TUTORIALS 》 A Linux system call in C without a standard library
This article is submitted by my student:
If you want to feature your article,
you can kindly contact me via email and send your article submissions (content and the resources).
Once they are reviewed, I should accept and post the same 🤗
🔗
When we learn C, we are taught that main is the first function called in a C program. But in reality, main is simply a convention of the standard library.
root@raminfp:# cat main.c
#include <stdio.h>
int main(int argc, char* argv[])
{
printf("hello world\n");
return 0;
}
root@raminfp:# gcc main.c
root@raminfp:# a.out
hello world
root@raminfp:#
Now we decode a.out with gdb tools:
root@raminfp:# gdb a.out
Starting program: ~/a.out
[----------------------------------registers-----------------------------------]
RAX: 0x5555555546a0 (<main>: push rbp)
RBX: 0x0
RCX: 0x0
RDX: 0x7fffffffddf8 --> 0x7fffffffe1da ("LC_PAPER=fa_IR")
RSI: 0x7fffffffdde8 --> 0x7fffffffe18d ("/syscall/C_syscall_without_standard_library_linux/a.out")
RDI: 0x1
RBP: 0x7fffffffdd00 --> 0x5555555546d0 (<__libc_csu_init>: push r15)
RSP: 0x7fffffffdd00 --> 0x5555555546d0 (<__libc_csu_init>: push r15)
RIP: 0x5555555546a4 (<main+4>: sub rsp,0x10)
R8 : 0x555555554740 (<__libc_csu_fini>: repz ret)
R9 : 0x7ffff7de8bd0 (<_dl_fini>: push rbp)
R10: 0x10000000000
R11: 0x7ffff7ffa19c (mov ch,BYTE PTR [rdx])
R12: 0x555555554570 (<_start>: xor ebp,ebp)
R13: 0x7fffffffdde0 --> 0x1
R14: 0x0
R15: 0x0
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x55555555469b <frame_dummy+43>: jmp 0x5555555545e0 <register_tm_clones>
0x5555555546a0 <main>: push rbp
0x5555555546a1 <main+1>: mov rbp,rsp
=> 0x5555555546a4 <main+4>: sub rsp,0x10
0x5555555546a8 <main+8>: mov DWORD PTR [rbp-0x4],edi
0x5555555546ab <main+11>: mov QWORD PTR [rbp-0x10],rsi
0x5555555546af <main+15>: lea rdi,[rip+0x9e] # 0x555555554754
0x5555555546b6 <main+22>: call 0x555555554560
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffdd00 --> 0x5555555546d0 (<__libc_csu_init>: push r15)
0008| 0x7fffffffdd08 --> 0x7ffff7a313f1 (<__libc_start_main+241>: mov edi,eax)
0016| 0x7fffffffdd10 --> 0x7ffff7dce798 --> 0x7ffff7a30d30 (<init_cacheinfo>: push r15)
0024| 0x7fffffffdd18 --> 0x7fffffffdde8 --> 0x7fffffffe18d ("/home/raminfp/Desktop/syscall/C_syscall_without_standard_library_linux/a.out")
0032| 0x7fffffffdd20 --> 0x1f7b9a888
0040| 0x7fffffffdd28 --> 0x5555555546a0 (<main>: push rbp)
0048| 0x7fffffffdd30 --> 0x0
0056| 0x7fffffffdd38 --> 0xdac473773e2a1848
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 1, 0x00005555555546a4 in main ()
notice the output of gdb run command. The first function in reality is _start
0x555555554570 (<_start>: xor ebp,ebp)
Now if we try to compile our current code with -nostdlib gcc option, we will run into linker errors as shown below:
root@raminfp:# gcc -s -O2 -nostdlib main.c /usr/bin/ld: warning: cannot find entry symbol _start; defaulting to 0000000000000310 /tmp/ccqHCAhy.o: In function `main': main.c:(.text.startup+0xc): undefined reference to `puts' collect2: error: ld returned 1 exit status