c语言学习笔记十六
2012-09-26 15:46
302 查看
共享库
命名规范:
通常带有符号链接 ls -l /lib
...
libipq_pic.so.0 libulockmgr.so.1
libipq_pic.so.0.0.0 libulockmgr.so.1.0.1
libipq.so.0 libusb-0.1.so.4
libipq.so.0.0.0 libusb-0.1.so.4.4.4
...
共享库文件名的组成:
real name 库文件
soname 符号链接的名字,共享库的主版本号
示例代码:
/*soname:libstack.so.1
*real name: libstack.so.1.0
*/
gcc -shared -Wl,-soname,libstack.so.1 -o libstack.so.1.0 test20.o
test21.o test22.o test23.o
linker name gcc的-L选项指定linker name所在的目录
创建linker name 的符号链接
ln -s libstack.so.1.0 libstack.so
gcc test24.c -L. -lstack -Istack -o main
共享库在编译时要加-fPIC选项,
1 编译目标文件命令为:
gcc -c -fPIC stack/test20.c stack/test21.c stack/test22.c stack/test23.c
反汇编结果为:
test21.o: file format elf32-i386
Disassembly of section .text:
00000000 <push>:
0: 55
push %ebp
1: 89 e5
mov %esp,%ebp
3: 53
push %ebx
4: 83 ec 04
sub $0x4,%esp
7: e8 fc ff ff ff
call 8 <push+0x8>
c: 81 c3 02 00 00 00
add $0x2,%ebx
12: 8b 45 08
mov 0x8(%ebp),%eax
15: 88 45 f8
mov %al,-0x8(%ebp)
/* top的地址为:0x0(%ebx)*/
18: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
1e: 8b 00
mov (%eax),%eax
20: 8d 50 01
lea 0x1(%eax),%edx
23: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
29: 89 10
mov %edx,(%eax)
2b: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
31: 8b 00
mov (%eax),%eax
33: 8b 93 00 00 00 00
mov 0x0(%ebx),%edx
39: 0f b6 4d f8
movzbl -0x8(%ebp),%ecx
3d: 88 0c 02
mov %cl,(%edx,%eax,1)
40: 83 c4 04
add $0x4,%esp
43: 5b
pop %ebx
44: 5d
pop %ebp
45: c3
ret
查看符号表:readelf -a test21.o
Relocation section '.rel.text' at offset 0x42c contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00000008 00000a02 R_386_PC32 00000000 __i686.get_pc_thunk.bx
0000000e 00000b0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
/*top和stack对应的记录不是R_386_32,而是R_386_GOT32*/
0000001a 00000c03 R_386_GOT32 00000000 top
00000025 00000c03 R_386_GOT32 00000000 top
0000002d 00000c03 R_386_GOT32 00000000 top
00000035 00000d03 R_386_GOT32 00000000 stack
不加-fPIC进行编译,反汇编结果为:
test21.o: file format elf32-i386
Disassembly of section .text:
00000000 <push>:
0: 55
push %ebp
1: 89 e5
mov %esp,%ebp
3: 83 ec 04
sub $0x4,%esp
6: 8b 45 08
mov 0x8(%ebp),%eax
9: 88 45 fc
mov %al,-0x4(%ebp)
/*top地址为0x0,准备在重定位时修改 */
c: a1 00 00 00 00
mov 0x0,%eax
11: 83 c0 01
add $0x1,%eax
14: a3 00 00 00 00
mov %eax,0x0
19: a1 00 00 00 00
mov 0x0,%eax
1e: 0f b6 55 fc
movzbl -0x4(%ebp),%edx
22: 88 90 00 00 00 00
mov %dl,0x0(%eax)
28: c9
leave
29: c3
ret
使用readelf -a test21.o 查看符号表
Relocation section '.rel.text' at offset 0x324 contains 4 entries:
/*标出指令中有四处需要重定位修改*/
Offset Info Type Sym.Value Sym. Name
0000000d 00000801 R_386_32 00000000 top
00000015 00000801 R_386_32 00000000 top
0000001a 00000801 R_386_32 00000000 top
00000024 00000901 R_386_32 00000000 stack
编译链接生成可发执行文件:
gcc -g test24.c test20.o test21.o test22.o test23.o -Istack -o test24
反汇编结果为:
080483d0 <push>:
80483d0: 55
push %ebp
80483d1: 89 e5
mov %esp,%ebp
80483d3: 83 ec 04
sub $0x4,%esp
80483d6: 8b 45 08
mov 0x8(%ebp),%eax
