0

my function name is overwriteFunc, and trying to print function address &overwriteFunc.

I am trying to get function address on ARM64 v8,which returns me a address like this:

Dump of assembler code for function _ZN4test13overwriteFuncEiml@plt:

0x0000000000423a90 <+0>:    adrp    x16, 0x513000
0x0000000000423a94 <+4>:    ldr     x17, [x16,#1640]
0x0000000000423a98 <+8>:    add     x16, x16, #0x668
0x0000000000423a9c <+12>:    br     x17

0x423A90 is not the real function address. it jumps to real function overwriteFunc at the last instruction(x17 contains the real function address). Does anyone know why this happens? why ARM has to branch twice instead of once?

Ðаn
  • 10,934
  • 11
  • 59
  • 95
Qiyang Li
  • 109
  • 2
  • 9
  • the real address of overwriteFunc is another address. ARM jump to that address at last instruction : br x17 – Qiyang Li Aug 25 '21 at 12:27
  • 2
    The `@plt` (procedure linkage table) gives it away: you're looking at a stub function used for lazy library loading. See [Why does the PLT exist in addition to the GOT, instead of just using the GOT?](https://stackoverflow.com/questions/43048932/why-does-the-plt-exist-in-addition-to-the-got-instead-of-just-using-the-got) – Botje Aug 25 '21 at 12:47
  • is there anyone to find real absolute virtual address of my function in GOT Global Offset Table? should I read another .so or elf file? – Qiyang Li Aug 25 '21 at 14:06
  • Yes. Another file is expected to provide the function. – Botje Aug 25 '21 at 15:10

0 Answers0