Search code examples
clinkergnudisassemblyobject-files

Differences in disassembly of an object and executable file


Basically, I used objdump -D to dis-assemble an object file and an ELF file. The major difference I see between the two is that.

I see the instructions in the object file (of the individual segments) have an address that starts with 0. Hence the consecutive addresses of are offset by a certain value, probably depending upon the length of the op-code corresponding to that specific instruction.

Disassembly of section .text:
00000000 <main>:
0:   8d 4c 24 04             lea    0x4(%esp),%ecx
4:   83 e4 f0                and    $0xfffffff0,%esp
7:   ff 71 fc                pushl  -0x4(%ecx)      
a:   55                      push   %ebp            

On the other hand, for an ELF fine I see a 32-bit address space for the instructions.Also If I print the address of main in my program. It is equivalent to the address in my dis-assembled ELF.

08048394 <main>:
8048394:       8d 4c 24 04             lea    0x4(%esp),%ecx
8048398:       83 e4 f0                and    $0xfffffff0,%esp
804839b:       ff 71 fc                pushl  -0x4(%ecx)
804839e:       55                      push   %ebp

The questions here are.

  • What does the addresses in ELF file actually refer to?
  • How does the linker compute them?

Solution

  • The ELF file contains code linked together against the preferred load address of the executable (and you can change the preference through linker options). The addresses you're seeing are computed by objdump against that address, which is part of the ELF format.

    The object-code has no load address (yet) because it isn't linked into a loadable image. Once it is stitched together with linker (along with the rest of the object code and shared object references) the final output moves all that code into position against the preferred load address (sort of... the loader is what actually does this when the ELF image is loaded for execution). Suggested further reading (and there are a TON of links out there)