流程java调用native的本质是什么?实质就是一个cpu跳转指令,如arm的bl指令,指令有个参数,得告诉指令跳转到什么地方,也就是内存地址。那如何获取方法内存地址,那首先方法得加载到内存吧,也就
流程
java调用native的本质是什么?实质就是一个cpu跳转指令,如arm的bl指令,指令有个参数,得告诉指令跳转到什么地方,也就是内存地址。那如何获取方法内存地址,那首先方法得加载到内存吧,也就是方法所在的so得加载进内存,再根据so基址找到方法的内存地址。当然我们需要具备一些基础知识,如elf文件格式,我们才知道怎么加载内存,怎么找到对应的方法符号,鉴于elf格式资料网上很多,在此不做过多赘述
- Load:读取elf信息、加载PT_LOAD
- Link:预链接、重定位
java入口
System.loadLibrary(String libname) -->Runtime.loadLibrary0(Class<?> fromClass, String libname) -->Runtime.loadLibrary0(ClassLoader loader, Class<?> callerClass, String libname) -->Runtime.nativeLoad(String filename, ClassLoader loader) -->Runtime.nativeLoad(String filename, ClassLoader loader, Class<?> caller);最后三个参数的nativeLoad为native方法,对应的是Runtime.c的Runtime_nativeLoad方法
static JNINativeMethod gMethods[] = { FAST_NATIVE_METHOD(Runtime, freeMemory, "()J"), FAST_NATIVE_METHOD(Runtime, totalMemory, "()J"), FAST_NATIVE_METHOD(Runtime, maxMemory, "()J"), NATIVE_METHOD(Runtime, nativeGc, "()V"), NATIVE_METHOD(Runtime, nativeExit, "(I)V"), NATIVE_METHOD(Runtime, nativeLoad, "(Ljava/lang/String;Ljava/lang/ClassLoader;Ljava/lang/Class;)" "Ljava/lang/String;"),};由上我们可以看出java层最终跳到了native层的Runtime.c的Runtime_nativeLoad,接下来就进入native的世界
native层
基本流程如上,重点方法为**LoadNativeLibrary,**里面涉及了Jni_OnLoad的调用,最后由do_dlopen进入linker,在linker里面进行加载链接等操作
进入linker后,由find_libraries方法进行整体的分发操作,包括读取、加载、链接、一些其他处理的入口都在find_libraries方法里
find_libraries
Step 0: prepare.
初始化准备工作:创建LoadTaskList,soinfos分配内存
Step 1: expand the list of load_tasks to include all DT_NEEDED libraries (do not load them just yet)
遍历LoadTaskList,将所有DT_NEEDED导入LoadTaskList,进行so关键信息的读取,主要调用了find_library_internal
Step 2: Load libraries in random order (see b/24047022)
主要间接调用了ElfReader::Load进行so的加载,将so加载进入内存
Step 3: pre-link all DT_NEEDED libraries in breadth first order.
链接准备工作,主要读取
.dynamic节区的一些关键数据,关键调用soinfo::prelink_image()Step 4: Construct the global group. Note: DF_1_GLOBAL bit of a library is determined at step 3.
Step 5: Collect roots of local_groups.
