1

I am diving into Reverse Engineering, which is really fun.

I have a question however: why the addresses of instructions I get from GDB and Objdump are the same?

Shouldn't the binary be loaded at a different address every time?

Thank you. Julien

  • 4
    Traditionally, binaries are loaded to fixed addresses on Unix. You can have binaries whose load address is only determined at runtime, this is called PIE (position independent executable). – fuz May 29 '18 at 23:49
  • 3
    ... and every process gets its own virtual address space, so fixed addresses do not create a risk of address collisions. – John Bollinger May 30 '18 at 00:10
  • Yes you are both right actually, I did not think about the address space. Thank you for your answers guys. – Julien Séveno-Piltant May 30 '18 at 12:52

1 Answers1

3

GDB disables ASLR by default. If you set disable-randomization off, then a PIE executable (Position Indepdent) will load at a randomized address even when you run it from inside GDB.

See 32-bit absolute addresses no longer allowed in x86-64 Linux? for more about PIE.

Position-dependent executables are always loaded at the same address, and only their stack address can be randomized. The code+data can hard-code addresses as 32-bit absolute, and they don't contain relocation info for every place where that was done. (e.g. like mov $string, %edi ; call puts).

Look at gcc's code-gen for Hello World with/without -fPIE on the Godbolt compiler explorer.

.LC0:
    .string "Hello World!"
main:
    lea     rdi, .LC0[rip]     # RIP-relative with -fPIE
    sub     rsp, 8
    call    puts@PLT
    xor     eax, eax
    add     rsp, 8
    ret

but with -fno-PIE (the default on Godbolt, often not the default on modern Linux distros), you get mov edi, OFFSET FLAT:.LC0, a 32-bit absolute address.

(The rest of the code is the same, except it emits call puts and lets the linker convert that to call puts@PLT. Use -fno-plt to inline an indirect call through the GOT address.)

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847