I'm really trying to understand the steps from high level code -> executable.. but am having some difficulties. I've written an empty <code>int main() {}</code> C file and am trying to decipher the disassembly via <code>objdump -d</code>. Here's what's going on: <ul> <li>in <code>_start</code>, set up alignment, push arguments on stack, call <code>__libc_start_main</code> </li> <li>in <code>__libc_start_main</code>, the first line to execute is <code>jmp *0x8049658</code> </li> </ul> However, upon using <code>objdump -R</code> to check out the relocation records, the value in <code>0x8049658</code> is <code>__libc_start_main</code> itself! I'm missing something here.. edit: here's some of the source; <pre class="prettyprint"><code> 080482c0 <__libc_start_main@plt>: 80482c0: ff 25 58 96 04 08 jmp *0x8049658 80482c6: 68 08 00 00 00 push $0x8 80482cb: e9 d0 ff ff ff jmp 80482a0 <_init+0x2c> Disassembly of section .text: 080482d0 <_start>: 80482d0: 31 ed xor %ebp,%ebp 80482d2: 5e pop %esi 80482d3: 89 e1 mov %esp,%ecx 80482d5: 83 e4 f0 and $0xfffffff0,%esp 80482d8: 50 push %eax 80482d9: 54 push %esp 80482da: 52 push %edx 80482db: 68 50 84 04 08 push $0x8048450 80482e0: 68 e0 83 04 08 push $0x80483e0 80482e5: 51 push %ecx 80482e6: 56 push %esi 80482e7: 68 d0 83 04 08 push $0x80483d0 80482ec: e8 cf ff ff ff call 80482c0 <__libc_start_main@plt> 80482f1: f4 hlt 80482f2: 66 90 xchg %ax,%ax DYNAMIC RELOCATION RECORDS OFFSET TYPE VALUE 08049644 R_386_GLOB_DAT __gmon_start__ 08049654 R_386_JUMP_SLOT __gmon_start__ 08049658 R_386_JUMP_SLOT __libc_start_main </code></pre>

The first block, ending in "@plt", is the procedure linkage table (https://stackoverflow.com/a/5469334/994153). The <code>jmp *0x8049658</code> is an indirect branch instruction, so it actually is jumping to <code>__libc_start_main</code> wherever it actually ends up getting loaded in RAM at runtime. The real RAM address of <code>__libc_start_main</code> is found in the DYNAMIC RELOCATION RECORDS table, which is created in RAM by the dynamic loader when the program is loaded.

What's going on in __libc_start

I'm really trying to understand the steps from high level code -> executable.. but am having some difficulties.

I've written an empty int main() {} C file and am trying to decipher the disassembly via objdump -d. Here's what's going on:

in _start, set up alignment, push arguments on stack, call __libc_start_main
in __libc_start_main, the first line to execute is jmp *0x8049658

However, upon using objdump -R to check out the relocation records, the value in 0x8049658 is __libc_start_main itself!

I'm missing something here..

edit: here's some of the source;

 080482c0 <__libc_start_main@plt>:  80482c0:       ff 25 58 96 04 08       jmp    *0x8049658  80482c6:       68 08 00 00 00          push   $0x8  80482cb:       e9 d0 ff ff ff          jmp    80482a0 <_init+0x2c>  Disassembly of section .text:  080482d0 <_start>:  80482d0:       31 ed                   xor    %ebp,%ebp  80482d2:       5e                      pop    %esi  80482d3:       89 e1                   mov    %esp,%ecx  80482d5:       83 e4 f0                and    $0xfffffff0,%esp  80482d8:       50                      push   %eax  80482d9:       54                      push   %esp  80482da:       52                      push   %edx  80482db:       68 50 84 04 08          push   $0x8048450  80482e0:       68 e0 83 04 08          push   $0x80483e0  80482e5:       51                      push   %ecx  80482e6:       56                      push   %esi  80482e7:       68 d0 83 04 08          push   $0x80483d0  80482ec:       e8 cf ff ff ff          call   80482c0 <__libc_start_main@plt>  80482f1:       f4                      hlt  80482f2:       66 90                   xchg   %ax,%ax     DYNAMIC RELOCATION RECORDS OFFSET   TYPE              VALUE  08049644 R_386_GLOB_DAT    __gmon_start__ 08049654 R_386_JUMP_SLOT   __gmon_start__ 08049658 R_386_JUMP_SLOT   __libc_start_main

What does __ Libc_start_main do?

The __libc_start_main() function shall perform any necessary initialization of the execution environment, call the main function with appropriate arguments, and handle the return from main(). If the main() function returns, the return value shall be passed to the exit() function.

What does __ Libc_csu_init do?

Both __libc_csu_init and call_init do basically the same thing: They run all constructors registered in the dynamic table entries INIT and INIT_ARRAY .

The first block, ending in "@plt", is the procedure linkage table (https://stackoverflow.com/a/5469334/994153). The jmp *0x8049658 is an indirect branch instruction, so it actually is jumping to __libc_start_main wherever it actually ends up getting loaded in RAM at runtime.

The real RAM address of __libc_start_main is found in the DYNAMIC RELOCATION RECORDS table, which is created in RAM by the dynamic loader when the program is loaded.

What's going on in __libc_start_main?

Tags:

c

linux

gcc

dynamic-linking

gone

People also ask

1 Answers

Colin D Bennett

Recent Activity

Donate For Us