80483d9: 88 45 fc
mov %al,-0x4(%ebp)
80483dc: a1 10 a0 04 08
mov 0x804a010,%eax
80483e1: 83 c0 01
add $0x1,%eax
/*0x0被修改为0x804a010*/
80483e4: a3 10 a0 04 08
mov %eax,0x804a010
80483e9: a1 10 a0 04 08
mov 0x804a010,%eax
80483ee: 0f b6 55 fc
movzbl -0x4(%ebp),%edx
/*0x0被修改为0x804a040*/
80483f2: 88 90 40 a0 04 08
mov %dl,0x804a040(%eax)
80483f8: c9
leave
80483f9: c3
ret
80483fa: 90
nop
80483fb: 90
nop
2 生成共享库:
gcc -shared -o libstack.so test20.o test21.o test22.o test23.o
查看反汇编结果:objdump -dS libstack.so
0000048c <push>:
48c: 55
push %ebp
48d: 89 e5
mov %esp,%ebp
48f: 53
push %ebx
490: 83 ec 04
sub $0x4,%esp
493: e8 ef ff ff ff
call 487 <__i686.get_pc_thunk.bx>
498: 81 c3 5c 1b 00 00
add $0x1b5c,%ebx
49e: 8b 45 08
mov 0x8(%ebp),%eax
4a1: 88 45 f8
mov %al,-0x8(%ebp)
/*oxo(%ebx)被修改成-0xc(%ebx) 和0x8(%ebp),不是绝对地址*/
4a4: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4aa: 8b 00
mov (%eax),%eax
4ac: 8d 50 01
lea 0x1(%eax),%edx
4af: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4b5: 89 10
mov %edx,(%eax)
/*top和stack的绝对地址保存在一个地址列表中*/
4b7: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4bd: 8b 00
mov (%eax),%eax
4bf: 8b 93 fc ff ff ff
mov -0x4(%ebx),%edx
4c5: 0f b6 4d f8
movzbl -0x8(%ebp),%ecx
4c9: 88 0c 02
mov %cl,(%edx,%eax,1)
4cc: 83 c4 04
add $0x4,%esp
4cf: 5b
pop %ebx
4d0: 5d
pop %ebp
4d1: c3
ret
4d2: 90
nop
4d3: 90
nop
3 与共离享库编编链接在一起
gcc test24.c -g -L. -lstack -Istack -o test24
4 运行可执行文件
yuezhenhua@ubuntu:/opt/sdk/tc$ ./test24
./test24: error while loading shared libraries: libstack.so: cannot open
shared object file: No such file or directory
运行时找不到依赖共享库
查看该程序所依赖的共享库:
ldd test24
返回结果为:
/*没有存在于文件系统中,由内核虚拟出来,负责处理系统调用*/
linux-gate.so.1 => (0x00b89000)
/*?路径没有找到*/
libstack.so => not found
/*路径是由ld-linux.so.2在作动态链接时搜索到的*/
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0x00c04000)
/*动态链接器,路径在编译链接时指定*/
/lib/ld-linux.so.2 (0x008ea000)
解决办法1 :
将libstack.so的绝对路径添加到/etc/ld.so.conf中
然后执行:sudo ldconfig -v
方法2:
将libstack.so复制到/usr/lib或是/lib 目录下
复制文件:sudo cp libstack.so /lib
方法3:(不推荐)
在编译可执行文件的时候,将libstack.so的路径写死在可执行文件中
gcc test24.c -g -L. -lstack -Istack -o test24 -Wl,-
rpath,/home/opt/sdk/tc
查看符号表:readlf -a test24
Dynamic section at offset 0xf18 contains 22 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libstack.so]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000f (RPATH) Library rpath: [/home/opt/sdk/tc]
动态链接的过程:
查看反汇编结果: objdump -dS test24
080484a4 <main>:
#include <stdio.h>
#include "test18.h"
int main(void){
80484a4: 55
push %ebp
80484a5: 89 e5
mov %esp,%ebp
80484a7: 83 e4 f0
and $0xfffffff0,%esp
80484aa: 83 ec 10
sub $0x10,%esp
/*push函数没有链接到可执行文件中*/
push('a');
80484ad: c7 04 24 61 00 00 00
movl $0x61,(%esp)
/*通过间接寻址来找到push函数的地址*/
80484b4: e8 27 ff ff ff
call 80483e0 <push@plt>
return 0;
80484b9: b8 00 00 00 00
mov $0x0,%eax
}
80484be: c9
leave
80484bf: c3
ret
用gdb跟踪结果:gdb test24
/* 开始: start*/
(gdb) start
Temporary breakpoint 1 at 0x80484ad: file test24.c, line 5.
