-line arguments and environment strings are placed in the user-state stack
Shell--execv--sys_execv
2. Load-time dynamic link and runtime dynamic link application Example
Dynamic linking is divided into the dynamic link and runtime dynamic link when the executable program is loaded, and the following code demonstrates these two kinds of dynamic links.
Shlibexample.h (1.3 KB)-Interface of Shared Lib Example
SHLIBEXAMPLE.C (1.2 KB)-Implement of Shared Lib Example
Compiling into a libshlibexample.so file
1 |
$ gcc -shared shlibexample.c -o libshlibexample.so -m32 |
Dllibexample.h (1.3 KB)-Interface of dynamical Loading Lib Example
DLLIBEXAMPLE.C (1.3 KB)-Implement of dynamical Loading Lib Example
Compiling into a libdllibexample.so file
1 |
$ gcc -shared dllibexample.c -o libdllibexample.so -m32 #编译方式和上面一样 |
- Use libshlibexample.so files and libdllibexample.so files in shared libraries and dynamically loaded shared libraries, respectively
MAIN.C (1.9 KB)-Main Program
Compile main, note that this provides only shlibexample-L (the directory where the interface header file for the library is located) and-L (the library name, If libshlibexample.so remove Lib and. So parts), and does not provide information about Dllibexample, but indicates the-LDL
12345678 |
$ gcc main.c -o main -L/path/to/your/dir -lshlibexample -ldl -m32 $ export LD_LIBRARY_PATH=$PWD #将当前目录加入默认路径,否则main找不到依赖的库文件,当然也可以将库文件copy到默认路径下。 $ ./main This is a Main program! Calling SharedLibApi() function of libshlibexample.so! This is a shared libary! Calling DynamicalLoadingLibApi() function of libdllibexample.so! This is a Dynamical Loading libary! |
(iii) Loading of executable programs
1. Analysis of key issues related to the loading of executable programs
Sys_execve Internal Parse executable file format
- Do_execve, Do_execve_common, EXEC_BINPRM
- The Search_binary_handler conforms to the parsing module corresponding to the search file format, as follows:
1234567 |
1369 list_for_ Each_entry (FMT, &formats, LH) { 1370 if (!try_module_get ( fmt->module)) 1371 continue ; 1372 read_unlock (&binfmt_lock); 1373 bprm->recursion_depth++; 1374 retval = Fmt->load_binary (BPRM); 1375 read_lock (&binfmt_lock); |
- For the elf-formatted executable fmt->load_binary (BPRM), the execution should be load_elf_binary its interior is and the elf file format parsing part needs to be read with the elf file format standard
- How does the Linux kernel support a variety of different executable file formats?
1234567 |
82static struct linux_binfmt elf_format = { 83 .module = THIS_MODULE, 84 .load_binary = load_elf_binary, //函数指针 85 .load_shlib = load_elf_library, 86 .core_dump = elf_core_dump, 87 .min_coredump = ELF_EXEC_PAGESIZE, 88}; |
12345 |
2198static int __init init_elf_binfmt( void ) 2199{ 2200 register_binfmt(&elf_format);#注册 2201 return 0; 2202} |
- Elf_format and Init_elf_binfmt, is this the observer in the Observer pattern?
Internal process of 2.sys_execve
To mount and start an executable program, call the following function in turn:
Sys_execve (), Do_execve (), Do_execve_common (), EXEC_BINPRM (), Search_binary_handler () _binary (), Start_thread ()
3. Use GDB to track the processing of SYS_EXECVE kernel functions (see Homework after Class)
4. Executable program loading and Zhuangsheng dream Butterfly Story
Zhuang Zhou (call Execve's executable program) to sleep (call Execve into the kernel), Wake up (System call Execve back to the user state) found himself a butterfly (executable program loaded by EXECVE)
Modifying an EIP for an int 0x80 into the kernel stack
Load_elf_binary-Start_thread
5. Analysis of dynamic linked executable program loading
(1) You can focus on interp and dynamic in the ELF format.
(2) The loading process of a dynamic link library is a graph traversal.
(3) After loading and connecting the LD gives the CPU control to the executable program.
Third, after-school homework
1. Understand the process of compiling links and the elf executable file format, refer to the first section of this week for details;
The answer to the first part of the study notes
2. Programming using the exec* library function to load an executable file, dynamic link is divided into executables when loading dynamic link and runtime dynamic link, programming exercises dynamic link Library of these two ways of use, the details refer to the second section of this week;
The answer to the first part of the study notes
3. Use GDB trace to analyze a EXECVE system call kernel processing function SYS_EXECVE, verify your understanding of the process required to load the executable program Linux system, the details of this week in the third section, recommended in the experimental Building Linux virtual machine environment to complete the experiment.
The specific code of the program is as follows:
Makefile:
Make Rootfs:
To start Debugging:
Three execution to the following interface:
Where exec discovery executes at this point
List the code that was executed:
4. Paying particular attention to the commencement of the new executable process? Why does the new executable program execute smoothly after the EXECVE system call returns? What is the difference between a static-linked executable program and a dynamically-linked executable EXECVE system call return?
The answer to the first part of the study notes
Linux Kernel Analysis Seventh Week study summary-executable program loading