understanding shared libraries using gcc
I am trying to understand the following behavior of shared libraries in C
Machine One
$ cat one.c
#include
-
What does the address given in brackets (for example, (0x002de000)) mean?
It is the (virtual) memory address where the library is loaded. Recent system can provide randomization of where libraries are loaded though, so that address might vary between invocations.
shouldn't they be loaded only at runtime?
Yes they are. ldd goes through much of the same procedure as what is done at runtime though, to be able to figure out various things.
Why does two need any libraries at all?
libc.so.6 is the standard C library (and other stuff, like the interface to the kernel) and is always linked in ny default. gcc has options to control this though, e.g. the
-nostdlibflagld-linux.so is a the dynamic loader, and is repsonsible for loading/relocating other shared libraryis and run your application. The manpage for ld-linux.so gives you the details.
linux-gate.so.1 is a virtual library, it exists only in memory in the kernel. It's used to perform system calls to the kernel, and figures out the most efficient way to do so based on your CPU. This was probably added to linux later than your other 2.6.9 kernel machine.
I don't know what /usr/lib/libcwait.so is , but chances are you can get some info about it by doing rpm -qif /usr/lib/libcwait.so
讨论(0) -
The number is the memory address where the library is loaded when the executable is run. It is determined at link time and is usually randomized in order to make library function addresses unpredictable and thus more difficult to use in exploits. The standard C library is linked by default by GCC. libcwait is probably another default library, possibly used by older GCC versions.
讨论(0) -
The addresses are basically random numbers. Before secure implementations were devised,
lddwould consistently indicate the memory addresses where the program sections were loaded. Since about five years ago, many flavors of Linux now intentionally randomize load addresses to frustrate would-be virus writers, etc. I compiledone.c(as t.c) and repeatedly executed ldd:[wally@zenetfedora .bin]$ cat t.c #include <stdio.h> int main() { printf ("%d", 45); } [wally@zenetfedora .bin]$ gcc -o t t.c -O3 [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x009e5000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00b8d000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00238000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x002a0000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00f93000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00c7a000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00d1a000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000) [wally@zenetfedora .bin]$ ldd t linux-gate.so.1 => (0x00d12000) libc.so.6 => /lib/libc.so.6 (0x002e4000) /lib/ld-linux.so.2 (0x002c2000)The crtl and ld-linux load addresses are consistent, but linux-gate is randomized.
Libraries are needed because the C run time initialization and termination needs to run. Granted, those could largely be optimized away since
stdin,stdout,stderr, etc., etc. don't need to be initialized. Still, the crtl is howmain()gets called.Different flavors and versions of Linux have differences. The evolution of glib has had many twists and turns. Some stuff has been moved to other libraries. It's pretty much the same thing as why your local grocery store moves things around. It doesn't have much meaning.
讨论(0)
加载中...
- 热议问题