Step 6: Link all local groups
链接所有的本地groups 主要调用
soinfo::link_imageStep 7: Mark all load_tasks as linked and increment refcounts for references between load_groups (at this point it does not matter if referenced load_groups were loaded by previous dlopen or as part of this one on step 6)
一些收尾的工作,如一些flag设置
bool find_libraries(android_namespace_t *ns, soinfo *start_with, const char *const library_names[], size_t library_names_count, soinfo *soinfos[], std::vector<soinfo *> *ld_preloads, size_t ld_preloads_count, int rtld_flags, const android_dlextinfo *extinfo, bool add_as_children, bool search_linked_namespaces, std::vector<android_namespace_t *> *namespaces) { // Step 0: prepare. std::unordered_map<const soinfo *, ElfReader> readers_map; LoadTaskList load_tasks; //遍历library_names_count,创建LoadTask for (size_t i = 0; i < library_names_count; ++i) { const char *name = library_names[i]; load_tasks.push_back(LoadTask::create(name, start_with, ns, &readers_map)); } // Step 1: expand the list of load_tasks to include // all DT_NEEDED libraries (do not load them just yet) for (size_t i = 0; i < load_tasks.size(); ++i) { LoadTask *task = load_tasks[i]; soinfo *needed_by = task->get_needed_by(); // 判断是否为DT_DEEDED的库,根的deeded_by是从start_with bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children); task->set_extinfo(is_dt_needed ? nullptr : extinfo); task->set_dt_needed(is_dt_needed); // Note: start from the namespace that is stored in the LoadTask. This namespace // is different from the current namespace when the LoadTask is for a transitive // dependency and the lib that created the LoadTask is not found in the // current namespace but in one of the linked namespace. //读取 if (!find_library_internal(const_cast<android_namespace_t *>(task->get_start_from()), task, &zip_archive_cache, &load_tasks, rtld_flags, search_linked_namespaces || is_dt_needed)) { return false; } soinfo *si = task->get_soinfo(); if (is_dt_needed) { needed_by->add_child(si); } // When ld_preloads is not null, the first // ld_preloads_count libs are in fact ld_preloads. if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { ld_preloads->push_back(si); } if (soinfos_count < library_names_count) { soinfos[soinfos_count++] = si; } } // Step 2: Load libraries in random order (see b/24047022) LoadTaskList load_list; for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); auto pred = [&](const LoadTask *t) { return t->get_soinfo() == si; }; if (!si->is_linked() && std::find_if(load_list.begin(), load_list.end(), pred) == load_list.end()) { load_list.push_back(task); } } bool reserved_address_recursive = false; if (extinfo) { reserved_address_recursive = extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE; } if (!reserved_address_recursive) { // Shuffle the load order in the normal case, but not if we are loading all // the libraries to a reserved address range. shuffle(&load_list); } // Set up address space parameters. address_space_params extinfo_params, default_params; size_t relro_fd_offset = 0; if (extinfo) { if (extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS) { extinfo_params.start_addr = extinfo->reserved_addr; extinfo_params.reserved_size = extinfo->reserved_size; extinfo_params.must_use_address = true; } else if (extinfo->flags & ANDROID_DLEXT_RESERVED_ADDRESS_HINT) { extinfo_params.start_addr = extinfo->reserved_addr; extinfo_params.reserved_size = extinfo->reserved_size; } } for (auto &&task : load_list) { address_space_params *address_space = (reserved_address_recursive || !task->is_dt_needed()) ? &extinfo_params : &default_params; //加载进内存 if (!task->load(address_space)) { return false; } } // Step 3: pre-link all DT_NEEDED libraries in breadth first order. // 以广度优先的顺序预链接所有DT_NEEDED libraries(遍历获取.dynamic有用的信息) for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); //链接 if (!si->is_linked() && !si->prelink_image()) { return false; } register_soinfo_tls(si); } // Step 4: Construct the global group. Note: DF_1_GLOBAL bit of a library is // determined at step 3. ..... // Step 4-2: Gather all DF_1_GLOBAL libs which were newly loaded during this // run. These will be the new member of the global group // 收集在此期间新加载的所有DF_1_GLOBAL libs,放至new_global_group_members全局组里面 soinfo_list_t new_global_group_members; for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); if (!si->is_linked() && (si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { