Binary Loader What is done by binary loader? ● Read executable from the filesystem ● Parse the binary header ● Copy all segments into addresses specified.

Binary Loader

What is done by binary loader?

● Read executable from the filesystem● Parse the binary header● Copy all segments into addresses specified in the

binary header– text,data,bss

● Call binary “interpreter” to initialize the binary● Jump to the entry point of dynamic linker, not

executable.

Executable

● a.out– The old and classic unix object format.– It contains text,data and bss sections plus one symbol

table and one string table.● COFF

– The SVR3 object format.– The header now comprises a section table

● ELF– The successor to COFF– Make the support of shared library easier.

What’s in the executable file

● Headers– Architecture, version, entry point, index table

● Object Code– Data or instructures

● Relocation– Position Independent code(PIC)

● Symbols– Index to the data inside object code.

● Debug information

Microsoft .COM format

● 0-0xff: PSP● 0x100-xxxx

– The whole .COM executable will be loaded here.● No headers, symbol table and debug

information.

A.out

● Contains– a.out header– Text section– Data section– Other sections

● The instruction(text) and data(data) section are seperated.– Multiple process can share the same text

Relocation

● Mainly used by MMU-less system and some DLLs.

● An relocation entry(fixups) contains– An address relative to the beginning of the section– Length of fixups– Index with different meaning according to

● Extern: 1 if it is a external symbols● Pcrel: It is relative to the PC.● Others.

Symbol and string table

● Each entry in the symbol table represent either a function or variable in the program.

● Each symbol entry hold a index to the string table.

ELF(Executable and Linkable Format)

● A ELF header● zero or more program tables● zero or more section tables● support dlopen,dlsym● Support real dynamic libraries● References

– http://www.linuxjournal.com/article.php?sid=1059

ELF:header

● ELF magic● Type, machine,version● entry:start point of program● ehsize: the size of header(sizeof(struct elfhdr))● shnum: The number of sectionss.● shoff: The starting point of the section table● shentsize: The size of each section● phoff,shoff,flags● phentsize,phnum

largo% readelf -S hello.oThere are 11 section headers, starting at offset 1b8: name type VM addr off size flag[0] NULL 00000000 00000 00000 00 / 0 0 0 0[1] .text PROGBITS 00000000 00040 00014 00 / 6 0 0 10[2] .rel.text REL 00000000 00370 00010 08 / 0 9 1 4[3] .data PROGBITS 00000000 00054 00000 00 / 3 0 0 4[4] .bss NOBITS 00000000 00054 00000 00 / 3 0 0 4[5] .note NOTE 00000000 00054 00014 00 / 0 0 0 1[6] .rodata PROGBITS 00000000 00068 0000d 00 / 2 0 0 1[7] .comment PROGBITS 00000000 00075 00012 00 / 0 0 0 1[8] .shstrtab STRTAB 00000000 00087 0004d 00 / 0 0 0 1[9] .symtab SYMTAB 00000000 000d4 000c0 10 / 0 a a 4[a] .strtab STRTAB 00000000 00194 00024 00 / 0 0 0 1

Type of sections

● PROGBITS: Program contents.● NOBITS: BSS● SYMTAB and DYNSYM: Symbol tables● STRTAB: A string table● REL and RELA: Relocation information. REL entries

add the relocation value to the base value stored in the code or data, while RELA entries include the base value for relocation in the relocation entries themselves.

● DYNAMIC and HASH: Dynamic linking information and the runtime symbol hash table.

Typical sections

● .interp: The dynamic linker● .hash,.dynsym,.dynstr: tables used by DLL● .plt:jump tables to functions in libraries(RO)

– items are point to the DLL– lazy binding(LD_BIND_NOW)

● .got: The global offset table(RW)– the DLL will change the value of this section

● .text,.data,.bss

ELF:program headerslargo% readelf -l helloElf file is ExecutableEntry point 0x8000400There are 5 program headers, starting at offset 34:PHDR 0x00034 0x08000034 0x000a0 0x000a0 R EInterp 0x000d4 0x080000d4 0x00017 0x00017 RRequesting program interpreter [/lib/elf/ld-linux.so.1]Load 0x00000 0x08000000 0x00515 0x00515 R ELoad 0x00518 0x08001518 0x000cc 0x000d4 RWDynamic 0x0054c 0x0800154c 0x00098 0x00098 RWShared library: [libc.so.4] 1

PLT and GOT

● Procedure Linkage Table(PLT)– Function jump table

● Global Offset Table(GOT)– Data jump table

XIP(eXecute In Place)

● Save memory(Especially for NOMMU system)● Fast startup time(less memory copy)● Requirements

– no writable data in text segment

XIP Example● Eamples- uCLinux fs/binfmt_flat.c

– Allocate the memory for ● data segmenet● bss segment● stack● relocation entries● Shared Library headers

extra = MAX(bss_len + stack_len, relocs * sizeof(unsigned long)); down_write(¤t->mm->mmap_sem);realdatastart = do_mmap(0, 0, data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long), PROT_READ|PROT_WRITE|PROT_EXEC, 0, 0);up_write(¤t->mm->mmap_sem);

Relocation Information

● Global Offset Table(GOT)● Contains pointers to all global data and codes● We need to recalculate all addresses

if (flags & FLAT_FLAG_GOTPIC) { for (rp = (unsigned long *)datapos; *rp != 0xffffffff;rp++) { unsigned long addr; if (*rp) { addr = calc_reloc(*rp, libinfo, id, 0); if (addr == RELOC_FAILED) return -ENOEXEC; *rp = addr; } } }

Header of FLAT binary

MAGICversionentrydata startdata endbss endstack sizereloc startreloc countflagsreserved

FLAT_FLAG_RAMFLAT_FLAG_RAMFLAT_FLAG_GOTPICFLAT_FLAG_GZIP

Text

DATA

Relocs

BSS

Stack

Relocation Information(Cont)

● relocation table● This is created by elf2flt● The gcc will assume the following binary

striucture– text segment– data segment– bss segment

● The link script must implement this order

XIP relocation

● Two memory segment– text segment: point to filesystem directly.– data,bss segment

● The filesystem must put the entire binary in contiguous blocks.– Otherwise, do_mmap will copy all blocks into

contiguous in the RAM.● The mmnommu/filemap.c: generic_file_mmap