0

Here the concise c code:

#include <stdio.h>
int main()
{
    printf("abcdefg\n");
    return 0;
}

when I open it with ollydbg, and then type E (executable module), right click the a module and select 'view executable file'. it will show the below window: enter image description here

However, when I ctrl + B search for the 'printf', I got three result (ctrl + L will find the next)

My question is:

  • In my code is only one 'printf' function, why can I find 3 'printf' in the ollydbg.
Courage
  • 543
  • 5
  • 25
  • you are viewing the executable file, it includes symbol tabel, section names, and so on (read about elf file structure), so one instance is the function symbol name, also I assume you are using shared library `printf` so probably you have a relocation symbol, and if you compile with debug information than probably a debug symbol – izac89 Sep 29 '18 at 17:26

1 Answers1

0

My guess is, when you include stdio.h it must contain more occurrences of printf string, compiled source is not only your source but also everything you include.

I don't think names of functions should be included in the binary file (but I'm not an expert), I think only reason they are there is you compile it with debugging options on. You can check it easily by compiling the binary without debugger on and checking the executable with some hex editor.

I recommend to study how compilers work?. The link I sent might be good place to start and study.

Marek
  • 1,413
  • 2
  • 20
  • 36
  • thanks Mare, But checking the executable file only ONE 'printf' whcihc hex is '7072 696e 7466' . your suggest is valuable. and why one 'printf' is in Executable file by the contrast three 'printf' in ollydbg. – Courage Sep 29 '18 at 07:01