Kamal Mustafa
Posted on December 28, 2018
Just a self notes to refresh my mind on this, as it keep popping from time to time and I have to google it to answer the question.
- How program executed? - keyword "how main() executed".
- Wikipedia Execution (computing) - not much concrete information but still useful to trigger the long term memory section in your brain ;)
- Understanding the Memory Layout of Linux Executables - keyword - "linux start memory address".
- This post on building OS with Rust also informative on how OS being loaded and execute program.
Injecting into running process
- Attach to the a current running process by gathering its PID.
- Send a SIGSTOP to the program to halt it's execution
- Dump its registers (specifically rip/eip)
- Write your code to the stack where rip is pointing to.
- Send a SIGCONT to the program to return control.
- Profit.
https://www.real0day.com/hacking-tutorials/2017/11/6/injecting-a-running-process-linux
Also look into how strace work.
Summary
- main() was defined in libc - the function in libc that assume the first function in C program to call is named
main(). - What address to load that contain the start of the program is defined in ELF headers.
Other similar topics
- What happens when you type google.com into your browser's address box and press enter?
- What happens when you switch on your computer? Unlike above question, I can't find single good write-up, just too many of them:-
- https://bhavyanshu.me/what-happens-when-you-switch-on-your-computer-facts-that-most-computer-science-engineers-wouldnt-know/10/20/2014/
- https://medium.com/10xcod3r/what-really-happens-when-you-switch-on-a-computer-defe74ccaba4
- https://www.quora.com/What-exactly-happens-when-we-switch-on-the-computer
💖 💪 🙅 🚩
Kamal Mustafa
Posted on December 28, 2018
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.