Starting program: /opt/sdk/tc/test24
Temporary breakpoint 1, main () at test24.c:5
5 push('a');
/*执行下一条:si*/
(gdb) si
0x080484b4 5
push('a');
/*执行下一条:si*/
(gdb) si
0x080483e0 in push@plt ()
/*查看地址0x080483e0 存放的数据*/
(gdb) x 0x080483e0
0x80483e0 <push@plt>: 0xa00825ff
(gdb) si
0x080483e6 in push@plt ()
(gdb) si
0x080483eb in push@plt ()
(gdb) si
0x080483b0 in ?? ()
(gdb) si
0x080483b6 in ?? ()
/*进入动态链接器*/
(gdb) si
0x00123c00 in ?? () from /lib/ld-linux.so.2
命名规范:
通常带有符号链接 ls -l /lib
...
libipq_pic.so.0 libulockmgr.so.1
libipq_pic.so.0.0.0 libulockmgr.so.1.0.1
libipq.so.0 libusb-0.1.so.4
libipq.so.0.0.0 libusb-0.1.so.4.4.4
...
共享库文件名的组成:
real name 库文件
soname 符号链接的名字,共享库的主版本号
示例代码:
/*soname:libstack.so.1
*real name: libstack.so.1.0
*/
gcc -shared -Wl,-soname,libstack.so.1 -o libstack.so.1.0 test20.o
test21.o test22.o test23.o
linker name gcc的-L选项指定linker name所在的目录
创建linker name 的符号链接
ln -s libstack.so.1.0 libstack.so
gcc test24.c -L. -lstack -Istack -o main
共享库在编译时要加-fPIC选项,
1 编译目标文件命令为:
gcc -c -fPIC stack/test20.c stack/test21.c stack/test22.c stack/test23.c
反汇编结果为:
test21.o: file format elf32-i386
Disassembly of section .text:
00000000 <push>:
0: 55
push %ebp
1: 89 e5
mov %esp,%ebp
3: 53
push %ebx
4: 83 ec 04
sub $0x4,%esp
7: e8 fc ff ff ff
call 8 <push+0x8>
c: 81 c3 02 00 00 00
add $0x2,%ebx
12: 8b 45 08
mov 0x8(%ebp),%eax
15: 88 45 f8
mov %al,-0x8(%ebp)
/* top的地址为:0x0(%ebx)*/
18: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
1e: 8b 00
mov (%eax),%eax
20: 8d 50 01
lea 0x1(%eax),%edx
23: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
29: 89 10
mov %edx,(%eax)
2b: 8b 83 00 00 00 00
mov 0x0(%ebx),%eax
31: 8b 00
mov (%eax),%eax
33: 8b 93 00 00 00 00
mov 0x0(%ebx),%edx
39: 0f b6 4d f8
movzbl -0x8(%ebp),%ecx
3d: 88 0c 02
mov %cl,(%edx,%eax,1)
40: 83 c4 04
add $0x4,%esp
43: 5b
pop %ebx
44: 5d
pop %ebp
45: c3
ret
查看符号表:readelf -a test21.o
Relocation section '.rel.text' at offset 0x42c contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00000008 00000a02 R_386_PC32 00000000 __i686.get_pc_thunk.bx
0000000e 00000b0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
/*top和stack对应的记录不是R_386_32,而是R_386_GOT32*/
0000001a 00000c03 R_386_GOT32 00000000 top
00000025 00000c03 R_386_GOT32 00000000 top
0000002d 00000c03 R_386_GOT32 00000000 top
00000035 00000d03 R_386_GOT32 00000000 stack
不加-fPIC进行编译,反汇编结果为:
test21.o: file format elf32-i386
