Stripped binary shows "_cxa_finalize" instead of "libc_start_main"

Question

Why stripped binary shows _cxa_finalize instead of libc_start_main?

I am trying to locate and disassemble main() in a very simple C program on Linux (Ubuntu). The binary is stripped. Below you can see disassembly (not stripped) vs disassembly (stripped) of the same instructions.

Question: what is _cxa_finalize in the stripped version? Why is libc_start_main is replaced by _cxa_finalize?

Not stripped:

106d:   48 8d 3d c1 00 00 00    lea    rdi,[rip+0xc1]        # 1135 <main>

1074:   ff 15 66 2f 00 00       call   QWORD PTR [rip+0x2f66]        # 3fe0 <__libc_start_main@GLIBC_2.2.5>

Stripped:

106d:   48 8d 3d c1 00 00 00    lea    rdi,[rip+0xc1]        # 1135 <__cxa_finalize@plt+0xf5>

1074:   ff 15 66 2f 00 00       call   QWORD PTR [rip+0x2f66]        # 3fe0 <__cxa_finalize@plt+0x2fa0>

Answer 1

It's not __cxa_finalize. It's __cxa_finalize@plt+0xf5 and __cxa_finalize@plt+0x2fa0 (notice the significant offsets). The disassembler has no information about the symbol main or __libc_start_main because you removed the symbol table, but for technical reasons it is still aware of the symbols assocated with PLT thunks (because they're needed for binding at dynamic linking time, and the disassembler probably falls back to using that information when it lacks s symbol table). In general, the disassembler works backward from an address until it finds an address named by a symbol, and assumes (wrongly, here) that the address being disassembled is part of that function.