是否可以替换OS的Loader?有什么方法可以控制Loader? [英] Is it possible to replace Loader of an OS? Any way to obtain the control over Loader?
问题描述
我只是想知道是否可以替换操作系统(Windows是我的选择)的Loader(可执行程序加载程序而不是引导加载程序).是否有任何第三方加载程序可以修补默认的加载程序.
I was just wondering if it is possible to replace Loader (executable program loader not the boot loader) of an Operating System (Windows is my choice). Are there any third party loaders available that would patch the default one.
有什么方法可以获取对OS Loader的控制权?我的意思是,我希望它所做的事情对我来说是可见的(每一步).
Is there any way through which I can obtain the control over the OS Loader? I mean, I want things it is doing to be visible to me(each and every step).
如果您问我为什么要这样做,For learning purposes.
If you ask me why I want to do this, For learning purposes.
推荐答案
由于每个答案&评论提供了有用的信息.我刚刚编译了所有答案,评论到单个帖子中.
我只是想知道是否有可能 替换Loader(可执行程序 加载程序而不是引导加载程序) 操作系统(Windows是我的 选择).
I was just wondering if it is possible to replace Loader (executable program loader not the boot loader) of an Operating System (Windows is my choice).
否,在Windows进程创建中,ntdll中的用户模式加载器捆绑在一起(PsCreateProcess将直接在ntdll中映射并跳转到它,以便它可以完成解析模块和设置进程),您不能替换它.
No, in windows process creation and the user-mode loader in ntdll are tied together (PsCreateProcess will directly map in ntdll and jump to it so that it can finish resolving modules and setting up the process), you cannot replace it.
但是有可用的资源来描述进程的格式和加载.
but there are resources availbable describing the format and loading of processes.
这是关于PE文件(exe + dll)的相当老但仍是最新的MSDN文章
Here is a quite old but still uptodate MSDN article regarding PE files ( exe + dll )
- 第一部分.深入了解Win32可移植可执行文件 格式,由Matt Pietrek(MSDN 杂志,2002年2月)
- 第二部分.深入了解Win32可移植可执行文件 格式,由Matt Pietrek(MSDN 杂志,2002年3月)
- Part I. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek (MSDN Magazine, February 2002)
- Part II. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek (MSDN Magazine, March 2002)
您可以使用此信息编写启动给定可执行文件的应用程序.
You can use this information to write an app that starts a given executable.
如果您对linux和elf格式更感兴趣,您将在google中找到所需的所有内容.
If you are more interested in linux and the elf format you will find all you need in google.
有什么办法可以 获得对OS Loader的控制权? 我的意思是,我想要它正在做的事情 对我可见(每一步).
Is there any way through which I can obtain the control over the OS Loader? I mean, I want things it is doing to be visible to me(each and every step).
在 Windows 上,您可以通过启用Loader Snaps来了解工作中的加载器.您可以使用gflags.exe(Windows调试工具的一部分)执行此操作.有一个很好的gflags.exe参考 http://www.osronline.com/DDKx/ddtools /gflags_4n77.htm .启用显示加载程序快照"后,您可以通过在调试器(WinDBG)下启动应用程序来查看加载程序跟踪消息.
On Windows, you can get some visibility into the loader at work by enabling Loader Snaps. You do this with gflags.exe (part of Debugging Tools for Windows). There's a nice gflags.exe reference http://www.osronline.com/DDKx/ddtools/gflags_4n77.htm . With Show Loader Snaps enabled, you can see loader trace messages by starting the application under a debugger (WinDBG).
如果您想玩这种游戏,那么Linux是最好的方法.
If you want to play with this sort of thing then Linux is the best way to go.
加载程序是内核的一部分-但是,由于您可以访问所有内核源代码,因此您可以将其与自己的内容一起玩.
The loader is part of the kernal -- but as you have access to all the kernal source you can play with it to your hearts content.
Linux源码中的fs/binfmt_*.c中包含各种二进制格式的加载程序(fs/binfmt_elf.c是ELF格式的可执行文件使用的加载程序-即绝大多数).
The loaders for various binary formats are in fs/binfmt_*.c in the Linux source (fs/binfmt_elf.c is the loader used for executables in ELF format - ie. the vast majority).
动态加载程序/lib{,64}/ld-linux.so.2也用于动态链接的二进制文件-这是binfmt_elf.c中的代码所引用的解释器"的示例.
The dynamic loader /lib{,64}/ld-linux.so.2 is also used for dynamically linked binaries - it's an example of an "interpreter" as referenced by the code in binfmt_elf.c.
Linux具有可插入的可执行文件格式,因此可以添加一个额外的程序加载器,该加载器将使用可执行文件而不是标准文件(ELF,shell脚本,binfmt_misc)执行其自定义内容.
Linux has pluggable executable file formats, so it is possible to add an extra program loader which will do its own custom stuff with executable files, rather than the standard ones (ELF, shell scripts, binfmt_misc).
binfmt_misc模块允许您完全在用户空间中为可执行程序编写自定义加载程序;通常用于执行非本机二进制文件或解释型二进制文件,例如Java,CLR可执行文件等.
The binfmt_misc module allows you to write custom loaders for executable programs entirely in userspace; this is commonly used to execute non-native binaries or interpreted binaries such as Java, CLR executables etc.
另一方面,如果您想用其他东西代替ELF加载器,则可以直接在内核中创建binfmt模块.请查看fs/binfmt_*作为示例. ELF加载程序本身就在其中.
On the other hand if you wanted to replace the ELF loader with something else you can make a binfmt module directly in the kernel. Look at fs/binfmt_* for examples. The ELF loader itself is in there.
这篇关于是否可以替换OS的Loader?有什么方法可以控制Loader?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
