I've been writing a simple ELF parser program to take an ELF 64bit binary and run it.
My program seems to work on programs written in Assembly, but when trying to run it on a simple C program it doesn't work.
When running the C program within my ELF parser it should be working fine: the assembly my parser executes matches the assembly of _start. But when I run the C program (outside of my ELF parser) it starts from a different set of assembly instructions (which are also marked as _start on GDB)
I'm confused on whats going on. Doesn't an executable always start executing from the entry point specified on the ELF?
If needed I can include the C program and the assemblies (of both what my parser executes and what the C program executes)
Doesn't an executable always start executing from the entry point specified on the ELF?
A statically linked program does.
A dynamically linked program does not. The kernel mmaps the program and the dynamic loader (aka ELF program interpreter), then passes control to the _start in the dynamic loader.
It is then the job of the dynamic loader to mmap all other needed shared libraries, perform necessary relocations, initialize them, and finally transfer control the _start in the main executable.
So for a dynamically linked executable, there could be thousands of instructions executed before the main executable's _start is invoked.
it starts from a different set of assembly instructions (which are also marked as _start on GDB)
You should look at where that _start is from. It should look something like:
(gdb) info sym $pc
_start in section .text of /lib64/ld-linux-x86-64.so.2
(gdb)
Here ld-linux-x86-64.so.2 is the dynamic loader.