-1

I'm new in it fields, recently I played a bit with debugger and disassemblers. Looking at the binary inside hopper tool I noticed that we have memory addressesaassigned to it statically. My question is: why if the operating systems manage the memory (that change the address of functions etc every time I run a binary) we have also a static memory addresses in a binary(?) pratical example:

Open the binary in hopper and show that a printf is at address 0x11ed, next run the program in gdb and obviously we have the printf at different address. Is the compiler that assign static address to the binary and why? Any recommended resources to know more?

user3782573
  • 95
  • 1
  • 8
  • You might want to check for "virtual addresses", see https://stackoverflow.com/questions/9414565/understanding-virtual-address-and-virtual-address-space – Progman Jun 23 '19 at 15:58

1 Answers1

0

There are two different things that seem like they are confusing you.

  1. The difference between virtual addresses and real memory addresses. Processes are assigned their own address space starting at 0. This has no relationship to real memory address 0. The mapping is managed by the OS, generally with hardware assistance from a 'memory management unit'. This part of my answer addresses the part of the question about 'operating systems managing memory'.

  2. Dynamically-loaded libraries. An address may be relative to such a library; the mapping from library-relative address to virtual address is assigned at the time the library is loaded into an address space. Language runtime libraries are often distributed as dynamically-loaded shared libraries. This likely accounts for the difference in address between running your program standalone versus under the debugger. I don't know what 'hopper' is so I can't say exactly what it's showing you.

  • Thanks a lot for the explanation another-dave, I was missing that part of virtual addresses, but I'm still confused about what the addresses of instructions refer to in a disassasembler (like Ida hoppers, etc.) since we open a file in a disassembler is not a process because it's not running but is a statical analyzed. What I understood is that almost everything happens at runtime. – user3782573 Jun 23 '19 at 16:31