Let’s suppose i have an elf 32 or 64 bits binary executable. This binary has been compiled with pic/pie options.
That’s mean all functions are mapped at a random address in memory.
What should i do if à need to make instrumentation or reverse engineering on this kind of binary ?
Is there a way to hook linux binary loader in order to always give the same addresses ?
Thanks
That’s mean all functions are mapped at a random address in memory.
No, it doesn't mean that.
With address randomization enabled, the PIE binary will be loaded at a random base address from run to run, but all functions and data will move together.
That is, if &foo == 0x12345600 and &bar == 0x12345700 in one execution, then the delta between them will always be 0x100 in subsequent executions (until the binary is relinked).
Is there a way to hook linux binary loader in order to always give the same addresses ?
There are several ways:
echo 0 > /proc/sys/kernel/randomize_va_spacesetarch ... -R a.out