Disassembly of section .text:
00000000 <push>:
0: 55
push %ebp
1: 89 e5
mov %esp,%ebp
3: 83 ec 04
sub $0x4,%esp
6: 8b 45 08
mov 0x8(%ebp),%eax
9: 88 45 fc
mov %al,-0x4(%ebp)
/*top地址为0x0,准备在重定位时修改 */
c: a1 00 00 00 00
mov 0x0,%eax
11: 83 c0 01
add $0x1,%eax
14: a3 00 00 00 00
mov %eax,0x0
19: a1 00 00 00 00
mov 0x0,%eax
1e: 0f b6 55 fc
movzbl -0x4(%ebp),%edx
22: 88 90 00 00 00 00
mov %dl,0x0(%eax)
28: c9
leave
29: c3
ret
使用readelf -a test21.o 查看符号表
Relocation section '.rel.text' at offset 0x324 contains 4 entries:
/*标出指令中有四处需要重定位修改*/
Offset Info Type Sym.Value Sym. Name
0000000d 00000801 R_386_32 00000000 top
00000015 00000801 R_386_32 00000000 top
0000001a 00000801 R_386_32 00000000 top
00000024 00000901 R_386_32 00000000 stack
编译链接生成可发执行文件:
gcc -g test24.c test20.o test21.o test22.o test23.o -Istack -o test24
反汇编结果为:
080483d0 <push>:
80483d0: 55
push %ebp
80483d1: 89 e5
mov %esp,%ebp
80483d3: 83 ec 04
sub $0x4,%esp
80483d6: 8b 45 08
mov 0x8(%ebp),%eax
80483d9: 88 45 fc
mov %al,-0x4(%ebp)
80483dc: a1 10 a0 04 08
mov 0x804a010,%eax
80483e1: 83 c0 01
add $0x1,%eax
/*0x0被修改为0x804a010*/
80483e4: a3 10 a0 04 08
mov %eax,0x804a010
80483e9: a1 10 a0 04 08
mov 0x804a010,%eax
80483ee: 0f b6 55 fc
movzbl -0x4(%ebp),%edx
/*0x0被修改为0x804a040*/
80483f2: 88 90 40 a0 04 08
mov %dl,0x804a040(%eax)
80483f8: c9
leave
80483f9: c3
ret
80483fa: 90
nop
80483fb: 90
nop
2 生成共享库:
gcc -shared -o libstack.so test20.o test21.o test22.o test23.o
查看反汇编结果:objdump -dS libstack.so
0000048c <push>:
48c: 55
push %ebp
48d: 89 e5
mov %esp,%ebp
48f: 53
push %ebx
490: 83 ec 04
sub $0x4,%esp
493: e8 ef ff ff ff
call 487 <__i686.get_pc_thunk.bx>
498: 81 c3 5c 1b 00 00
add $0x1b5c,%ebx
49e: 8b 45 08
mov 0x8(%ebp),%eax
4a1: 88 45 f8
mov %al,-0x8(%ebp)
/*oxo(%ebx)被修改成-0xc(%ebx) 和0x8(%ebp),不是绝对地址*/
4a4: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4aa: 8b 00
mov (%eax),%eax
4ac: 8d 50 01
lea 0x1(%eax),%edx
4af: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4b5: 89 10
mov %edx,(%eax)
/*top和stack的绝对地址保存在一个地址列表中*/
4b7: 8b 83 f4 ff ff ff
mov -0xc(%ebx),%eax
4bd: 8b 00
mov (%eax),%eax
4bf: 8b 93 fc ff ff ff
mov -0x4(%ebx),%edx
4c5: 0f b6 4d f8
movzbl -0x8(%ebp),%ecx
4c9: 88 0c 02
mov %cl,(%edx,%eax,1)
4cc: 83 c4 04
add $0x4,%esp
4cf: 5b
pop %ebx
4d0: 5d
pop %ebp
4d1: c3
ret
4d2: 90
nop
4d3: 90
nop
3 与共离享库编编链接在一起
gcc test24.c -g -L. -lstack -Istack -o test24
4 运行可执行文件
