Chapter 20. Program ExZecution
20.1. Executable Files
An executable file is a regular file that describes how to initialize a new execution context
20.1.1. Process Credentials and Capabilities
20.1.1.0. Process Credentials
Table 20-1. Traditional process credentials
Name Description
uid, gid User and group real identifiers
euid, egid User and group effective identifiers
fsuid, fsgid User and group effective identifiers for file access
groups Supplementary group identifiers
suid, sgid User and group saved identifiers
20.1.1.1. Process capabilities
20.1.1.2. The Linux Security Modules framework
20.1.2. Command-Line Arguments and Shell Environment
int main(int argc, char *argv[])
int main(int argc, char *argv[], char *envp[])
Figure 20-1. The bottom locations of the User Mode stack
20.1.3. Libraries
static libraries :
This means that the executable file produced by the linker includes not only the code of the original program but also the
code of the library functions that the program refers to.
shared libraries:
The executable file does not contain the library object
code, but only a reference to the library name. When the program is loaded in memory for
execution, a suitable program called dynamic linker (also named ld.so ) takes care of analyzing the
library names in the executable file, locating the library in the system's directory tree and making
the requested code available to the executing process.
A process can also load additional shared
libraries at runtime by using the dlopen( ) library function.
20.1.4. Program Segments and Process Memory Regions
Text segment
Initialized data segment
Uninitialized data segment (bss)
Stack segment
Each mm_struct memory descriptor (see the section "The Memory Descriptor" in Chapter 9) includes
some fields that identify the role of a few crucial memory regions of the corresponding process:
start_code, end_code
start_data, end_data
start_brk, brk
arg_start, arg_end
env_start, env_end
20.1.4.1. Flexible memory region layout
20.1.5. Execution Tracing
We focus on how the kernel supports execution tracing rather than discussing how debuggers work.
In Linux, execution tracing is performed through the ptrace( ) system call, which can handle the
commands listed in Table 20-5.
20.2. Executable Formats