Hi all,
I am desperately looking for a more or less detailed description of how an application is loaded into memory and then executed in Linux. Basically, I would like to know what information is read from the ELF file, which system calls are executed, such as exec() until this information is stored in the process descriptor.
Does anyone know a good description. Dr. Google was not so helpful so far
Thanks
strace will help you with the system calls, and here is what you get for running strace on itself:
[root@sting httpd]# strace strace
execve("/usr/bin/strace", ["strace"], [/* 27 vars */]) = 0
brk(0) = 0x9aa3000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7873000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=90632, ...}) = 0
mmap2(NULL, 90632, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb785c000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20-\\\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=2403884, ...}) = 0
mmap2(0x5ac000, 1526120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5ac000
mmap2(0x71b000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16e) = 0x71b000
mmap2(0x71e000, 10600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x71e000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb785b000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb785b6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x71b000, 8192, PROT_READ) = 0
mprotect(0x5a8000, 4096, PROT_READ) = 0
munmap(0xb785c000, 90632) = 0
brk(0) = 0x9aa3000
brk(0x9ac4000) = 0x9ac4000
write(2, "usage: strace [-dffhiqrtttTvVxx]"..., 1655usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
You could start in the kernel source tree at file fs/binfmt_elf.c and work (presumably up) from there. It contains the SVR4 ELF loader.
If it's another loader you're after, I guess it should be in the same area.
Not as practical as the first post, but I have found the following articles to be great when I needed to get the big picture :
http://www.linuxforums.org/articles/understanding-elf-using-readelf-and-objdump_125.html
http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory
http://duartes.org/gustavo/blog/post/how-the-kernel-manages-your-memory
The blog of Gustavo Duarte, the person who wrote the last two articles, is also full of great general information about operating systems. I highly recommend reading it.