new_global_group_members.push_back(si); } } // Step 4-3: Add the new global group members to all the linked namespaces // 将所有链接的命名空间添加进全局组成员 if (namespaces != nullptr) { for (auto linked_ns : *namespaces) { for (auto si : new_global_group_members) { if (si->get_primary_namespace() != linked_ns) { linked_ns->add_soinfo(si); si->add_secondary_namespace(linked_ns); } } } } // Step 5: Collect roots of local_groups. // Whenever needed_by->si link crosses a namespace boundary it forms its own local_group. // Here we collect new roots to link them separately later on. Note that we need to avoid // collecting duplicates. Also the order is important. They need to be linked in the same // BFS order we link individual libraries. std::vector<soinfo *> local_group_roots; if (start_with != nullptr && add_as_children) { local_group_roots.push_back(start_with); } else { CHECK(soinfos_count == 1); local_group_roots.push_back(soinfos[0]); } for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); soinfo *needed_by = task->get_needed_by(); bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children); android_namespace_t *needed_by_ns = is_dt_needed ? needed_by->get_primary_namespace() : ns; if (!si->is_linked() && si->get_primary_namespace() != needed_by_ns) { auto it = std::find(local_group_roots.begin(), local_group_roots.end(), si); if (it == local_group_roots.end()) { local_group_roots.push_back(si); } } } // Step 6: Link all local groups for (auto root : local_group_roots) { soinfo_list_t local_group; android_namespace_t *local_group_ns = root->get_primary_namespace(); walk_dependencies_tree(root, [&](soinfo *si) { if (local_group_ns->is_accessible(si)) { local_group.push_back(si); return kWalkContinue; } else { return kWalkSkip; } }); soinfo_list_t global_group = local_group_ns->get_global_group(); bool linked = local_group.visit([&](soinfo *si) { // Even though local group may contain accessible soinfos from other namespaces // we should avoid linking them (because if they are not linked -> they // are in the local_group_roots and will be linked later). if (!si->is_linked() && si->get_primary_namespace() == local_group_ns) { const android_dlextinfo *link_extinfo = nullptr; if (si == soinfos[0] || reserved_address_recursive) { // Only forward extinfo for the first library unless the recursive // flag is set. link_extinfo = extinfo; } if (!si->link_image(global_group, local_group, link_extinfo, &relro_fd_offset) || !get_cfi_shadow()->AfterLoad(si, solist_get_head())) { return false; } } return true; }); if (!linked) { return false; } } // Step 7: Mark all load_tasks as linked and increment refcounts // for references between load_groups (at this point it does not matter if // referenced load_groups were loaded by previous dlopen or as part of this // one on step 6) if (start_with != nullptr && add_as_children) { start_with->set_linked(); } for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); si->set_linked(); } for (auto &&task : load_tasks) { soinfo *si = task->get_soinfo(); soinfo *needed_by = task->get_needed_by(); if (needed_by != nullptr && needed_by != start_with && needed_by->get_local_group_root() != si->get_local_group_root()) { si->increment_ref_count(); } } return true;}find_library_internal
主要为读取so的section和segment等信息,调用load_library进行读取,虽然为load,但本质不是load,为真正的load做一些准备工作
static bool find_library_internal(android_namespace_t *ns, LoadTask *task, ZipArchiveCache *zip_archive_cache, LoadTaskList *load_tasks, int rtld_flags, bool search_linked_namespaces) { soinfo *candidate; //如果已经加载过直接返回true if (find_loaded_library_by_soname(ns, task->get_name(), search_linked_namespaces, &candidate)) { task->set_soinfo(candidate); return true; } // Library might still be loaded, the accurate detection // of this fact is done by load_library. // 库可能仍然被加载,这个事实的准确检测是由load_Library完成的。 