ELF 加载器可以出于多种原因向您的进程发送 SIGKILL;您可能在标头中的某处有错误的地址和/或长度。
例如,一个PT_LOAD
段必须将可执行文件的适当部分映射到一个合理的地址(x86 Linux 的常用地址是 0x08048000,尽管这可能并不重要,只要它是页面对齐的,而不是 0,也不是太高)和两者中的地址ELF 标头中的.text
节标头和入口点需要与之匹配。
没有理由不能手动执行此操作(如果链接器可以创建它,那么您也可以!) - 如果您真的想要。但请注意,如果您只是简单地组装,则链接带有剥离的符号(下面的-s
标志ld
):
$ cat exit.s
.globl _start
_start:
movl $0,%ebx
movl $1,%eax
int $0x80
$ as -o exit.o exit.s
$ ld -s -o exit exit.o
$ ./exit
$ hexdump -Cv exit
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 74 00 00 00 00 00 00 00 34 00 20 00 01 00 28 00 |t.......4. ...(.|
00000030 03 00 02 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 60 00 00 00 60 00 00 00 05 00 00 00 |....`...`.......|
00000050 00 10 00 00 bb 00 00 00 00 b8 01 00 00 00 cd 80 |................|
00000060 00 2e 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 |..shstrtab..text|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 |................|
000000a0 01 00 00 00 06 00 00 00 54 80 04 08 54 00 00 00 |........T...T...|
000000b0 0c 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 |................|
000000c0 00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 60 00 00 00 11 00 00 00 00 00 00 00 |....`...........|
000000e0 00 00 00 00 01 00 00 00 00 00 00 00 |............|
000000ec
$
...那么结果无论如何都相当小(可能足够小,可以与失败的手工文件进行比较,看看你哪里出错了)。