printed the address of printf() function and also the pmap of the code...printf()'s address shown to be a part of code seg rather than libc_问答_开发者

printed the address of printf() function and also the pmap of the code...printf()'s address shown to be a part of code seg rather than libc

开发者 https://www.devze.com 2023-02-15 21:22 出处：网络

In my code I tried to print the address of printf() function. 22834:./a.out 002500001372K r-x--/lib/libc-2.12.1.so

相关专题：c pmap

In my code I tried to print the address of printf() function.

22834:   ./a.out
00250000   1372K r-x--  /lib/libc-2.12.1.so
003a7000      8K r----  /lib/libc-2.12.1.so
003a9000      4K rw开发者_Go百科---  /lib/libc-2.12.1.so
003aa000     12K rw---    [ anon ]
00a14000    112K r-x--  /lib/ld-2.12.1.so
00a30000      4K r----  /lib/ld-2.12.1.so
00a31000      4K rw---  /lib/ld-2.12.1.so
00fb9000      4K r-x--    [ anon ]
08048000      4K r-x--  /home/anirudh/Documents/DUMP/a.out
08049000      4K r----  /home/anirudh/Documents/DUMP/a.out
0804a000      4K rw---  /home/anirudh/Documents/DUMP/a.out
08068000    132K rw---    [ anon ]
b7898000      4K rw---    [ anon ]
b78ac000      8K rw---    [ anon ]
bfc9a000    132K rw---    [ stack ]
 total     1808K

Address of the function "printf()" in HEX = 8048408

I was expecting its address to be a part of

00250000 1372K r-x-- /lib/libc-2.12.1.so rather than as shown that its code is in this section 08048000 4K r-x-- /home/anirudh/Documents/DUMP/a.out i.e code segment of my code.

I even tried printing the address of a few more functions like getpid() and scanf() but they were all shown to be part of my program's code segment rather than the libc-2.12.1.so

What is the reason for this ?. Thanks in advance.

Look at the code that is at the printf address; it is probably just an indirect jump or call that calls into libc. Typically, calls to shared libraries are turned into references to a dispatch function that is patched with (or looks up) the actual address where printf was loaded. If you run readelf -a on your executable and look for the address where you found printf, it will probably be marked as a relocation to be pointed to the actual address in libc.

Not sure, but it can be that you are printing the chunk that does the actual printf call?

Like, when you call a symbol that has to be resolved at dynamic link time there has to be some code there, like a trampoline or something like that, so when you call it the resolution happens and the actual library call gets called.