yuezhenhua@ubuntu:/opt/sdk/tc$ ./test24
./test24: error while loading shared libraries: libstack.so: cannot open
shared object file: No such file or directory
运行时找不到依赖共享库
查看该程序所依赖的共享库:
ldd test24
返回结果为:
/*没有存在于文件系统中,由内核虚拟出来,负责处理系统调用*/
linux-gate.so.1 => (0x00b89000)
/*?路径没有找到*/
libstack.so => not found
/*路径是由ld-linux.so.2在作动态链接时搜索到的*/
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0x00c04000)
/*动态链接器,路径在编译链接时指定*/
/lib/ld-linux.so.2 (0x008ea000)
解决办法1 :
将libstack.so的绝对路径添加到/etc/ld.so.conf中
然后执行:sudo ldconfig -v
方法2:
将libstack.so复制到/usr/lib或是/lib 目录下
复制文件:sudo cp libstack.so /lib
方法3:(不推荐)
在编译可执行文件的时候,将libstack.so的路径写死在可执行文件中
gcc test24.c -g -L. -lstack -Istack -o test24 -Wl,-
rpath,/home/opt/sdk/tc
查看符号表:readlf -a test24
Dynamic section at offset 0xf18 contains 22 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libstack.so]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000f (RPATH) Library rpath: [/home/opt/sdk/tc]
动态链接的过程:
查看反汇编结果: objdump -dS test24
080484a4 <main>:
#include <stdio.h>
#include "test18.h"
int main(void){
80484a4: 55
push %ebp
80484a5: 89 e5
mov %esp,%ebp
80484a7: 83 e4 f0
and $0xfffffff0,%esp
80484aa: 83 ec 10
sub $0x10,%esp
/*push函数没有链接到可执行文件中*/
push('a');
80484ad: c7 04 24 61 00 00 00
movl $0x61,(%esp)
/*通过间接寻址来找到push函数的地址*/
80484b4: e8 27 ff ff ff
call 80483e0 <push@plt>
return 0;
80484b9: b8 00 00 00 00
mov $0x0,%eax
}
80484be: c9
leave
80484bf: c3
ret
用gdb跟踪结果:gdb test24
/* 开始: start*/
(gdb) start
Temporary breakpoint 1 at 0x80484ad: file test24.c, line 5.
Starting program: /opt/sdk/tc/test24
Temporary breakpoint 1, main () at test24.c:5
5 push('a');
/*执行下一条:si*/
(gdb) si
0x080484b4 5
push('a');
/*执行下一条:si*/
(gdb) si
0x080483e0 in push@plt ()
/*查看地址0x080483e0 存放的数据*/
(gdb) x 0x080483e0
0x80483e0 <push@plt>: 0xa00825ff
(gdb) si
0x080483e6 in push@plt ()
(gdb) si
0x080483eb in push@plt ()
(gdb) si
0x080483b0 in ?? ()
(gdb) si
0x080483b6 in ?? ()
/*进入动态链接器*/
(gdb) si
0x00123c00 in ?? () from /lib/ld-linux.so.2
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- C语言学习笔记(十六) -网络 UDP协议
- c语言学习笔记十六
- c语言学习笔记9之switch语句
- C语言学习笔记
- C语言学习笔记2
- 【黑马程序员】C语言学习笔记之指针(十一)
- C语言学习笔记之 第三讲:人机交互
- 【学习笔记】【C语言】关系运算符
- C语言学习笔记整理
- 设计模式C++学习笔记之十六(Observer观察者模式)
- C语言学习笔记 算法和数据结构
- C语言-指针的基础学习笔记(2)
- C语言学习笔记(六)字符串
- 华清远见c语言学习笔记二
- 【学习笔记】【C语言】指向函数的指针
- 模式识别学习笔记(十六)--非线性分类器
- Linux下的C语言学习笔记(3)
- C语言学习笔记 typedef用法
- C语言学习笔记(8)
- C语言学习笔记(1):搭建开发环境