当/ Linux如何加载共享库的地址空间？ [英] When / How does Linux load shared libraries into address space?

问题描述

我的问题是：

当共享对象的地址在程序规定的？在连接？数据加载中？如果我想找到系统命令的的libc 里面的内存地址我的程序里面我可以很容易地找到它在 GDB ，但如果我不想要的东西，使程序进入调试？

When is the address of shared objects specified in programs? During linking? Loading? If I wanted to find the memory address of the system command inside of libc inside of my program I could find it easily in gdb, but what if I don't want to bring the program into a debugger?

从能运行这个地址变更运行？是否有任何其他静态分析工具，将允许进行查看，其中库或者功能将被加载到该程序的内存空间，运行时？

Could this address change from run to run? Are there any other static analysis tool that will allow be to view where libraries or functions will be loaded into this program's memory space when run?

编辑：我想要的程序以外的信息（即使用实用工具，比如 objdump的来收集信息）

I want this information outside of the program (ie. using utilities like objdump to gather information)

推荐答案

库由的 ld.so （动态链接器或运行时链接程序又名rtld， LD-linux.so.2的或 ld-linux.so * 在Linux的情况下; glibc的一部分）。它被宣布为跨preTER（插补; .interp 部分）中的所有动态链接的ELF二进制文件。所以，当你启动的程序，Linux将启动 ld.so （加载到内存中，并跳转到其入口点），那么 ld.so 将你的程序加载到内存中，prepare它，然后运行它。您也可以启动动态程序

Libraries are loaded by ld.so (dynamic linker or run-time linker aka rtld, ld-linux.so.2 or ld-linux.so.* in case of Linux; part of glibc). It is declared as "interpreter" (INTERP; .interp section) of all dynamic linked ELF binaries. So, when you start program, Linux will start an ld.so (load into memory and jump to its entry point), then ld.so will load your program into memory, prepare it and then run it. You can also start dynamic program with

 /lib/ld-linux.so.2 ./your_program your_prog_params

ld.so 做一个实际的打开和 MMAP 需要的所有ELF文件，你的程序都ELF文件和所有neeeded库的ELF文件。此外，它填补GOT和PLT表和不迁移解决（它与间接调用写的函数的地址从库调用站点，在许多情况下）。

ld.so does an actual open and mmap of all needed ELF files, both ELF file of your program and ELF files of all neeeded libraries. Also, it fills GOT and PLT tables and does relocations resolving (it writes addresses of functions from libraries to call sites, in many cases with indirect calls).

某些库可以用 LDD 工具得到的典型负载地址。它实际上是一个bash脚本，这台ld.so的调试环境变量（实际上 LD_TRACE_LOADED_OBJECTS = 1 中的glibc的rtld的情况下）以及启动程序。你甚至还可以自己动手，而无需脚本，例如需求使用单一的运行环境变量的bash容易改变：

The typical load address of some library you can get with ldd utility. It is actually a bash script, which sets a debug environment variable of ld.so (actually LD_TRACE_LOADED_OBJECTS=1 in case of glibc's rtld) and starts a program. You even can also do it yourself without needs of the script, e.g. with using bash easy changing of environment variables for single run:

 LD_TRACE_LOADED_OBJECTS=1 /bin/echo

的 ld.so 将看到这个变量，将解决他们的所有所需的库和打印负荷的地址。但与此变量设置， ld.so 实际上不会启动一个程序（不知道程序或库的静态构造函数）。如果 ASLR功能被禁用，加载地址是相同的次数最多。现代Linux版本往往使ASLR，所以要禁用它，使用<一个href=\"http://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization\"><$c$c>echo 0 |须藤发球的/ proc / sys目录/内核/ randomize_va_space 。

The ld.so will see this variable and will resolve all needed libraries and print load addresses of them. But with this variable set, ld.so will not actually start a program (not sure about static constructors of program or libraries). If the ASLR feature is disabled, load address will be the same most times. Modern Linuxes often has ASLR enabled, so to disable it, use echo 0 | sudo tee /proc/sys/kernel/randomize_va_space.

您可以在 libc.so 与纳米<系统功能失调找到/ code>从binutils的工具。我想，你应该使用纳米-D打开/lib/libc.so 或 objdump的-T /lib/libc.so和grep输出。

You can find offset of system function inside the libc.so with nm utility from binutils. I think, you should use nm -D /lib/libc.so or objdump -T /lib/libc.so and grep output.

这篇关于当/ Linux如何加载共享库的地址空间？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！