Process load Process Analysis (EXECVE system call analysis)

In the recent period of learning the Linux kernel, here are some notes on the process of process initiation.

1. Process Start-up

Linux environment we start a program is usually pulled up through the shell. Or a program calls the Exec series function for process substitution.

In fact, the two approaches are essentially the same, and the shell pulls up is also called the EXEC series function, so we use the code to analyze the entire loading process in the second way.

2. Program code

First, let's look at our example program code.

To keep track of the kernel code, the Linux and file systems are emulated through QEMU. On the left-hand side of the main process, the main process fork a child process, the child process finally called exec* to replace itself with the Hello process (),

The Hello Process code is the right figure.

3, kernel code for the daytime

In fact, this is mainly to track exec* system calls in the kernel execution, exec* series functions are EXECVE package routines, EXECVE system calls the final corresponding system call handler function Sys_execve.

　　

Sys_execve--> Do_execve-->do_execve_common call process, Do_execve_common inside is actually the assembly struct LINUX_BINPRM structure body.

Its main invocation is EXEC_BINPRM.

Finally find the elf's load function, and begin to formally load in the ELF format.

, through, you can see "Current_pt_regs" This is the current process of the Register heap out (eax, ebx ... ）。

Then "Elf_entry" This is the new process of the entrance, that is, in the preparation of the new process stack information, execution environment, in fact, Start_thread is the original process of the stack information to replace all the new process stack.

4. Debug Tracking

As you can see, the entry function of the new process is loaded into the stack in the Start_thread function, and the process entry is the entry point in the Elf file. Address. So when the process returns to user space, it starts executing from the new process portal, and the process is replaced with a fresh process-rescue

5. Summary

In fact, we only analyzed the situation where the process was statically linked. If it is a dynamic link, the stack entry for the old process will not be the beginning of the elf file. The second-hand LD dynamic loader, as shown in the code:

The loading of our process is rescue through the substitution of the stack in the kernel by the exec system call. It can be likened to when a person enters a room (kernel), and when he comes out, his soul has been replaced by another person.

Process Load Process analysis (EXECVE system call analysis)