I'm learning how a linker works on Linux. I'm told that a linker will generate some symbols for an executable file, such as __executable_start, which is the address where the program starts.
Also, I've known that there was a "Entry point address" in the ELF file.
So I don't know what the difference between them is.
I wrote a simple code below:
#include <stdio.h>
extern char __executable_start[];
int main()
{
printf("Executable Start %X\n", __executable_start);
return 0;
}
I compile it with GCC and get an executable file named a.out.
When I execute it, it gives me Executable Start 4CEDA000.
Then I execute the command readelf -h a.out and the output about the Entry point is Entry point address: 0x540
Well, obviously, 0x540 and 4CEDA000 are totally different.
The symbol __executable_start is not the entry point, but the beginning of the .text section. The symbol _start_ is indeed the entry point.
In your case, the symbol _start is located at 4CEDA540 at runtime. This is, because the binary can be loaded at some random place for security reasons (PIE), so the entry point is only stored relative to the offset of the (randomly located at runtime by ASLR) .text section in the binary. This is, why only 540 is shown by readelf.