In my code I tried to print the address of printf() function.
22834: ./a.out
00250000 1372K r-x-- /lib/libc-2.12.1.so
003a7000 8K r---- /lib/libc-2.12.1.so
003a9000 4K rw开发者_Go百科--- /lib/libc-2.12.1.so
003aa000 12K rw--- [ anon ]
00a14000 112K r-x-- /lib/ld-2.12.1.so
00a30000 4K r---- /lib/ld-2.12.1.so
00a31000 4K rw--- /lib/ld-2.12.1.so
00fb9000 4K r-x-- [ anon ]
08048000 4K r-x-- /home/anirudh/Documents/DUMP/a.out
08049000 4K r---- /home/anirudh/Documents/DUMP/a.out
0804a000 4K rw--- /home/anirudh/Documents/DUMP/a.out
08068000 132K rw--- [ anon ]
b7898000 4K rw--- [ anon ]
b78ac000 8K rw--- [ anon ]
bfc9a000 132K rw--- [ stack ]
total 1808K
Address of the function "printf()" in HEX = 8048408
I was expecting its address to be a part of
00250000 1372K r-x-- /lib/libc-2.12.1.so
rather than as shown that its code is in this section
08048000 4K r-x-- /home/anirudh/Documents/DUMP/a.out
i.e code segment of my code.
I even tried printing the address of a few more functions like getpid()
and scanf()
but they were all shown to be part of my program's code segment rather than the libc-2.12.1.so
What is the reason for this ?. Thanks in advance.
Look at the code that is at the printf
address; it is probably just an indirect jump or call that calls into libc
. Typically, calls to shared libraries are turned into references to a dispatch function that is patched with (or looks up) the actual address where printf
was loaded. If you run readelf -a
on your executable and look for the address where you found printf
, it will probably be marked as a relocation to be pointed to the actual address in libc
.
Not sure, but it can be that you are printing the chunk that does the actual printf call?
Like, when you call a symbol that has to be resolved at dynamic link time there has to be some code there, like a trampoline or something like that, so when you call it the resolution happens and the actual library call gets called.
精彩评论