1. 首页
  2. 问答
  3. 了解空c程序的输出

了解空c程序的输出

2016-02-09 50 views
5 
int main(int argc, char *argv[]) 
{ 
    return 0; 
}

鉴于上述C程序,我使用clang test.c ; strace ./a.out得到以下输出。了解空c程序的输出

execve("./a.out", ["./a.out"], [/* 36 vars */]) = 0 
brk(0)         = 0x1a06000 
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory) 
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c40f000 
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or directory) 
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 
fstat(3, {st_mode=S_IFREG|0644, st_size=78590, ...}) = 0 
mmap(NULL, 78590, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f785c3fb000 
close(3)        = 0 
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory) 
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\2\0\0\0\0\0"..., 832) = 832 
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0 
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f785be2a000 
mprotect(0x7f785bfe5000, 2093056, PROT_NONE) = 0 
mmap(0x7f785c1e4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7f785c1e4000 
mmap(0x7f785c1ea000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f785c1ea000 
close(3)        = 0 
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c3fa000 
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c3f8000 
arch_prctl(ARCH_SET_FS, 0x7f785c3f8740) = 0 
mprotect(0x7f785c1e4000, 16384, PROT_READ) = 0 
mprotect(0x600000, 4096, PROT_READ)  = 0 
mprotect(0x7f785c411000, 4096, PROT_READ) = 0 
munmap(0x7f785c3fb000, 78590)   = 0 
exit_group(0)       = ? 
+++ exited with 0 +++

东西我搞糊涂了:

  • 什么用0x7f785c40f000平均结尾行/怎么办?
  • 为什么3949248mmaplibc.so1840928大吗?
  • mprotect中使用的地址来自哪里?
  • mmap使用的地址来自何时不是NULL
  • 什么是mmaparch_prctl之前分配的4k和8k内存?

来源

2016-02-09 Albert Netymk

+0

很好的问题。以上应该几乎都是动态加载器的工作,它具有相当复杂的规范。将它与一个'-static'构建进行比较会很有趣,其中大部分内容不会发生,但其他内容(例如'uname'调用和一些'brk'调用,但不包含'mmap')。 – PSkocik

+0

@PSkocik是的,结果如此:http://paste.ubuntu.com/15001856/ – muru

回答

0

相反,试着告诉你为什么使用这些确切的地址/大小(因为没有人回答),我想你可能喜欢一种方法来检查值的来源。您可以在加载器上使用gdb,并在每个系统调用或特定的系统调用处停止。假设你已经安装了debuginfos,你可以查看代码来查看这些值。这里有一个例子:

$ gdb -q /lib64/ld-2.17.so 
Reading symbols from /lib64/ld-2.17.so...Reading symbols from /usr/lib/debug/lib64/ld-2.17.so.debug...done. 
done. 
(gdb) b _start 
Breakpoint 1 at 0x1430 
(gdb) run ./a.out 
Starting program: /lib64/ld-2.17.so ./a.out 

Breakpoint 1, 0x0000555555555430 in _start() 
(gdb) p getpid() 
$1 = 18102 
(gdb) !cat /proc/18102/maps 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) catch syscall mmap 
Catchpoint 2 (syscall 'mmap' [9]) 
(gdb) c 
Continuing. 

Catchpoint 2 (call to syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) fin 
Run till exit from #0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 

Catchpoint 2 (returned from syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) !cat /proc/18102/maps 
00400000-00401000 r-xp 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) c 
Continuing. 
[...] 
Continuing. 

Catchpoint 2 (call to syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) fin 
Run till exit from #0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 

Catchpoint 2 (returned from syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) !cat /proc/18102/maps 
00400000-00401000 r-xp 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
00600000-00601000 rw-p 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7c32000-7ffff7ff4000 r-xp 00000000 ca:01 396021      /lib64/libc-2.17.so 
7ffff7ff4000-7ffff7ffa000 r--p 00000000 ca:01 305615      /etc/ld.so.cache 
7ffff7ffa000-7ffff7ffb000 rw-p 00000000 00:00 0 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) bt 
#0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
#1 0x000055555555a45f in _dl_map_object_from_fd ([email protected]=0x4002a1 "libc.so.6", fd=7, [email protected]=0x7fffffffdb78, 
    realname=0x7ffff7ffa640 "/lib64/libc.so.6", [email protected]=0x555555777210, [email protected]=1, [email protected]=0, 
    [email protected]=0x7fffffffdb70, [email protected]=0) at dl-load.c:1295 
#2 0x000055555555c49b in _dl_map_object (loader=0x555555777210, name=0x4002a1 "libc.so.6", type=1, trace_mode=0, mode=<optimized out>, nsid=<optimized out>) 
    at dl-load.c:2374 
#3 0x0000555555560992 in openaux ([email protected]=0x7fffffffe128) at dl-deps.c:63 
#4 0x00005555555631b4 in _dl_catch_error ([email protected]=0x7fffffffe120, [email protected]=0x7fffffffe118, 
    [email protected]=0x7fffffffe110, [email protected]=0x555555560960 <openaux>, [email protected]=0x7fffffffe128) at dl-error.c:177 
#5 0x0000555555561092 in _dl_map_object_deps (map=<optimized out>, preloads=<optimized out>, npreloads=<optimized out>, trace_mode=<optimized out>, 
    open_mode=<optimized out>) at dl-deps.c:256 
#6 0x00005555555572c5 in dl_main (phdr=<optimized out>, [email protected]=0x555555554040, phnum=<optimized out>, [email protected]=7, 
    [email protected]=0x7fffffffe2b8, auxv=<optimized out>) at rtld.c:1727 
#7 0x000055555556a7d5 in _dl_sysdep_start (start_argptr=<optimized out>, dl_main=0x555555555a70 <dl_main>) at ../elf/dl-sysdep.c:244 
#8 0x0000555555558cc1 in _dl_start_final (arg=0x7fffffffe370) at rtld.c:318 
#9 _dl_start (arg=0x7fffffffe370) at rtld.c:544 
#10 0x0000555555555438 in _start()

来源

2016-02-16 01:48:41 dancancode

相关问题

 相关问题