共享库的初始化和~初始化函数分析
转载时请注明出处:http://blog.csdn.net/absurd/
Win32下可以通过DllMain来初始化和~初始化动态库,而Linux下则没有与之完全对应的函数,但可以通过一些方法模拟它的部分功能。有人会说,很简单,实现_init/_fini两个函数就行了。好,我们来看看事实是不是这样的。
很多资料上都说可以利用_init/_fini来实现,而我从来没有测试成功过,原因是这两个函数都已经被gcc占用了。比如:
test.c
编译结果:
[root@localhost soinit]# gcc -g test.c -shared -o libtest.so
/tmp/cc4DUw68.o(.text+0x0): In function `_init':
/work/test/soinit/test.c:5: multiple definition of `_init'
/usr/lib/gcc/i386-redhat-linux/4.0.0/http://www.cnblogs.com/../crti.o(.init+0x0): first defined here
/tmp/cc4DUw68.o(.text+0x1d): In function `_fini':
/work/test/soinit/test.c:10: multiple definition of `_fini'
/usr/lib/gcc/i386-redhat-linux/4.0.0/http://www.cnblogs.com/../crti.o(.fini+0x0): first defined here
collect2: ld returned 1 exit status
由此可见,这两个符号已经被编译器的脚手架代码占用了,我们不能再使用。编译器用这两个函数做什么?我们能不能抢占这两个函数,不用编译器提供的,而用我们自己的呢?先看看这两个的实现:
00000594 <_fini>:
594: 55 push %ebp
595: 89 e5 mov %esp,%ebp
597: 53 push %ebx
598: 50 push %eax
599: e8 00 00 00 00 call 59e <_fini+0xa>
59e: 5b pop %ebx
59f: 81 c3 02 11 00 00 add $0x1102,%ebx
5a5: e8 de fe ff ff call 488 <__do_global_dtors_aux>
5aa: 58 pop %eax
5ab: 5b pop %ebx
5ac: c9 leave
5ad: c3 ret
0000041c <_init>:
41c: 55 push %ebp
41d: 89 e5 mov %esp,%ebp
41f: 83 ec 08 sub $0x8,%esp
422: e8 3d 00 00 00 call 464 <call_gmon_start>
427: e8 b8 00 00 00 call 4e4 <frame_dummy>
42c: e8 2b 01 00 00 call 55c <__do_global_ctors_aux>
431: c9 leave
432: c3 ret
从以上代码中可以看出,这两个函数是用来初始化/~初始化全局变量/对象的,抢占这两个函数可能导致初始化/~初始化全局变量/对象出错。所以不能再打_init/_fini的主意,那怎么办呢?
使用全局对象
test.cpp
测试结果:
[root@localhost soinit]# ./t.exe
InitFini
~InitFini
那么这两个函数是怎么被调用的呢?我们在gdb里看看:
Breakpoint 3, InitFini (this=0xa507bc) at test.cpp:7
7 printf("%s\n", __func__);
Current language: auto; currently c++
(gdb) bt
#0 InitFini (this=0xa507bc) at test.cpp:7
#1 0x00a4f5e0 in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at test.cpp:15
#2 0x00a4f611 in global constructors keyed to test () at test.cpp:21
#3 0x00a4f66a in __do_global_ctors_aux () from ./libtest.so
#4 0x00a4f4a9 in _init () from ./libtest.so
#5 0x002c8b4b in call_init () from /lib/ld-linux.so.2
#6 0x002c8c4a in _dl_init_internal () from /lib/ld-linux.so.2
#7 0x002bb83f in _dl_start_user () from /lib/ld-linux.so.2
Breakpoint 4, ~InitFini (this=0x0) at test.cpp:9
9 ~InitFini()
(gdb) bt
#0 ~InitFini (this=0x0) at test.cpp:9
#1 0x00a4f5b3 in __tcf_0 () at test.cpp:15
#2 0x00303e6f in __cxa_finalize () from /lib/libc.so.6
#3 0x00a4f532 in __do_global_dtors_aux () from ./libtest.so
#4 0x00a4f692 in _fini () from ./libtest.so
#5 0x002c9058 in _dl_fini () from /lib/ld-linux.so.2
#6 0x00303c69 in exit () from /lib/libc.so.6
#7 0x002eddee in __libc_start_main () from /lib/libc.so.6
#8 0x080483b5 in _start ()
