How is a program on linux executed?

Kamal Mustafa - Dec 28 '18 - - Dev Community

Just a self notes to refresh my mind on this, as it keep popping from time to time and I have to google it to answer the question.

Injecting into running process

  • Attach to the a current running process by gathering its PID.
  • Send a SIGSTOP to the program to halt it's execution
  • Dump its registers (specifically rip/eip)
  • Write your code to the stack where rip is pointing to.
  • Send a SIGCONT to the program to return control.
  • Profit.

https://www.real0day.com/hacking-tutorials/2017/11/6/injecting-a-running-process-linux

Also look into how strace work.

Summary

  • main() was defined in libc - the function in libc that assume the first function in C program to call is named main().
  • What address to load that contain the start of the program is defined in ELF headers.

https://stackoverflow.com/questions/7187981/whats-the-memory-before-0x08048000-used-for-in-32-bit-machine

Other similar topics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .