Hi, Shachar.
stack has following structure:
argc
argv
envp
AND
auxv
You can see auxv by running any dynamically linked executable as
LD_SHOW_AUXV=1 program
What you are looking for is AT_ENTRY
Code that initialized user_entry is in the
sysdeps/generic/dl-sysdep.c (look for 'case AT_ENTRY:')
Regards,
Valery.
P.S. And what do you need it for (except curiosity) ?
--- On Thu, 7/3/08, Shachar Shemesh <[EMAIL PROTECTED]> wrote:
> From: Shachar Shemesh <[EMAIL PROTECTED]>
> Subject: Linux executable startup stack structure
> To: "Fakeroot NG" <[EMAIL PROTECTED]>, "linux-il" <linux-il@cs.huji.ac.il>
> Date: Thursday, July 3, 2008, 6:49 AM
> Hi all. Sorry for the crosspost.
>
> I am looking for some documentation on the structure of the
> stack when
> an executable starts. I know the basics - argc, then argv,
> then envp.
> What I'm interested in is what's beyond that.
> I've tried googling,
> reading the sources in the kernel for fs/binfmt_elf.c and
> the sources
> for ld-linux.so. I'm sure what I'm looking for is
> in there, but I just
> couldn't nail it.
>
> In particular, this is what I'm looking for. When one
> tries to load an
> executable (say, /bin/cat), the kernel figures out it is an
> ELF file,
> reads a field called "interpreter", which has a
> fairly typical value (on
> 32 bit Intel - /lib/ld-linux.so.2), and loads the
> interpreter and
> /bin/cat into memory, and runs the interpreter code. The
> interpreter
> then looks at the ELF headers (which the kernel has loaded
> into memory)
> for /bin/cat, and based on them loads the rest of the
> required shared
> objects into memory, and then runs the /bin/cat code.
>
> Then again, the interpreter can also be directly run. That
> happens if my
> command line is actually "/lib/ld-linux.so.2
> /bin/cat". In that case,
> the kernel loads just the interpreter into memory and runs
> it, the
> interpreter figures out that it was run in direct mode,
> loads /bin/cat
> into memory, and then proceeds as before. In other words,
> the
> interpreter KNOWS whether it was loaded as an interpreter
> or whether it
> was loaded directly. That is what I'm trying to figure
> out.
>
> It is NOT done by looking at the args, and it is not done
> by querying
> /proc/self. It is done by examining a portion of the
> executable header
> left by the kernel somewhere in memory, and asking
> "where is the
> executable startup code located? Is it the same as
> mine?" If ld-linux
> figures the startup code is the same is its own entry, then
> it assumes
> it was called directly. Otherwise, it assumes it is just
> the interpreter.
>
> I found the actual logic just described. It is in the glibc
> sources, in
> elf/rtld.c, in a function called "dl_main". It is
> the first "if" in that
> function. What I have, so far, failed to find is where the
> variables
> referenced by that if are being initialized. I have reason
> to believe
> this is just a struct left on the stack by the kernel, but
> what the
> struct is, and more importantly, where on the stack, I have
> not, yet,
> been able to figure out.
>
> I have not yet given up. I'm just hoping someone will
> come up and say
> "oh, just look at this URL for an explanation".
> The code is so choke
> full of things that look like preprocessor directives but
> seem to be, in
> fact, internal gcc attributes that I find the program flow
> somewhat
> unreadable. My method, right now, is to compile it with
> debug symbols,
> and then use objdump to overlay the source over the actual
> assembly
> code. It has, in fact, come to the point where it is easier
> to try and
> understand what I need that way.
>
> Any help would be greatly appreciated.
>
> Shachar
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED]
> with
> the word "unsubscribe" in the message body, e.g.,
> run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
