Process of Lazy-Binding

发布于 2020-04-03  86 次阅读


SOURCE: System V Application Binary Interface AMD64 Architecture Processor Supplement
Draft Version 0.99.7

  1. When first creating the memory image of the program, the dynamic linker sets the second and the third entries in the global offset table to special values. Steps below explain more about these values.
  2. Each shared object file in the process image has its own procedure linkage table, and control transfers to a procedure linkage table entry only from within the same object file.
  3. For illustration, assume the program calls addvec, which transfers control to the label .PLT2.
    .plt section of this example program:

    trying to make a function call:
  4. The first instruction jumps to the address in the global offset table entry for addvec. Initially the global offset table holds the address of the following pushq instruction, not the real address of name1.
  5. Now the program pushes a relocation index on the stack.The relocation index is a 32-bit, non-negative index into the relocation table addressed by the DT_JMPREL dynamic section entry. The designated relocation entry will have type R_X86_64_JUMP_SLOT, and its offset will specify the global offset table entry used in the previous jmp instruction. The relocation entry contains a symbol table index that will reference the appropriate symbol, addvec in the example.
    related contents in .dynamic section:

    related contents in .rela.plt section

    the operation:
  6. After pushing the relocation index, the program then jumps to .PLT0, the first entry in the procedure linkage table. The pushq instruction places the value of the second global offset table entry (GOT+8) on the stack, thus giving the dynamic linker one word of identifying information. The program then jumps to the address in the third global offset table entry (GOT+16), which transfers control to the dynamic linker.
    the control flow is as follows:

    here is a glance on the GOT, you can see the _dl_runtime_resolve_xsavec function, which is the core of lazy-binding:
  7. When the dynamic linker receives control, it unwinds the stack, looks at the designated relocation entry, finds the symbol’s value, stores the “real” address for addvec in its global offset table entry, and transfers control to the desired destination.

    control transferred:
  8. Subsequent executions of the procedure linkage table entry will transfer directly to name1, without calling the dynamic linker a second time. That is, the jmp instruction at .PLT1 will transfer to name1, instead of “falling through” to the pushq instruction.

THAT's ALL OF IT!!


Sinon想要一个npy