4

I am beginning to get into the reverse engineering and am using IDA Pro and am working on deassembling a binary.

I am trying to find the memory address for the main function of the C program I am working with.

However, I see that there is a function in IDA for: main and for __libc_start_main

I have read this post but I am afraid I still don't understand. Can someone help me understand the differences between the two, and which one is which?

Thanks!

artemis
  • 6,857
  • 11
  • 46
  • 99

1 Answers1

4

__libc_start_main is called first, and it invokes main. The former is part of the platform and does some initialization that most people don't even realize is happening, such preparing the threading system. The latter is the entry point of the user program and contains the "regular" code.

John Zwinck
  • 239,568
  • 38
  • 324
  • 436
  • For example, would one of the things `__libc_start_main` do is link any of the `include` files, since that happens before the my `main` function in my code? – artemis Jun 08 '19 at 04:32
  • No, the loading of dynamically linked libraries happens elsewhere (but also before `main`). – John Zwinck Jun 08 '19 at 04:37
  • Can you give an example of one of things "...that most people don't even realize is happening.", just to expand on the answer, and then I can accept =) – artemis Jun 08 '19 at 04:39
  • It probably does some other critical things like initialize your stack pointer. And if `main` returns, `__libc_start_main` exits with the return value as the status. – Tom Karzes Jun 08 '19 at 05:36