"MOOC EXP" Linux Kernel Analysis experiment Seven report

Source: Internet
Author: User
Tags call back

Ellis

Original Blog

"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

loading of executable programs

Knowledge Point GroomingI. Preprocessing, compiling, linking, and formatting of the target filehow the executable is derived
  1. C source code (. c) is compiled into assembler code (. asm) through compiler preprocessing
  2. Assembly code is compiled by the assembler into the target code (. O)
  3. Linking the target code to an executable file (a.out)
  4. Executable files are loaded into memory by the operating system

// preprocessing. c files, pre-processing including the inclusion of files included in and macro replacement work  // compile into assembly code. S// will assemble code. s compiled into binary target files. O (unreadable, partial machine instruction but not executable)   // link the target file into executable binary Hello-o hello. static hello.o-m32-static
format of the destination file elf

1. . Out is the oldest executable file currently on the Windows system that is mostly Elf on the Pe,linux system. The elf file is already a binary compatible file that adapts to a certain CPU architecture

2. Three forms of the target file:

  • relocatable files. O, used to create executables and shared files with other object files
  • Executable file that indicates where the execution should begin
  • Shared files, mostly. So files, used by link editors and dynamic linker links

3. elf Format

  • Elf Head describes the organization of the file, the program bid tells the system how to create a process memory image, the section Header table contains information describing the file sections. When the system executes a file, it is theoretically copied to a segment in virtual memory
  • The head of the elf file specifies a number of binary compatibility-related information. So when loading elf files, you must first load the head and analyze the elf's specific information.
  • Entry represents the entry address of the program after the new executable has just been loaded, the header is code and data, the process address space is 4G, the above 1G is the kernel, the following 3G is the program used. The default ELF header load address is 0x8048000
statically linked elf executable file and process address space

1. Entry Point address: 0x8048x00 (not unique)

Load effect: Load code snippet data into memory, load data into memory, start loading from 0x8048000 address by default

The first code address that executes when an executable file is loaded into memory when a process that has just loaded the executable is started

A general static link places all the code in one code snippet, while a dynamically linked process has multiple snippets

2. process

  • Analysis Head
  • See if dynamic linking is required. If it is a statically linked elf file, then load the file directly. If it is a dynamically linked executable, then you need to load the dynamic linker
  • Mount the file, prepare the process image for it
  • Set register and stack information for new code snippets
 ii. executable programs, shared libraries, and dynamic linksexecution Environment of the executable program
    • Typically executes a shell environment for a program that uses EXECVE system calls directly in the experiment
    • The shell itself does not limit the number of command-line arguments, and the number of command-line arguments is limited by the command itself, such as:

      int Main (intChar *argv[])int main (intchar  Char envp[])//ENVP is the execution environment of the shell

    • The shell calls Execve to pass command-line arguments and environment parameters to the main function of the executable program.

int execve (constchar * filename,charconst argv[],char  Const envp[]);

loading of executable programs
  • Fork two times back, the first return to the parent process continues to execute downward, the second is the child process returned to ret_from_fork and then normal return to the user state.

  • When the EXECVE executes, it falls into the kernel state, overwrites the currently executing program with the program loaded in the EXECVE, and returns to the new executable starting point when the system call returns.

(1) where is the starting point for executable file execution? How can I get the EXECVE system call back to the user state when the new program is executed?

Modify the EIP of int 0x80 into the kernel stack by modifying the value of the EIP in the kernel stack as the starting point for the new program.

(2) How the Linux kernel supports a variety of different executable file formats
Static structLinux_binfmt Elf_format//declares a global variable = {. module =this_module,.load_binary= Load_elf_binary,//The Observer automatically executes. Load_shlib =Load_elf_library,.core_dump=Elf_core_dump,.min_coredump=Elf_exec_pagesize,};Static int__iit Init_elf_binfmt (void) {n Register_binfmt (&elf_format);//register variables into the kernel list and find the file format in the list    return 0;}

(3) dynamic Link
    • The executable needs to rely on a dynamic-link library, and the dynamic-link library may rely on other libraries to form a diagram-the dynamic-link library generates a dependency tree.
    • Rely on the dynamic linker to load the library and parse it (this is the traversal of a graph), load all the required dynamic link libraries, and then LD give the CPU control to the executable program
    • The process of dynamic linking is primarily a dynamic linker that works, not the kernel.

The experimental process andUsing GDB to track the process of SYS_EXECVE kernel functions

1. start updating the kernel first, then use TEST_EXEC.C to overwrite the test.c

2. the EXEC system call is added to the test.c file, and gcc-o Hello Hello.c-m32-static is added to the makefile file.

3. start the kernel and verify the EXECV function

4. Start GDB Debugging

After setting Sys_execve, execute system call exec in Menuos and find the first breakpoint.

Find a second breakpoint

After assigning a value to the stack bottom pointer of the new stack, find the third breakpoint Start_thread

NEW_IP is the first instruction to return to the user state

Enter Redelf-h hello to see the EIF header of hello after exiting debug state

Executable program loading and the story of Zhuang Zhou Dream butterfly

Zhuang Zhou (call Execve's executable program) to sleep (call Execve into the kernel), Wake up (System call Execve back to the user state) found himself a butterfly (executable program loaded by EXECVE)

Simple analysis on loading of dynamically linked executable program

1. What did the kernel do in the process of dynamic linking?

// the executable needs to rely on the dynamic-link library, and the dynamic-link library may depend on other libraries, in fact the dependency of the dynamic-link library will form a graph

2. Is the kernel responsible for loading the dynamic link libraries that the executable program relies on?

Dynamic linker is responsible for loading these libraries and parsing the current executable file, loading all the required dynamic link libraries, dynamic link library loading process is a graph of the traversal (breadth) load and link after the LD will control the CPU to the executable program dynamic link process is done mainly by the dynamic linker, not the kernel

"MOOC EXP" Linux Kernel Analysis experiment Seven report

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.