1

I have this code written in "Visual studio community edition" in main.cpp and built a release version called Test.exe

#include <iostream>

int main()
{
    int i = 0;
    i++;
    std::string s;

    std::cout << "Hello World" << i << std::endl;

    std::cout << "Hello World1" << std::endl;
    std::cin >> s;
    std::cout << s  << std::endl;
}

When I load it up in Ghidra the 0x140001290 but when load same binary in x64dbg I see the address 0x00007FF777311290 see picture enter image description here

here are the threads (just incase) enter image description here

Update: Added file that show link to main.cpp: enter image description here

Here is the code with rows: enter image description here

Question: How come these addresses are diffrent in Ghidra compare to x64dbg?

rajesh.khanna
  • 43
  • 4
  • They are not stopped at the same code. Left shows it at main(), right shows it at the C runtime initialization code. The true start address of a program built with MSVC++. Which eventually calls main(). – Hans Passant May 01 '23 at 19:36
  • How to get to address 0x140001290? In Options->Preferences have only "entry breakpoint*" Im not avabile to break at it. But thought this was same address just that it was loaded into memory at wrong place. – rajesh.khanna May 01 '23 at 19:46
  • because aslr. Ghidra show address based on `ImageBase` from `IMAGE_OPTIONAL_HEADER64` and windows relocated PE to random base – RbMm May 01 '23 at 20:00
  • Ok, thanks for the tips about ASLR (Address space layout randomization). I found this video that explains way of turning it off https://youtu.be/DGX7oZvdmT0 I will test it. – rajesh.khanna May 01 '23 at 20:33

1 Answers1

2

Because of ASLR, program will be loaded into randomized base address.

Here are some tips to overcome the problem that x64dbg and Ghidra showing different address:

Inndy Lin
  • 21
  • 2