问题
Here is a bit of information I got about program_invocation_name:
- This value contains the name that was used to invoke the calling program.
- This value is automatically initialized.
- This value is global variable.
(So at the first sight, I thought it was in<.bss>or<.data>.
But it was instackmemory region. That's weird...)
Here is debugger view of program_invocation_name:
pwndbg> x/s program_invocation_name
0xbffff302: "/tmp/my_program"
Problem)
I followed the execution flow from the start of program to end, but I could not found the very moment that program_invocation_name is set.
Question)
Q1. Who(what function) set this value? (loader sets this value..?)
Q2. How program knows recognize it as global variable, although this value is located in the stack?
Q3. Sometimes, some binary runs without this value. In this case, It is problem of loader?
回答1:
Who(what function) set this value? (loader sets this value..?)
You can answer this by setting a watchpoint on it:
(gdb) start
Temporary breakpoint 1, main () at t.c:5
5 return 0;
(gdb) info var program_invocation_name
All variables matching regular expression "program_invocation_name":
Non-debugging symbols:
0x00007ffff7dd43b8 program_invocation_name
0x00007ffff7dd43b8 program_invocation_name
(gdb) watch *(char **)0x00007ffff7dd43b8
Hardware watchpoint 2: *(char **)0x00007ffff7dd43b8
(gdb) run
Starting program: /tmp/a.out
Hardware watchpoint 2: *(char **)0x00007ffff7dd43b8
Old value = <unreadable>
New value = 0x7ffff7b9b7a5 ""
0x00007ffff7de4c02 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
(gdb) c
Continuing.
Hardware watchpoint 2: *(char **)0x00007ffff7dd43b8
Old value = 0x7ffff7b9b7a5 ""
New value = 0x7fffffffdfa7 "/tmp/a.out"
0x00007ffff7b22963 in __init_misc () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff7b22963 in __init_misc () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7a5a134 in _init () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff7de886a in call_init.part () from /lib64/ld-linux-x86-64.so.2
#3 0x00007ffff7de89bb in _dl_init () from /lib64/ld-linux-x86-64.so.2
#4 0x00007ffff7dd9c5a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
#5 0x0000000000000001 in ?? ()
#6 0x00007fffffffdfa7 in ?? ()
ZQ2. How program knows recognize it as global variable, although this value is located in the stack?
The variable is a global variable in the .data section:
(gdb) info sym 0x00007ffff7dd43b8
program_invocation_name in section .data of /lib/x86_64-linux-gnu/libc.so.6
It's a pointer, that points into the stack (it points into stack area where the kernel passes argv[] to the process).
Q3. Sometimes, some binary runs without this value. In this case, It is problem of loader?
The binary can not run without this variable. But the variable may point to empty string (if e.g. the parent process did not use the usual calling convention and instead did something like execl("/tmp/a.out", (char*)NULL)).
Also, the program can "wipe" its own stack (e.g. due to stack overflow, or intentionally to hide from ps (many rootkits do that)), and then program_invocation_name will continue to point to the stack location where program name used to be, but no longer is.
来源:https://stackoverflow.com/questions/52275427/what-function-set-program-invocation-name-and-when