Assume this c code:
int main(){
return 0;
}
Compiled using gcc under a normal running linux machine, and running objdump -d on the output shows the following:
00000000004004cd <main>:
4004cd: 55 push %rbp
4004ce: 48 89 e5 mov %rsp,%rbp
4004d1: b8 00 00 00 00 mov $0x0,%eax
...
I can easily set breakpoints in gdb using the 0x4004cd address.
Doing the same in a Docker container has weird memory addresses on the left (5fa) side and I can't breakpoint on them. Why is this happening?
00000000000005fa <main>:
5fa: 55 push %rbp
5fb: 48 89 e5 mov %rsp,%rbp
5fe: b8 00 00 00 00 mov $0x0,%eax
Why is this happening?
The compiler in your Docker container is configured to build position-independent executables by default.
You can verify this by running file a.out, which should show ELF 64-bit LSB pie executable in docker, and ELF 64-bit LSB executable, x86-64 outside of it.
You can disable building PIE with: gcc -no-pie -fno-pie ....
I can't breakpoint on them
You can't breakpoint on instruction at 0x5fa because that's not the address at which the binary actually runs. Instead, do this:
(gdb) start
(gdb) disas main
Above command will show you where the binary was relocated at runtime, and you should now be able to set breakpoints on relocated addresses.