Embedded System Degisn Vu Quang DaoHomework #2 1101549011

I. Summary chapter 8 – Computer science bottom up. ELF (Executable and Linker Format):  

ELF is a common standard file format for executables, object code, shared libraries, and core dumps - an extremely flexible format for representing binary code in a system.

ELF format specifies two views of an ELF file – that which is used for linking and that which is used for execution.

ELF File header:

ELF file has a file header which describes the file in general and then has pointers to each of the individual sections that make up the file.

Figure 1. The ELF Header, as shown by readelf

ELF header always start with a few “magic” bytes: 0x7F then the ASCII encoded “ELF” string as shown above. After that are some flags for the type of machine this binary is created for (32bit/64bit machine; big endian/little endian…). The entry point address is the address in memory that the program code starts at.

Program header, segments and sections

ELF file has a header that describes the overall layout of the file. The ELF header actually points to another group of headers called the program headers. These headers describe to the operating system anything that might be required for

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

it to load the binary into memory and execute it. Segments are described by program headers, but so are some other things required to get the executable running.

Figure 2. Program header definition

e_phoff, e_phnum and e_phentsize indicate the offset in the file where the program headers start, how many program headers there are and how big each program header is. The p_type field defines just that the program header is defining.

Segments are described with a value of PT_LOAD in the p_type field. Each segment is then described by the other fields in the program header.

- p_offset field indicates how far into the file on disk the data for the segment is.

- p_vaddr field indicates what address that data is to live at in virtual memory.

- p_filesz and p_memsz fields indicate how big the segment is on disk and how big it should be in memory.

- p_flags field indicates the permissions on the segment.

Sections make up segments. Sections are a way to organize the binary into logical are to communicate information between the compiler and the linker. In some special binaries, sections are used in more specific ways. Sections have a similar header to segments.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 3. Section header definition

Sections have a few more types defined for the sh_type field; for examples a section of type SH_PROGBITS field is defined as a section that hold binary data for use by the program. There are also more attributes, such as the allocate attribute which flags that this section will need memory allocated for it.

Figure 4. Example program (1)

Figure 5. Output of readelf for example program (1)

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 6. Output of readelf for example program (1)

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 7. Output of readelf for example program (1)

Figure 7 shows the segments and section mappings in the ELF file for the binary ./sections. From it, we can see what sections have been moved into what segments.

Debugging

Traditionally the primary method of post mortem debugging is referred to as the core dump. The term core comes from the original physical characteristics of magnetic core memory, which uses the orientation of small magnetic rings to store state. Thus a core dump is simply a complete snapshot of the program as it was running at a particular time. A debugger can then be used to examine this dump and reconstruct the program state.

ELF executables

Contained within the ELF executables binary is everything required for the operating system to execute the code as intended. Since an executable is designed to be run in a process with a unique address space, the code can make assumptions about where the various parts of the program will be loaded in memory. Figure 8 shows an example using the readelf tool to examine the segments of an executable file.

We can see the virtual addresses at which the LOAD segments are required to be placed at. The program segments must be loaded at these addresses; the last step of the linker is to resolve most relocations and patch them with the assumed absolute addresses. In reality, executables generally have external dependencies on shared libraries.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 8. Segments of an executable file

Libraries- Static libraries:

The library is called a static library when the object files from the library linked directly into final executable file. The static library is simply a group of object files. The object files are kept in an archive, which leads to their usual .a suffix extension.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 9. Creating and using a static library

Static linking is very straight forward, but has a number of drawbacks. There are two main disadvantages:

- If the library code is updated, you have to recompile your program into a new executable.

- Every program in the system that uses that library contains a copy in it’s executable.

- Shared libraries:

A shared library is a library that is loaded dynamically at runtime for each application that requires it. The application simply leaves pointers that it will require a certain library, and when the function call is made the library is loaded into memory and executed. If the library is already loaded for another application, the code can be shared between the two, saving considerable resources with commonly used libraries.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Starting a process- Firstly, in response to an exec system call, the kernel allocates the

structures for a new process and reads the ELF file specified from disk.- Once the kernel has loaded the interpreter it passes it to the entry point as

given in the interpreter file, the dynamic linker will jump to the entry point address as given in the ELF binary.

- Usually, the entry point address points to _start function.II. Summary DBP consulting startup.

Figure 10. How programs get loaded under Linux

Assuming we have a simple program. When we run a program, the shell calls execve() which executes the Linux system call execve(). It will set up a stack, and push onto it argc, argv and envp. When everything is ready, control is handed to your program by calling _start().

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Figure 11. _start() function

_start() pushs below arguments on the stack in reverse order before the call to _libc_start_main.

Figure 12. Stack contents just before call of _libc_start_main

_libc_start_main will:

- Takes care of some security problems with setuid setgid programs.- Starts up threading.- Registers the fini and rtld_fini arguments to get run by

at_exit to run the program’s and the loader’s cleanup routines.- Calls the _main argument.- Calls the main with the argc and argv arguments passed to it and

with the global _environ will argument.- Calls exit with the return value of main.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

III. Describe some terms. Kernel

The kernel is the operating system. It communicates to hardware both directly and through drivers. It has complete control over everything that occurs in the system.

Glibc

Glibc (The GNU C Library) is used as the C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel.

It is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known.

System Call

A system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. This may include hardware-related services (for example, accessing a hard disk drive), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system.

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

Standard Library

The C standard library is the standard library for the C programming language.

It provides macros, type definitions and functions for tasks such as string handling, mathematical computations, input/output processing, memory management, and several other operating system services.

The application programming interface (API) of the C standard library is declared in a number of header files. Each header file contains one or more function declarations, data type definitions, and macros.

stdio.h: Defines core input and output functions

Most of the C file input/output functions are defined in stdio.h

- File access: fopen, fclose, fflush, …

- Direct input/output: fread, fwrite, …

- Unformatted input/output: fgets, fputs, …

- Formatted input/output: scanf, printf, …

- File positioning: fseek, ftell, rewind, …

Embedded System Degisn Vu Quang DaoHomework #2 1101549011

- Error handling: ferror, feof, …

- Operations on files: rename, tmpfile, …

printf: Prints formatted byte/wchar_t output to stdout, a file stream or a buffer.