A good intro but doesn't go in depth enough, and it glosses over the interface between user and kernel mode.<p>Particularly, in modern Linux binaries, syscalls are not hardcoded as int instructions, but are dynamically mapped via a "virtual DSO" mechanism to the best instruction for the current architecture (int 80, or syscall/sysenter).<p>Also, in practice, the ELF would be dynamically linking to libc, and libc would be making the calls.
United857 is right. This totally gives a false impression that regular C code I write will use syscall instead of functions that exist in libc that are dynamically mapped in using the plt. My C code will never say int 0x80<p>Otherwise this I'd quite good. Helps people make the connection between Hello World in rodata and how it gets used
Very nice, too bad there are a few typos.
For example, the "write" function arguments are not ordered correctly and it's using the wrong line terminator. It should be:<p><pre><code> write(STDOUT, "Hello World!\n", len("Hello World!\n"));</code></pre>
FYI it's now available in professional-looking version <a href="http://i.imgur.com/m6kL4Lv.png" rel="nofollow">http://i.imgur.com/m6kL4Lv.png</a> and booklet <a href="https://speakerdeck.com/ange/elf101-a-linux-executable-walkthrough" rel="nofollow">https://speakerdeck.com/ange/elf101-a-linux-executable-walkt...</a> .
What does the number 101 refer to? It doesn't seem to be a version number. The diagram nicely expands ELF to Executable and Linkable Format but no explanation of the number.