学步园

Linux使用ELF格式作为可执行文件的组织形式。

ELF有自己的详细规则。

对应的数据结构如下：

/*<br /> * ELF header at the beginning of the executable.<br /> */<br /> typedef struct {<br /> unsigned char ident[16];<br /> unsigned short type;<br /> unsigned short machine;<br /> unsigned int version;<br /> unsigned int entry;<br /> unsigned int phoff;<br /> unsigned int sphoff;<br /> unsigned int flags;<br /> unsigned short ehsize;<br /> unsigned short phentsize;<br /> unsigned short phnum;<br /> unsigned short shentsize;<br /> unsigned short shnum;<br /> unsigned short shstrndx;<br /> } elfHeader;</p> <p>/*<br /> * An entry in the ELF program header table.<br /> * This describes a single segment of the executable.<br /> */<br /> typedef struct {<br /> unsigned int type;<br /> unsigned int offset;<br /> unsigned int vaddr;<br /> unsigned int paddr;<br /> unsigned int fileSize;<br /> unsigned int memSize;<br /> unsigned int flags;<br /> unsigned int alignment;<br /> } programHeader;</p> <p>/*<br /> * Bits in flags field of programHeader.<br /> * These describe memory permissions required by the segment.<br /> */<br /> #define PF_R 0x4 /* Pages of segment are readable. */<br /> #define PF_W 0x2 /* Pages of segment are writable. */<br /> #define PF_X 0x1 /* Pages of segment are executable. */</p> <p>/*<br /> * A segment of an executable.<br /> * It specifies a region of the executable file to be loaded<br /> * into memory.<br /> */<br /> struct Exe_Segment {<br /> ulong_t offsetInFile; /* Offset of segment in executable file */<br /> ulong_t lengthInFile; /* Length of segment data in executable file */<br /> ulong_t startAddress; /* Start address of segment in user memory */<br /> ulong_t sizeInMemory; /* Size of segment in memory */<br /> int protFlags; /* VM protection flags; combination of VM_READ,VM_WRITE,VM_EXEC */<br /> };</p> <p>/*<br /> * Maximum number of executable segments we allow.<br /> * Normally, we only need a code segment and a data segment.<br /> * Recent versions of gcc (3.2.3) seem to produce 3 segments.<br /> */<br /> #define EXE_MAX_SEGMENTS 3</p> <p>/*<br /> * A struct concisely representing all information needed to<br /> * load an execute an executable.<br /> */<br /> struct Exe_Format {<br /> struct Exe_Segment segmentList[EXE_MAX_SEGMENTS]; /* Definition of segments */<br /> int numSegments; /* Number of segments contained in the executable */<br /> ulong_t entryAddr; /* Code entry point address */<br /> };

操作系统根据规则解析文件，分别设置代码段和数据段和程序入口地址。

设置时结合内存分配、内存分配需要虚拟地址和预留栈空间。

 /**<br /> * From the data of an ELF executable, determine how its segments<br /> * need to be loaded into memory.<br /> * @param exeFileData buffer containing the executable file<br /> * @param exeFileLength length of the executable file in bytes<br /> * @param exeFormat structure describing the executable's segments<br /> * and entry address; to be filled in<br /> * @return 0 if successful, < 0 on error<br /> */<br /> int Parse_ELF_Executable(char *exeFileData, ulong_t exeFileLength,<br /> struct Exe_Format *exeFormat)<br /> {<br /> int k;<br /> // begin from head<br /> elfHeader* elfHead = (elfHeader*)exeFileData; </p> <p> // program header table, + offset from elfHead<br /> programHeader *proHeader=(programHeader *)(exeFileData + elfHead->phoff);</p> <p> // program entry, that is code entry<br /> exeFormat->entryAddr = elfHead->entry;</p> <p> // program segments number<br /> exeFormat->numSegments = elfHead->phnum;<br /> Print("the number of entries in the program header table: %d /n", elfHead->phnum);</p> <p> for(k=0; k<elfHead->phnum; k++)<br /> {<br /> // proHeader offset<br /> exeFormat->segmentList[k].offsetInFile = proHeader->offset;<br /> // fileSize<br /> exeFormat->segmentList[k].lengthInFile = proHeader->fileSize;<br /> // virtual address<br /> exeFormat->segmentList[k].startAddress = proHeader->vaddr;<br /> // memory size<br /> exeFormat->segmentList[k].sizeInMemory = proHeader->memSize;<br /> // flag<br /> exeFormat->segmentList[k].protFlags = proHeader->flags;<br /> proHeader++;<br /> }</p> <p> return 0;<br /> }<br />

最后跳转到程序入口进行执行，执行后返回。

程序参数为代码段、数据段、入口。

align 8<br /> Trampoline:<br /> ;; first we fetch the code selector off the stack<br /> mov ebx, [esp+4]<br /> ;; then we fetch the data selector off the stack<br /> mov eax, [esp+8]<br /> ;; and finally the entry address<br /> mov ecx, [esp+0xc]</p> <p> push ds<br /> push es<br /> mov ds, ax<br /> mov es, ax</p> <p>;; push KERNEL_CS/EIP so that we return here<br /> ;; after running the program<br /> push dword KERNEL_CS<br /> push dword .backhere</p> <p>;; now make the inter-selector jump<br /> ;; we land in different cs/ds descriptors<br /> push ebx<br /> push ecx<br /> retf<br /> .backhere:</p> <p> pop es<br /> pop ds<br /> ret