[TriLUG] executable and non-executable libraries
oberry at trilug.org
Tue May 15 15:56:09 EDT 2007
On Tue, May 15, 2007 at 11:17:38AM -0700, Joseph Mack NA3T wrote:
> On Tue, 15 May 2007, Owen Berry wrote:
> > I'm wondering if they do something funky in __libc_start_main, which is
> > listed when running strings on the file.
> no such similar name in ld-x.x.x.so I'm afraid.
True. I did a little more digging and came up with this:
According to this article about the ELF format, if you look at the ELF
headers for the files using 'readelf -h /lib/libc-2.5.so', you'll see a
hexadecimal address labeled "Entry point address", which is the address
where the program will start running when executed.
If I run 'readelf -a' (all ELF info) on /lib/ld-2.5.so and look for the
entry point address in the symbol table, it points to a function called
_start. However, if I look at /lib/libc-2.5.so I don't find a
corresponding entry in the symbol table. Not sure if it *has* to be in
the symbol table, or if it can just start executing at that address.
And looking at other .so files, the entry point address points to some
arbitrary looking entry in the symbol table, which is maybe why it
executes but segfaults.
More information about the TriLUG