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags, search_linked_namespaces)) { return true; } // TODO(dimitry): workaround for http://b/26394120 (the grey-list) //灰名单判断 if (ns->is_greylist_enabled() && is_greylisted(ns, task->get_name(), task->get_needed_by())) { // For the libs in the greylist, switch to the default namespace and then // try the load again from there. The library could be loaded from the // default namespace or from another namespace (e.g. runtime) that is linked // from the default namespace. ns = &g_default_namespace; if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags, search_linked_namespaces)) { return true; } } // END OF WORKAROUND if (search_linked_namespaces) { // if a library was not found - look into linked namespaces // preserve current dlerror in the case it fails. DlErrorRestorer dlerror_restorer; for (auto &linked_namespace : ns->linked_namespaces()) { if (find_library_in_linked_namespace(linked_namespace, task)) { if (task->get_soinfo() == nullptr) { // try to load the library - once namespace boundary is crossed // we need to load a library within separate load_group // to avoid using symbols from foreign namespace while. // // However, actual linking is deferred until when the global group // is fully identified and is applied to all namespaces. // Otherwise, the libs in the linked namespace won't get symbols from // the global group. if (load_library(linked_namespace.linked_namespace(), task, zip_archive_cache, load_tasks, rtld_flags, false)) { LD_LOG( kLogDlopen, "find_library_internal(ns=%s, task=%s): Found in linked namespace %s", ns->get_name(), task->get_name(), linked_namespace.linked_namespace()->get_name()); return true; } } else { // lib is already loaded return true; } } } } return false;}load_library
由上步find_library_internal调用
主要工作为:一些校验、soinfo分配、读取section和segment、遍历DT_NEEDED并创建LoadTask
DT_NEEDED为该so依赖的其它so库
static bool load_library(android_namespace_t *ns, LoadTask *task, LoadTaskList *load_tasks, int rtld_flags, const std::string &realpath, bool search_linked_namespaces) { off64_t file_offset = task->get_file_offset(); const char *name = task->get_name(); const android_dlextinfo *extinfo = task->get_extinfo(); //一些校验 ..... //分配soinfo空间 soinfo *si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags); if (si == nullptr) { return false; } task->set_soinfo(si); // Read the ELF header and some of the segments. // 读取elf头和一些段 if (!task->read(realpath.c_str(), file_stat.st_size)) { soinfo_free(si); task->set_soinfo(nullptr); return false; } // find and set DT_RUNPATH and dt_soname // Note that these field values are temporary and are // going to be overwritten on soinfo::prelink_image // with values from PT_LOAD segments. // 遍历.dynamic获取DT_RUNPATH、DT_SONAME const ElfReader &elf_reader = task->get_elf_reader(); for (const ElfW(Dyn) *d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { if (d->d_tag == DT_RUNPATH) { si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val)); } if (d->d_tag == DT_SONAME) { si->set_soname(elf_reader.get_string(d->d_un.d_val)); } } // 遍历DT_NEEDED,创建LoadTask,push_back进load_tasks // 注意LoadTask::create参数needed_by,为加载的soinfo for_each_dt_needed(task->get_elf_reader(), [&](const char *name) { load_tasks->push_back(LoadTask::create(name, si, ns, task->get_readers_map())); }); return true;}soinfo_alloc
soinfo空间分配核心方法
soinfo *soinfo_alloc(android_namespace_t *ns, const char *name, const struct stat *file_stat, off64_t file_offset, uint32_t rtld_flags) { if (strlen(name) >= PATH_MAX) { async_safe_fatal("library name /"%s/" too long", name); } TRACE("name %s: allocating soinfo for ns=%p", name, ns); soinfo *si = new(g_soinfo_allocator.alloc()) soinfo(ns, name, file_stat, file_offset, rtld_flags); solist_add_soinfo(si); si->generate_handle(); ns->add_soinfo(si); TRACE("name %s: allocated soinfo @ %p", name, si); return si;}ElfReader::Read
该方法为so的读取核心, 分辨是elf头的读取校验、程序头表读取、section头表读取、动态节区读取
读取的难点主要在对elf文件格式的了解,本质就是一些偏移而已
bool ElfReader::Read(const char *name, int fd, off64_t file_offset, off64_t file_size) { if (did_read_) { return true; } name_ = name; fd_ = fd; file_offset_ = file_offset; file_size_ = file_size; if (ReadElfHeader() && VerifyElfHeader() && ReadProgramHeaders() && ReadSectionHeaders() && ReadDynamicSection()) { did_read_ = true; } return did_read_;}for_each_dt_needed
根据动态节区遍历dt_needed
template<typename F>static void for_each_dt_needed(const ElfReader &elf_reader, F action) { for (const ElfW(Dyn) *d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { if (d->d_tag == DT_NEEDED) { action(fix_dt_needed(elf_reader.get_string(d->d_un.d_val), elf_reader.name())); } }}由上可知,以find_library_internal为入口,为so加载做的一些准备工作,包括:elf信息读取、空间分配、dt_need的读取,西面就正式进入到so的加载
段加载
elf分为链接视图和加载视图,加载我们只需要关心sgemnt段
加载的本质:遍历需要加载的segment,mmap进内存内存,就这么简单。只是需要计算具体mmap到什么位置,权限是什么
因为elf加载进内存,每个段的rwx权限都不一样,所以需要进行内存对齐,构建elf文件的时候,为了节省空间,可能没进行文件对齐,需要在加载的时候注意对齐的处理,其实难点更多的是在内存对齐吧,具体细节不在此阐述。