从以上信息可以看出,正是从_init/_fini两个函数调用过来的。
使用gcc扩展
毫无疑问,以上方法可行,但是在C++中才行。而C语言中,根本没有构造和析构函数。怎么办呢?这时我们可以使用gcc的扩展:
测试结果:
[root@localhost soinit]# ./t.exe
test_init
test_fini
我们不防也看看这两个函数是怎么被调到的:
Breakpoint 3, test_init () at test.c:6
6 printf("%s\n", __func__);
(gdb) bt
#0 test_init () at test.c:6
#1 0x00860586 in __do_global_ctors_aux () from ./libtest.so
#2 0x00860439 in _init () from ./libtest.so
#3 0x002c8b4b in call_init () from /lib/ld-linux.so.2
#4 0x002c8c4a in _dl_init_internal () from /lib/ld-linux.so.2
#5 0x002bb83f in _dl_start_user () from /lib/ld-linux.so.2
(gdb) c
Breakpoint 4, test_fini () at test.c:11
11 printf("%s\n", __func__);
(gdb) bt
#0 test_fini () at test.c:11
#1 0x008604d3 in __do_global_dtors_aux () from ./libtest.so
#2 0x008605ae in _fini () from ./libtest.so
#3 0x002c9058 in _dl_fini () from /lib/ld-linux.so.2
#4 0x00303c69 in exit () from /lib/libc.so.6
#5 0x002eddee in __libc_start_main () from /lib/libc.so.6
#6 0x080483b5 in _start ()
从以上信息可以看出,也是从_init/_fini两个函数调用过来的。
总结:正如一些资料上所说的,在linux下,_init/_fini是共享库的初始化和~初始化函数。但这两个函数是给gcc用的,我们不能直接使用它们,但可以用本文中提到另外两种方法来实现。
转载时请注明出处:http://blog.csdn.net/absurd/
Win32下可以通过DllMain来初始化和~初始化动态库,而Linux下则没有与之完全对应的函数,但可以通过一些方法模拟它的部分功能。有人会说,很简单,实现_init/_fini两个函数就行了。好,我们来看看事实是不是这样的。
很多资料上都说可以利用_init/_fini来实现,而我从来没有测试成功过,原因是这两个函数都已经被gcc占用了。比如:
test.c
- Code: Select all
#include <stdio.h>
void _init(void)
{
printf("%s", __func__);
}
void _fini(void)
{
printf("%s", __func__);
}
编译结果:
[root@localhost soinit]# gcc -g test.c -shared -o libtest.so
/tmp/cc4DUw68.o(.text+0x0): In function `_init':
/work/test/soinit/test.c:5: multiple definition of `_init'
/usr/lib/gcc/i386-redhat-linux/4.0.0/http://www.cnblogs.com/../crti.o(.init+0x0): first defined here
/tmp/cc4DUw68.o(.text+0x1d): In function `_fini':
/work/test/soinit/test.c:10: multiple definition of `_fini'
/usr/lib/gcc/i386-redhat-linux/4.0.0/http://www.cnblogs.com/../crti.o(.fini+0x0): first defined here
collect2: ld returned 1 exit status
由此可见,这两个符号已经被编译器的脚手架代码占用了,我们不能再使用。编译器用这两个函数做什么?我们能不能抢占这两个函数,不用编译器提供的,而用我们自己的呢?先看看这两个的实现:
00000594 <_fini>:
594: 55 push %ebp
595: 89 e5 mov %esp,%ebp
597: 53 push %ebx
598: 50 push %eax
599: e8 00 00 00 00 call 59e <_fini+0xa>
59e: 5b pop %ebx
59f: 81 c3 02 11 00 00 add $0x1102,%ebx
5a5: e8 de fe ff ff call 488 <__do_global_dtors_aux>
5aa: 58 pop %eax
5ab: 5b pop %ebx
5ac: c9 leave
5ad: c3 ret
0000041c <_init>:
41c: 55 push %ebp
41d: 89 e5 mov %esp,%ebp
41f: 83 ec 08 sub $0x8,%esp
422: e8 3d 00 00 00 call 464 <call_gmon_start>
427: e8 b8 00 00 00 call 4e4 <frame_dummy>
42c: e8 2b 01 00 00 call 55c <__do_global_ctors_aux>
431: c9 leave
432: c3 ret
从以上代码中可以看出,这两个函数是用来初始化/~初始化全局变量/对象的,抢占这两个函数可能导致初始化/~初始化全局变量/对象出错。所以不能再打_init/_fini的主意,那怎么办呢?
