0

My C code like this, i just want to get PLT printf address, but readelf -s can't.

#include <stdio.h>

int main()
{
    printf("hello. %p\n", main);
    printf("hello. %p\n", printf);
}

Compile and run:

$ gcc main.c
$ ./a.out
hello. main:   0x401126
hello. printf: 0x401030

Prog print printf's address 0x401030, actually, the address 0x401030 is plt item. like objdump -d shows.

$ objdump -d a.out | more

[...]

Disassembly of section .plt:

0000000000401020 <.plt>:
  401020:   ff 35 e2 2f 00 00       pushq  0x2fe2(%rip)        # 404008 <_GLOBAL_OFFSET_TABLE_+0x8>
  401026:   ff 25 e4 2f 00 00       jmpq   *0x2fe4(%rip)        # 404010 <_GLOBAL_OFFSET_TABLE_+0x10>
  40102c:   0f 1f 40 00             nopl   0x0(%rax)

0000000000401030 <printf@plt>:
  401030:   ff 25 e2 2f 00 00       jmpq   *0x2fe2(%rip)        # 404018 <printf@GLIBC_2.2.5>
  401036:   68 00 00 00 00          pushq  $0x0
  40103b:   e9 e0 ff ff ff          jmpq   401020 <.plt>

[...]

Disassembly of section .text:

[...]

0000000000401126 <main>:
  401126:   55                      push   %rbp
  401127:   48 89 e5                mov    %rsp,%rbp
  40112a:   be 26 11 40 00          mov    $0x401126,%esi
  40112f:   bf 10 20 40 00          mov    $0x402010,%edi
  401134:   b8 00 00 00 00          mov    $0x0,%eax
  401139:   e8 f2 fe ff ff          callq  401030 <printf@plt>
  40113e:   be 30 10 40 00          mov    $0x401030,%esi
  401143:   bf 23 20 40 00          mov    $0x402023,%edi
  401148:   b8 00 00 00 00          mov    $0x0,%eax
  40114d:   e8 de fe ff ff          callq  401030 <printf@plt>
  401152:   b8 00 00 00 00          mov    $0x0,%eax
  401157:   5d                      pop    %rbp
  401158:   c3                      retq

The problem is, how should i get 401030 of printf by parse ELF file.

Rtoax
  • 1
  • 1
  • In [Read plt section of ELF binary and print function virtual address](https://stackoverflow.com/questions/30629085/read-plt-section-of-elf-binary-and-print-function-virtual-address) the first answer tell, `ASLR`(Adress Space Layout Randomization) can't get the value anyway, however, i got `401030`(above) from `objdump -d` and print `401030` in C code. – Rtoax Sep 27 '22 at 01:47
  • What's the problem? It seems that your program is doing exactly what you want it to be doing. – Michael M. Sep 27 '22 at 01:49
  • In this simple demo `readelf -s` can get `401030`, however, in some complex situation, `objdump -d` can get `403030`, but, `readelf -s` get nothing. – Rtoax Sep 27 '22 at 02:00
  • I got it, my question is, how should i get `401030` of `printf` by parse ELF file – Rtoax Sep 27 '22 at 02:06
  • It's right there in this line: `0000000000401030 :`. 401030 is the only non-zero digits. – Michael M. Sep 27 '22 at 02:07
  • Yes, of course `objdump` can get it, how objdump get the value, i want know parse procedure detail. – Rtoax Sep 27 '22 at 02:14

0 Answers0