以下函数为加载的关键方法,具体加载不做细究
bool ElfReader::LoadSegments() { for (size_t i = 0; i < phdr_num_; ++i) { const ElfW(Phdr)* phdr = &phdr_table_[i]; // Segment addresses in memory. ElfW(Addr) seg_start = phdr->p_vaddr + load_bias_; ElfW(Addr) seg_end = seg_start + phdr->p_memsz; ElfW(Addr) seg_page_start = PAGE_START(seg_start); ElfW(Addr) seg_page_end = PAGE_END(seg_end); ElfW(Addr) seg_file_end = seg_start + phdr->p_filesz; // File offsets. ElfW(Addr) file_start = phdr->p_offset; ElfW(Addr) file_end = file_start + phdr->p_filesz; ElfW(Addr) file_page_start = PAGE_START(file_start); ElfW(Addr) file_length = file_end - file_page_start; if (file_length != 0) { int prot = PFLAGS_TO_PROT(phdr->p_flags); void* seg_addr = mmap64(reinterpret_cast<void*>(seg_page_start), file_length, prot, MAP_FIXED|MAP_PRIVATE, fd_, file_offset_ + file_page_start); // if the segment is writable, and does not end on a page boundary, // zero-fill it until the page limit. if ((phdr->p_flags & PF_W) != 0 && PAGE_OFFSET(seg_file_end) > 0) { memset(reinterpret_cast<void*>(seg_file_end), 0, PAGE_SIZE - PAGE_OFFSET(seg_file_end)); } seg_file_end = PAGE_END(seg_file_end); // seg_file_end is now the first page address after the file // content. If seg_end is larger, we need to zero anything // between them. This is done by using a private anonymous // map for all extra pages. if (seg_page_end > seg_file_end) { size_t zeromap_size = seg_page_end - seg_file_end; void* zeromap = mmap(reinterpret_cast<void*>(seg_file_end), zeromap_size, PFLAGS_TO_PROT(phdr->p_flags), MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, zeromap, zeromap_size, ".bss"); } } return true;}由上so总算加载进了内存,其中包括了so依赖的库,当然接下来就是动态链接阶段,说白了就是对一些函数地址的修复
soinfo::prelink_image
动态链接准备工作,提取dynamic节区信息,本质就是遍历.dymaic节区
bool soinfo::prelink_image() { /* 提取dynamic节区信息 */ ElfW(Word) dynamic_flags = 0; phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); /* We can't log anything until the linker is relocated */ /* 在重新定位链接器之前,我们无法记录任何内容 */ bool relocating_linker = (flags_ & FLAG_LINKER) != 0; if (!relocating_linker) { INFO("[ Linking /"%s/" ]", get_realpath()); DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void *>(base), flags_); } // Extract useful information from dynamic section. // Note that: "Except for the DT_NULL element at the end of the array, // and the relative order of DT_NEEDED elements, entries may appear in any order." // // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html uint32_t needed_count = 0; for (ElfW(Dyn) *d = dynamic; d->d_tag != DT_NULL; ++d) { DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", d, reinterpret_cast<void *>(d->d_tag), reinterpret_cast<void *>(d->d_un.d_val)); switch (d->d_tag) { case DT_SONAME: // this is parsed after we have strtab initialized (see below). break; case DT_HASH: nbucket_ = reinterpret_cast<uint32_t *>(load_bias + d->d_un.d_ptr)[0]; nchain_ = reinterpret_cast<uint32_t *>(load_bias + d->d_un.d_ptr)[1]; bucket_ = reinterpret_cast<uint32_t *>(load_bias + d->d_un.d_ptr + 8); chain_ = reinterpret_cast<uint32_t *>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); break; case DT_STRTAB: strtab_ = reinterpret_cast<const char *>(load_bias + d->d_un.d_ptr); break; case DT_STRSZ: strtab_size_ = d->d_un.d_val; break; case DT_SYMTAB: symtab_ = reinterpret_cast<ElfW(Sym) *>(load_bias + d->d_un.d_ptr); break; case DT_SYMENT: if (d->d_un.d_val != sizeof(ElfW(Sym))) { DL_ERR("invalid DT_SYMENT: %zd in /"%s/"", static_cast<size_t>(d->d_un.d_val), get_realpath()); return false; } break; case DT_JMPREL: plt_rel_ = reinterpret_cast<ElfW(Rel) *>(load_bias + d->d_un.d_ptr); break; case DT_PLTRELSZ: plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); break; case DT_RELR: relr_ = reinterpret_cast<ElfW(Relr) *>(load_bias + d->d_un.d_ptr); break; case DT_RELRSZ: relr_count_ = d->d_un.d_val / sizeof(ElfW(Relr)); break; case DT_INIT: init_func_ = reinterpret_cast<linker_ctor_function_t>(load_bias + d->d_un.d_ptr); DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); break; case DT_FINI: fini_func_ = reinterpret_cast<linker_dtor_function_t>(load_bias + d->d_un.d_ptr); DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); break; case DT_INIT_ARRAY: init_array_ = reinterpret_cast<linker_ctor_function_t *>(load_bias + d->d_un.d_ptr); DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); break; case