Where does the kernel start execution? Almost any book on Linux kernel source code analysis will give detailed answers. However, I try to explain it from a different angle (a beginner's point of view), rather than giving the answer as soon as I come up. It is a common idea to start from familiar things and gradually approach unfamiliar things. Since they are all binary code, you may wish to start with the simplest user-State C program, hello World. Maybe we can find something in common. I happen to be a person who likes to get to the bottom. Maybe, understanding the Startup Process of the hello World Program helps you better understand the startup of the kernel.
Okay. Let's get to the bottom. It starts from a common user-State program in C language. First, write a simple hello World Program.
/* Helloworld. C */
# Include <stdio. h>
Int main ()
{
Printf ("Hello World/N ");
Return 0;
}
Then GCC helloworld. C-o helloworld, a simple hello World Program appears.
Where does it start? Isn't it easy? Main function. Everyone on Earth knows.
Why must we start with the main function? So I started to figure out the hello World Program.
File helloworld is an elf executable file.
Try disassembly.
Objdump-D helloworld
The results of disassembly are surprising because a bunch of functions, such as _ start (), appear. Some library functions are linked by default during GCC compilation.
In fact, as long as you run gcc-V helloworld. C-o helloworld, the GCC detailed compilation link process will be displayed. These files include crti. O crt1.o crtn. O files linked to/usr/lib. Use the objdump command to check whether the _ start () function is defined in the crt1.o file.
So where is the real execution entry of helloworld? We can use readelf to check whether there is any useful information.
Readelf-A helloworld
As an elf file, helloworld includes the ELF File Header, section table, and sections. If you are interested, go to the ELF file format document.
Readelf indicates that there is such information in the ELF File Header of helloworld:
Entry Point address: 0x80482c0
It can be seen that the entry address of the helloworld program is 0x80482c0, which is obtained by objdump:
080482c0 <_ Start>:
It can be seen that _ start () is the first function executed by the helloworld program. _ Start () after some initialization work is completed, it is called layer by layer and finally called Main (). it can be imagined that if the final call in _ start () is foo (), the main function of the C program will not be main (), but Foo.
Further: How is the helloworld Program executed. We can only guess that Bash is responsible for the execution. However, bash code is too complicated. We can use strace to track the execution of helloworld.
Strace./helloworld
There are a lot of function calls. The first one is execve (), which is a key system call and is responsible for loading and running helloworld executable files. The key step is to set the user-state EIP register (which is actually the corresponding value in the memory) to the entry point address in the ELF File, that is, _ start (). See the sys_execve () function in the kernel.
It can be seen that the starting position of the program depends on the value of the EIP register at the beginning of execution. This EIP is set by other programs. Here, the EIP is set by the Linux kernel. The specific process is as follows:
1. Run./helloworld in shell.
2. Shell (BASH) calls execve () by calling the system ().
3.exe CVE falls into the kernel and runs sys_execve () to set the user-state EIP to _ start ().
4. When the system call is completed and the helloworld process starts to run, it starts to run from _ start ().
5. The helloworld process is last executed to main ().
Refer to: ELF File Format
Http://www.skyfree.org/linux/references/ELF_Format.pdf