comprensione dell'output di strace del programma c vuoto

Question

int main(int argc, char *argv[]) 
{ 
    return 0; 
} 

Dato il programma C sopra riportato, ottengo il seguente risultato usando clang test.c ; strace ./a.out.

execve("./a.out", ["./a.out"], [/* 36 vars */]) = 0 
brk(0)         = 0x1a06000 
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory) 
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c40f000 
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or directory) 
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 
fstat(3, {st_mode=S_IFREG|0644, st_size=78590, ...}) = 0 
mmap(NULL, 78590, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f785c3fb000 
close(3)        = 0 
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory) 
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\2\0\0\0\0\0"..., 832) = 832 
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0 
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f785be2a000 
mprotect(0x7f785bfe5000, 2093056, PROT_NONE) = 0 
mmap(0x7f785c1e4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7f785c1e4000 
mmap(0x7f785c1ea000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f785c1ea000 
close(3)        = 0 
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c3fa000 
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f785c3f8000 
arch_prctl(ARCH_SET_FS, 0x7f785c3f8740) = 0 
mprotect(0x7f785c1e4000, 16384, PROT_READ) = 0 
mprotect(0x600000, 4096, PROT_READ)  = 0 
mprotect(0x7f785c411000, 4096, PROT_READ) = 0 
munmap(0x7f785c3fb000, 78590)   = 0 
exit_group(0)       = ? 
+++ exited with 0 +++ 

Qualcosa mi ha sconcertato:

• Che cosa significa la linea termina con 0x7f785c40f000 media/fare?
• Perché 3949248 in mmap quando libc.so è 1840928 grande?
• Da dove viene l'indirizzo utilizzato in mprotect?
• Da dove viene l'indirizzo utilizzato in mmap da quando non è NULL?
• Quali sono la memoria 4k e 8k allocata da mmap subito prima dello arch_prctl?

Answer 1

Piuttosto che provare e dirti perché vengono utilizzati quegli indirizzi/dimensioni esatti (e poiché nessun altro ha risposto), ho pensato che ti sarebbe piaciuto un modo per esaminare da dove i valori provengono. Puoi usare gdb sul loader e fermarti a ogni syscall o a un particolare syscall. Supponendo che hai debuginfos installato, puoi guardare il codice per vedere i valori. Ecco un esempio:

$ gdb -q /lib64/ld-2.17.so 
Reading symbols from /lib64/ld-2.17.so...Reading symbols from /usr/lib/debug/lib64/ld-2.17.so.debug...done. 
done. 
(gdb) b _start 
Breakpoint 1 at 0x1430 
(gdb) run ./a.out 
Starting program: /lib64/ld-2.17.so ./a.out 

Breakpoint 1, 0x0000555555555430 in _start() 
(gdb) p getpid() 
$1 = 18102 
(gdb) !cat /proc/18102/maps 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) catch syscall mmap 
Catchpoint 2 (syscall 'mmap' [9]) 
(gdb) c 
Continuing. 

Catchpoint 2 (call to syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) fin 
Run till exit from #0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 

Catchpoint 2 (returned from syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) !cat /proc/18102/maps 
00400000-00401000 r-xp 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) c 
Continuing. 
[...] 
Continuing. 

Catchpoint 2 (call to syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) fin 
Run till exit from #0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 

Catchpoint 2 (returned from syscall mmap), 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
81  T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) 
(gdb) !cat /proc/18102/maps 
00400000-00401000 r-xp 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
00600000-00601000 rw-p 00000000 ca:01 13014        /home/ec2-user/so/e1/a.out 
555555554000-555555575000 r-xp 00000000 ca:01 396014      /lib64/ld-2.17.so 
555555775000-555555777000 rw-p 00021000 ca:01 396014      /lib64/ld-2.17.so 
555555777000-555555778000 rw-p 00000000 00:00 0       [heap] 
7ffff7c32000-7ffff7ff4000 r-xp 00000000 ca:01 396021      /lib64/libc-2.17.so 
7ffff7ff4000-7ffff7ffa000 r--p 00000000 ca:01 305615      /etc/ld.so.cache 
7ffff7ffa000-7ffff7ffb000 rw-p 00000000 00:00 0 
7ffff7ffb000-7ffff7ffd000 r--p 00000000 00:00 0       [vvar] 
7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0       [vdso] 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0       [stack] 
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0     [vsyscall] 
(gdb) bt 
#0 0x000055555556c6aa in mmap64() at ../sysdeps/unix/syscall-template.S:81 
#1 0x000055555555a45f in _dl_map_object_from_fd (name=name@entry=0x4002a1 "libc.so.6", fd=7, fbp=fbp@entry=0x7fffffffdb78, 
    realname=0x7ffff7ffa640 "/lib64/libc.so.6", loader=loader@entry=0x555555777210, l_type=l_type@entry=1, mode=mode@entry=0, 
    stack_endp=stack_endp@entry=0x7fffffffdb70, nsid=nsid@entry=0) at dl-load.c:1295 
#2 0x000055555555c49b in _dl_map_object (loader=0x555555777210, name=0x4002a1 "libc.so.6", type=1, trace_mode=0, mode=<optimized out>, nsid=<optimized out>) 
    at dl-load.c:2374 
#3 0x0000555555560992 in openaux (a=a@entry=0x7fffffffe128) at dl-deps.c:63 
#4 0x00005555555631b4 in _dl_catch_error (objname=objname@entry=0x7fffffffe120, errstring=errstring@entry=0x7fffffffe118, 
    mallocedp=mallocedp@entry=0x7fffffffe110, operate=operate@entry=0x555555560960 <openaux>, args=args@entry=0x7fffffffe128) at dl-error.c:177 
#5 0x0000555555561092 in _dl_map_object_deps (map=<optimized out>, preloads=<optimized out>, npreloads=<optimized out>, trace_mode=<optimized out>, 
    open_mode=<optimized out>) at dl-deps.c:256 
#6 0x00005555555572c5 in dl_main (phdr=<optimized out>, phdr@entry=0x555555554040, phnum=<optimized out>, phnum@entry=7, 
    user_entry=user_entry@entry=0x7fffffffe2b8, auxv=<optimized out>) at rtld.c:1727 
#7 0x000055555556a7d5 in _dl_sysdep_start (start_argptr=<optimized out>, dl_main=0x555555555a70 <dl_main>) at ../elf/dl-sysdep.c:244 
#8 0x0000555555558cc1 in _dl_start_final (arg=0x7fffffffe370) at rtld.c:318 
#9 _dl_start (arg=0x7fffffffe370) at rtld.c:544 
#10 0x0000555555555438 in _start()