DT_INIT_ARRAYSZ: init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); break; case DT_FINI_ARRAY: fini_array_ = reinterpret_cast<linker_dtor_function_t *>(load_bias + d->d_un.d_ptr); DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); break; case DT_FINI_ARRAYSZ: fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); break; } } // Sanity checks. // 一些检查:hash表,字符串表、 字符表 if (relocating_linker && needed_count != 0) { DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); return false; } if (nbucket_ == 0 && gnu_nbucket_ == 0) { DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in /"%s/" " "(new hash type from the future?)", get_realpath()); return false; } if (strtab_ == nullptr) { DL_ERR("empty/missing DT_STRTAB in /"%s/"", get_realpath()); return false; } if (symtab_ == nullptr) { DL_ERR("empty/missing DT_SYMTAB in /"%s/"", get_realpath()); return false; } // second pass - parse entries relying on strtab // 通过上边获得的strtab表,解析so_name、runpath for (ElfW(Dyn) *d = dynamic; d->d_tag != DT_NULL; ++d) { switch (d->d_tag) { case DT_SONAME: set_soname(get_string(d->d_un.d_val)); break; case DT_RUNPATH: set_dt_runpath(get_string(d->d_un.d_val)); break; } } // Before M release linker was using basename in place of soname. // In the case when dt_soname is absent some apps stop working // because they can't find dt_needed library by soname. // This workaround should keep them working. (Applies only // for apps targeting sdk version < M.) Make an exception for // the main executable and linker; they do not need to have dt_soname. // TODO: >= O the linker doesn't need this workaround. // 一些兼容的处理 if (soname_ == nullptr && this != solist_get_somain() && (flags_ & FLAG_LINKER) == 0 && get_application_target_sdk_version() < __ANDROID_API_M__) { soname_ = basename(realpath_.c_str()); DL_WARN_documented_change(__ANDROID_API_M__, "missing-soname-enforced-for-api-level-23", "/"%s/" has no DT_SONAME (will use %s instead)", get_realpath(), soname_); // Don't call add_dlwarning because a missing DT_SONAME isn't important enough to show in the UI } return true;}soinfo::link_image
进入到动态链接环节,读取重定位信息,对内存进行修复工作
bool soinfo::link_image(const soinfo_list_t &global_group, const soinfo_list_t &local_group, const android_dlextinfo *extinfo, size_t *relro_fd_offset) { if (is_image_linked()) { // already linked. return true; } local_group_root_ = local_group.front(); if (local_group_root_ == nullptr) { local_group_root_ = this; } if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) { target_sdk_version_ = get_application_target_sdk_version(); } VersionTracker version_tracker; if (!version_tracker.init(this)) { return false; }#if !defined(__LP64__) //DT_TEXTREL if (has_text_relocations) { // Fail if app is targeting M or above. // 如果应用程序的目标是M或以上,则return false int app_target_api_level = get_application_target_sdk_version(); if (app_target_api_level >= __ANDROID_API_M__) { return false; } // Make segments writable to allow text relocations to work properly. We will later call // phdr_table_protect_segments() after all of them are applied. // 取消segments权限保护 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { return false; } } // DT_ANDROID_REL if (android_relocs_ != nullptr) { ..... } // DT_RELR if (relr_ != nullptr) { if (!relocate_relr()) { return false; } }#if defined(USE_RELA) ......#else // DT_REL if (rel_ != nullptr) { if (!relocate(version_tracker, plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { return false; } } //DT_JMPREL if (plt_rel_ != nullptr) { if (!relocate(version_tracker, plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { return false; } }#endif... DEBUG("[ finished linking %s ]", get_realpath());#if !defined(__LP64__) if (has_text_relocations) { // All relocations are done, we can protect our segments back to read-only. // 所有重定位已经完成,给segment恢复保护权限 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { return false; } }#endif .... notify_gdb_of_load(this); set_image_linked(); return true;}关于调试
为了方便,可将linker的日志开启,方便研究
adb shell setprop debug.ld.all dlerror,dlopen总结
至此,整个加载过程算是完成。
elf信息的读取:这块需要对elf格式有个很清晰的了解
elf加载:本质就是将需要load的segment加载进内存,其实最终就是一个mmap函数,也就是把elf文件的某段位置加载进内存,注意下对齐,和权限问题即可
动态链接:其实就是对elf进行一些修复工作,通过重定位表进行,因为前面工作已经将所有elf加载进了内存,所以很好找到每个函数和变量的地址,故而修复工作就简单了
elf加载完后,其实就是elf的初始化,也就是init_array以及JNI_OnLoad的调用,在此不做阐述,想了解的同学自行百度
文章为个人研究输出,望各位大佬批评指正
..
赞一下
返回首页
广告
- 0