Process and dynamically linked PLT and GOT description of the function

In the study geeks time geektime Xu Wenhao teacher "in-depth understanding of computer composition principle" dynamic link courses in one of PLT and GOT function is not very understanding, to see some information related to the study carried out, if there are understandable error, please let me know.

1 pre-knowledge: Static Linking Dynamically

Code linker links object files stored on the hard disk, of consolidated code snippet, is statically linked (Static Link)

Dynamic Link Dynamic Link, link, not the target file code stored on the hard disk, but loaded into memory shared library (Shared Libraries)

Note: Shared libraries also used in memory paging mechanism.

Under Windows, the shared library file is a .dll file, which is the Dynamic-Link Libary (DLL, dynamic link libraries)

Under Linux, these shared libraries is .so file, which is the Shared Object (usually we call dynamic link library)

Pre-knowledge 2: position-independent code addresses the relevant code

In fact, most of the library can do nothing to address because they have received a specific input, a determination of the operation, and then returns the results given enough. Whether a vector addition is achieved, or to achieve a print function, a data input and the logic code is not important to the memory locations inside.

Common address associated code, such as the absolute address codes (Absolute Code), the use of relocatable code table and so on, the code is associated with an address. You recall the relocation table we have said before. When the program link, we'll visit the address to jump finalized after the function call, which means that, if this function is loaded into a different memory address, the jump will fail.

How to use the dynamic link library shared memory

Scenes

Shared Memory dynamic link library, to solve the problem:

The address of the machine code must be independent of the Position-Independent Code

Means: This code, regardless of load at which memory address, are able to perform normal

And the problem can be decomposed into two small problems:

1. Dynamic Link Library internal address independent
   solutions:
   using relative address with respect to a current instruction memory address offset

2. In different applications, the use of dynamic link libraries, to do nothing to address, as shown below

Ab application code can be seen in the dynamic link library of virtual memory address different application code and cd

Case

Source:

There is a lib.h file, lib.c file, lib.c document provides a function show_me_the_money

Call the shared library lib.so in show_me_the_money function in this file show_me_poor.c

Machine code and assembly code:

……

0000000000400540 show_me_the_money@plt-0x10:

400540: ff 35 12 05 20 00 push QWORD PTR [rip+0x200512] # 600a58 <GLOBAL_OFFSET_TABLE+0x8>

400546: ff 25 14 05 20 00 jmp QWORD PTR [rip+0x200514] # 600a60 <GLOBAL_OFFSET_TABLE+0x10>

40054c: 0f 1f 40 00 nop DWORD PTR [rax+0x0]

0000000000400550 <show_me_the_money@plt>:

400550: ff 25 12 05 20 00 jmp QWORD PTR [rip+0x200512] # 600a68 <_GLOBAL_OFFSET_TABLE_+0x18>

400556: 68 00 00 00 00 push 0x0

40055b: e9 e0 ff ff ff jmp 400540 <_init+0x28>

……

0000000000400676 :

400676: 55 push rbp

400677: 48 89 e5 mov rbp,rsp

40067a: 48 83 ec 10 sub rsp,0x10

40067e: c7 45 fc 05 00 00 00 mov DWORD PTR [rbp-0x4],0x5

400685: 8b 45 fc mov eax,DWORD PTR [rbp-0x4]

400688: 89 c7 mov eax

40068a: e8 c1 fe ff ff call 400550 <show_me_the_money@plt>

40068f: c9 leave

400690: c3 right

400691: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]

400698: 00 00 00

40069b: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]

……

solution

Reference: talk about the Linux dynamic linking of PLT and GOT (1) - What PLT and GOT

After show_me_poor this process up and running, lib.so dynamic libraries are loaded, show_me_the_money function address also determines how the call relocation command it?

A simple approach is to show_me_the_money function address in the instruction address modification is really lib.so this function

But the program faces two problems:

1. Modern operating systems are not allowed to modify the code segment .text Section, can only modify the data segment .data Section
2. show_me_the_money function in lib.so, if you modify the code section, you will not be able to do that all processes in the system a dynamic shared libraries

So show_me_the_money function address, can only write back into the data segment, and not written back to the code segment, the write-back, run-time refers to the modification, the title is more professional运行时重定位

How specifically do it? (Note: the interpretation of PLT and GOT will be introduced later, just do the procedure described here)

1. Compile phase show_me_poor program is not known show_me_the_money address of a function that uses relocation entries to describe:
   40068a: e8 c1 fe ff ff call 400550 <show_me_the_money@plt>
   @plt keywords, on behalf of our need to find a function called from PLT, the program linked table Procedure Linkage Table inside, and the address of the table is 400,550 this address

2. This address at link time to fix, its correction value is (should be more precise name for the symbol, the linker eyes only symbols, not the so-called functions and variables) according to show_me_the_money function to correct the address, it's the way amendment by relative references way, this process is called 链接时重定位, and just mentioned 运行时重定位works exactly the same, just different timing correction

In addition to the relocation process, the operation can not be modified other intermediate instruction file function body, and the relocation process can only be modified in the instruction operand, in other words, the link can not be modified during the process of assembly instructions generated by the compiler

3. Since our show_me_the_money is defined in the dynamic link library lib.so, so do not link stage relocation, relocation can only do is running, and runtime relocation can not modify the code segment, it can only be show_me_the_money重定位到数据段

4. After show_me_poor this process up and running, lib.so dynamic libraries are loaded, show_me_the_money also determine the address of the function ( 实际上show_me_poor GOT表中lib.so相关的数据，就是加载lib.so动态库的时候写进去的，写在了数据段的虚拟地址中)

5. The question now is: compilation stage has generated a good call instruction, how the perception 已经重定位好的数据段内容of it?

   The answer is: the linker to generate some additional small snippets to get show_me_the_money function address through this code to complete the call to it

   Link found show_me_the_money defined stage in the dynamic library link generates a small section of code, such as show_me_the_money @ plt , then show_me_the_money @ plt address replacing the original calling function.

   Therefore into链接阶段对show_me_the_money做链接重定位，而运行时才对show_me_the_money做运行时重定位

In summary, the dynamic link need to consider two things:

1. Need to store the address of the external function data segment

2. Get a small extra code segment for function address

If the executable file to call multiple dynamic library function, each function requires that these two things, so that everything would form a table, each function in one.

Storing the data table address of a function, called Global Offset Table (GOT, Global Offset Table)
extra code segment table, called a program chain table (PLT, Procedure Link Table)

Complete process summary

1. Redirect to generate a compile-time relocation entries, followed by static linking and dynamic linking

2. Because of its need for dynamic link, it will generate two tables (without the use of dynamic link you do not need the GOT and PLT)

   Storing the data table address of a function, called Global Offset Table (GOT, Global Offset Table)

   Extra code segment table, the contents are taken to store the data segment address of the function of a short extra code, called the program a linked table (PLT, Procedure Link Table)

3. show_me_poor running this process, loading by Loader, lib.so dynamically loaded libraries, when loaded, will lib.so show_me_the_money function in real memory address is written to the data segment show_me_poor process control block PCB in .data Section virtual address in GOT

4. When performing call show_me_the_money function, which performs the following procedure

   Pseudocode form

   

   Graphical

   

   Figure 1: compile-time redirection of the relocation entry

   Figure 2: PLT table to get the virtual address space GOT

   Figure 3: acquiring in real physical address lib.so show_me_the_money function from the GOT

   Figure 4: lib.so address is written in show_me_poor virtual memory, virtual memory, and this is actually the address of the corresponding physical memory address lib.so real, true function is executed