How to load library defined symbols to a specified location?

Question

The test is on Ubuntu 12.04, 32-bit, with gcc 4.6.3.

Basically I am doing some binary manipulation work on ELF binaries, and what I have to do now is to assemble a assembly program and guarantee the libc symbols are loaded to a predefined address by me.

Let me elaborate it in an simple example.

Suppose in the original code, libc symbols stdout@GLIBC_2.0 is used.

#include <stdio.h>
int main() {
    FILE* fout = stdout;
    fprintf( fout, "hello\n" );
}

When I compile it and check the symbol address using these commands:

gcc main.c
readelf -s a.out | grep stdout

I got this:

0804a020     4 OBJECT  GLOBAL DEFAULT   25 stdout@GLIBC_2.0 (2)
0804a020     4 OBJECT  GLOBAL DEFAULT   25 stdout@@GLIBC_2.0

and the .bss section is like this:

  readelf -S a.out | grep bss
  [25] .bss              NOBITS          0804a020 001014 00000c 00  WA  0   0 32

Now what I am trying to do is to load the stdout symbol in a predefined address, so I did this:

echo "stdout = 0x804a024;" > symbolfile
gcc -Wl,--just-symbols=symbolfile  main.c

Then when I check the .bss section and symbol stdout, I got this:

 [25] .bss              NOBITS          0804a014 001014 000008 00  WA  0   0  4


4: 0804a024     0 NOTYPE  GLOBAL DEFAULT  ABS stdout
49: 0804a024     0 NOTYPE  GLOBAL DEFAULT  ABS stdout

1. It seems that I didn't successfully load the symbol stdout@@GLIBC_2.0, but just a wired stdout. (I tried to write stdout@@GLIBC_2.0 in symbolfile, but it can't compile... )

2. It seems that as I didn't make it, the beginning address of .bss section has also changed, which makes the address of stdout symbol in a non-section area. During runtime, it throws a segmentation fault when loading from 0x804a024.

Could anyone help me on how to successfully load the library symbol at a predefined address? Thanks!