linuxÖÐELF¼ÓÔعý³Ì·ÖÎö
sys_execve
| - do_execve
|
| - search_binary_handler
|- linux_binfmt= elf_format
|- elf_format-> load_elf_binary
| - elf_entry = load_elf_interp()
|-
| if (BAD_ADDR(elf_entry))
| force_sig(SIGSEGV, current);
| retval =-EINVAL;
binfmt_elf.c: line 1024
elf_entry = loc->elf_ex.e_entry;
if (BAD_ADDR(elf_entry)) {
force_sig(SIGSEGV, current);
retval = -EINVAL;
goto out_free_dentry;
}
ELF¿ÉÐеµµÄÔØÈ룺
ÄÚºËÖÐʵ¼ÊÖ´ÐÐ
execv()
»ò
execve()
ϵͳµ÷ÓõijÌÐòÊÇ
do_execve()
£¬Õâ¸öº¯ÊýÏÈ´ò¿ªÄ¿±êÓ³ÏñÎļþ£¬²¢´ÓÄ¿±êÎļþµÄÍ·²¿
(
´ÓµÚÒ»¸ö×Ö½Ú¿ªÊ¼
)
¶ÁÈëÈô¸É
(128)
×Ö½Ú£¬È»ºóµ÷ÓÃÁíÒ»¸öº¯Êý
search_binary_handler()
£¬ÔÚÄÇÀïÃæÈø÷ÖÖ¿ÉÖ´ÐгÌÐòµÄ´¦Àí³ÌÐòÇ°À´ÈÏÁìºÍ´¦Àí¡£ÄÚºËËùÖ§³ÖµÄÿÖÖ¿ÉÖ´ÐгÌÐò¶¼Óиö
struct linux_binfmt
Êý¾Ý½á¹¹£¬Í¨¹ýÏòÄں˵ǼǹÒÈëÒ»¸ö¶ÓÁС£¶ø
search_binary_handler()
£¬ÔòɨÃèÕâ¸ö¶ÓÁУ¬Èø÷¸öÊý¾Ý½á¹¹ËùÌṩµÄ´¦Àí³ÌÐò¡¢¼´¸÷ÖÖÓ³Ïñ¸ñʽ¡¢ÖðһǰÀ´ÈÏÁì¡£Èç¹ûij¸ö¸ñʽµÄ´¦Àí³ÌÐò·¢ÏÖÌØÕ÷Ïà·û¶ø£¬±ãÖ´ÐиøñʽӳÏñµÄ×°ÈëºÍÆô¶¯¡£
ÎÒÃÇ´Ó
ELF
¸ñʽӳÏñµÄ
Ïà¹ØÎĵµ£º
Ò»£®ÕæʵÖ÷»úÅäÖÃÓëÉèÖÃ
Ç°ÌáÌõ¼þ£º¹«Ë¾ÊÇͨ¹ýIP¡¢MACµØÖ·Ó³ÉäµÄ·½Ê½À´·ÃÎÊÍøÂçµÄ¡£
Íø¹Ø£º192.168.10.1
ÒÔÏÂÁ½×éIP£¬MAC¿ÉÒÔ·ÃÎÊÍâÍø
1.
IP:192.168.10.232
MAC: 00-0B-2F-1A-51-95
2.
IP:192.168.10.175
MAC:00-28-27-AB-56 ......
ÈçºÎÔÚlinuxϲ鿴µ±Ç°µÇ¼µÄÓû§£¬²¢ÇÒÌßµôÄãÈÏΪӦ¸ÃÌßµôµÄÓû§£¿
¿´ÁËÍøÂçÖеÄһЩÀý×Ó.ÔÚÕâÀï×ܽáÒ»ÏÂ.Ö÷ÒªÓõ½µÄÃüÁîÓÐ,w,who,ps,kill,pkill
²é¿´µ±Ç°µÇ¼Óû§:
node8:/home # who
root :0 2009-11-04 16:26
root pts/0 &n ......
×÷Õߣº·ëÀÚ (flw10000) MAIL£ºflw10000 AT 163.com
¾¹ý½üÒ»ÖܵÄæºõ£¬°Ñ»ùÓÚlinuxµÄMIPS½»²æ±àÒë»·¾³»ù±¾´î½¨³É¹¦£¬ÕâÀï˵"»ù±¾"´î½¨³É¹¦ÊÇÒòΪ»·¾³ËäÈ»´î½¨ºÃÁË£¬¿ÉÒÔ±àÒë»ùÓڣͣɣУӵĿÉÖ´ÐÐÎļþÁË£¬µ«»¹Ã»ÓÐÔÚÕæÕýµÄ£Í£É£Ð£Ó»·¾³Ï²âÊÔ¹ý£¬»¹ÓÐÔÚ±àÒëµÄ¹ý³ÌÖгöÏÖÁËЩÎÊÌ⣬ËäÈ»½â¾öÁË£¬Ò²ÒòûÓÐÔÚÕæÕýµÄ£Í£É£ ......
