Here is a Assembly code fragment:
jmp short getadd
shellcode:
pop esi
xor eax, eax
mov byte [esi+9], al
push dword esi
call 0x8048300
; adress found by deassmembling a c program for printf
xor eax,eax
mov al,0
xor ebx,ebx
int 0x80
getadd:
call shellcode
db "nice job!"
But after dumping the object I found:
Disassembly of section .text:
00000000 <shellcode-0x2>:
0: eb 14 jmp 16 <getadd>
00000002 <shellcode>:
2: 5e pop %esi
3: 31 c0 xor %eax,%eax
5: 88 46 09 mov %al,0x9(%esi)
8: 56 push %esi
9: e8 fc 82 04 08 call 804830a <getadd+0x80482f4>
e: 31 c0 xor %eax,%eax
10: b0 00 mov $0x0,%al
12: 31 db xor %ebx,%ebx
14: cd 80 int $0x80
00000016 <mycall>:
16: e8 e7 ff ff ff call 2 <shellcode>
1b: 6e outsb %ds:(%esi),(%dx)
1c: 69 63 65 20 6a 6f 62 imul $0x626f6a20,0x65(%ebx),%esp
23: 21 .byte 0x21
Why the address changed from 0x8048300 to 804830a?
Time to bust out the Intel Instruction Set Reference!
E8 is CALL rel32 :
Call near, relative, displacement relative to next instruction.
That means you're not calling the absolute address 0x8048300, rather you're calling to an address at some displacement from where you are right now (actually from the next instruction).
If you want to call to an absolute address, you need to be using the FF Call r/m32 (call to register or memory address) form.
mov eax, 0x8048300
call eax