使用全局对象
test.cpp
- Code: Select all
#include <stdio.h>
class InitFini
{
public:
InitFini()
{
printf("%s\n", __func__);
}
~InitFini()
{
printf("%s\n", __func__);
}
};
static InitFini aInitFini;
extern "C" int test(int n)
{
return n;
}
Main.c
int test(int n);
int main(int argc, char* argv[])
{
test(1);
return 0;
}
测试结果:
[root@localhost soinit]# ./t.exe
InitFini
~InitFini
那么这两个函数是怎么被调用的呢?我们在gdb里看看:
Breakpoint 3, InitFini (this=0xa507bc) at test.cpp:7
7 printf("%s\n", __func__);
Current language: auto; currently c++
(gdb) bt
#0 InitFini (this=0xa507bc) at test.cpp:7
#1 0x00a4f5e0 in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at test.cpp:15
#2 0x00a4f611 in global constructors keyed to test () at test.cpp:21
#3 0x00a4f66a in __do_global_ctors_aux () from ./libtest.so
#4 0x00a4f4a9 in _init () from ./libtest.so
#5 0x002c8b4b in call_init () from /lib/ld-linux.so.2
#6 0x002c8c4a in _dl_init_internal () from /lib/ld-linux.so.2
#7 0x002bb83f in _dl_start_user () from /lib/ld-linux.so.2
Breakpoint 4, ~InitFini (this=0x0) at test.cpp:9
9 ~InitFini()
(gdb) bt
#0 ~InitFini (this=0x0) at test.cpp:9
#1 0x00a4f5b3 in __tcf_0 () at test.cpp:15
#2 0x00303e6f in __cxa_finalize () from /lib/libc.so.6
#3 0x00a4f532 in __do_global_dtors_aux () from ./libtest.so
#4 0x00a4f692 in _fini () from ./libtest.so
#5 0x002c9058 in _dl_fini () from /lib/ld-linux.so.2
#6 0x00303c69 in exit () from /lib/libc.so.6
#7 0x002eddee in __libc_start_main () from /lib/libc.so.6
#8 0x080483b5 in _start ()
从以上信息可以看出,正是从_init/_fini两个函数调用过来的。
使用gcc扩展
毫无疑问,以上方法可行,但是在C++中才行。而C语言中,根本没有构造和析构函数。怎么办呢?这时我们可以使用gcc的扩展:
- Code: Select all
#include <stdio.h>
__attribute ((constructor)) void test_init(void)
{
printf("%s\n", __func__);
}
__attribute ((destructor)) void test_fini(void)
{
printf("%s\n", __func__);
}
int test(int n)
{
return n;
}
测试结果:
[root@localhost soinit]# ./t.exe
test_init
test_fini
我们不防也看看这两个函数是怎么被调到的:
Breakpoint 3, test_init () at test.c:6
6 printf("%s\n", __func__);
(gdb) bt
#0 test_init () at test.c:6
#1 0x00860586 in __do_global_ctors_aux () from ./libtest.so
#2 0x00860439 in _init () from ./libtest.so
#3 0x002c8b4b in call_init () from /lib/ld-linux.so.2
#4 0x002c8c4a in _dl_init_internal () from /lib/ld-linux.so.2
#5 0x002bb83f in _dl_start_user () from /lib/ld-linux.so.2
(gdb) c
Breakpoint 4, test_fini () at test.c:11
11 printf("%s\n", __func__);
(gdb) bt
#0 test_fini () at test.c:11
#1 0x008604d3 in __do_global_dtors_aux () from ./libtest.so
#2 0x008605ae in _fini () from ./libtest.so
#3 0x002c9058 in _dl_fini () from /lib/ld-linux.so.2
#4 0x00303c69 in exit () from /lib/libc.so.6
#5 0x002eddee in __libc_start_main () from /lib/libc.so.6
#6 0x080483b5 in _start ()
从以上信息可以看出,也是从_init/_fini两个函数调用过来的。
总结:正如一些资料上所说的,在linux下,_init/_fini是共享库的初始化和~初始化函数。但这两个函数是给gcc用的,我们不能直接使用它们,但可以用本文中提到另外两种方法来实现。