DEV Community

Kamal Mustafa
Kamal Mustafa

Posted on • Edited on

How is a program on linux executed?

Just a self notes to refresh my mind on this, as it keep popping from time to time and I have to google it to answer the question.

Injecting into running process

  • Attach to the a current running process by gathering its PID.
  • Send a SIGSTOP to the program to halt it's execution
  • Dump its registers (specifically rip/eip)
  • Write your code to the stack where rip is pointing to.
  • Send a SIGCONT to the program to return control.
  • Profit.

https://www.real0day.com/hacking-tutorials/2017/11/6/injecting-a-running-process-linux

Also look into how strace work.

Summary

  • main() was defined in libc - the function in libc that assume the first function in C program to call is named main().
  • What address to load that contain the start of the program is defined in ELF headers.

https://stackoverflow.com/questions/7187981/whats-the-memory-before-0x08048000-used-for-in-32-bit-machine

Other similar topics

Top comments (2)

Collapse
 
v6 profile image
πŸ¦„N BπŸ›‘

// , For more perfect grammar, I would do "How is a program on linux executed?"

Thanks for posting this, though.

Collapse
 
k4ml profile image
Kamal Mustafa

Thanks. I'm not a native speaker :)