0

I have compiled a simple hello world c code with gcc -fpie test.c, and now looking at the binary using objdump:

Disassembly of section __TEXT,__text:
__text:
100000f40:  55                      pushq   %rbp
100000f41:  48 89 e5                movq    %rsp, %rbp
100000f44:  48 83 ec 10             subq    $16, %rsp
100000f48:  89 7d fc                movl    %edi, -4(%rbp)
100000f4b:  8b 75 fc                movl    -4(%rbp), %esi
100000f4e:  48 8d 3d 5d 00 00 00    leaq    93(%rip), %rdi
100000f55:  b0 00                   movb    $0, %al
...

Are these virtual (runtime) addresses considering I have compiled with -fpie? what are they used for if code is position independent.

If I remove the fpie I do get the same addresses on the left, and I'm assuming they are virtual addresses where these instructions will be loaded to correct?

Marco Bonelli
  • 63,369
  • 21
  • 118
  • 128
Josh
  • 21
  • 1
  • 1
    Most of the times there is no point in using `-fpie` as GCC produces PIE by default. Try compiling with `-fno-pie` instead. – Marco Bonelli Aug 28 '19 at 12:30
  • but Im trying to see why we still have memory addresses in pie mode – Josh Aug 28 '19 at 12:30
  • Also, you can tell if an EFL is position independent using the `file` command: for a position independent ELF it will say `ELF Shared Object`, for a normal executable it will say `ELF Executable`. – Marco Bonelli Aug 28 '19 at 12:30
  • You don't have memory addresses in PIE mode, those will change when you start the program. What you are seeing are relative addresses. – Marco Bonelli Aug 28 '19 at 12:31
  • Well there must be a base address for the code to start. Then the "position independent" resolution will be a simple "add offset to all addresses". – Some programmer dude Aug 28 '19 at 12:31

1 Answers1

3

In a PIE (Position Independent Executable), those "addresses" are actually just relative offsets from the base virtual address of your program. When the program is launched, it will be loaded into memory by the kernel loader at some 0x<base_addr>, and your __text section in this case will be at 0x<base_addr> + 0x100000f40.

Note that the base virtual address will change for every execution if you have ASLR (address space layout randomization) enabled, which on any modern system is enabled by default.

Marco Bonelli
  • 63,369
  • 21
  • 118
  • 128
  • but they are still virtual memory addresses right? on runtime they get added with a constant offset? and i'm guessing in "no-pie" mode there is no offset and they get loaded at the exact address location? – Josh Aug 28 '19 at 12:36
  • Hi @Josh, if this correctly answered your question, please accept it by clicking the green tick on the top left, so that this post can be marked as solved. – Marco Bonelli Aug 29 '19 at 17:33