I get the entry point with readelf -h:
Entry point address: 0x8048400
Debugging with gdb and Intel syntax:
(gdb) x/13i 0x8048400
0x8048400 <_start>: xor ebp,ebp
0x8048402 <_start+2>: pop esi
0x8048403 <_start+3>: mov ecx,esp
0x8048405 <_start+5>: and esp,0xfffffff0
0x8048408 <_start+8>: push eax
0x8048409 <_start+9>: push esp
0x804840a <_start+10>: push edx
0x804840b <_start+11>: push 0x8048590
0x8048410 <_start+16>: push 0x8048520
0x8048415 <_start+21>: push ecx
0x8048416 <_start+22>: push esi
0x8048417 <_start+23>: push 0x80484b4
0x804841c <_start+28>: call 0x80483e0 <__libc_start_main@plt>
0x80484b4, the address of my main function, is pushed on the stack.
(gdb) x/1i 0x80483e0
0x80483e0 <__libc_start_main@plt>: jmp DWORD PTR ds:0x8049800
What is happening here? When I jump to 0x8049800 I get the following result:
(gdb) x/9i 0x8049800
0x8049800 <[email protected]>: out 0x83,al
0x8049802 <[email protected]+2>: add al,0x8
0x8049804 <[email protected]>: test BYTE PTR [ebx+0x804],0x0
0x804980b <data_start+3>: add BYTE PTR [eax],al
0x804980d: add BYTE PTR [eax],al
0x804980f: add BYTE PTR [eax],al
0x8049811 <dtor_idx.5525+1>: add BYTE PTR [eax],al
0x8049813 <dtor_idx.5525+3>: .byte 0x0
0x8049814: Cannot access memory at address 0x8049814
I don't know how process continues. Can you help me?
I found a nice blog article about the topic: https://web.archive.org/web/20130325140610/http://bharathi.posterous.com/bash-prompt-to-main-call
Short answer: __libc_start_main() is a libc function, which calls the main function (and does a lot of other things). The address will be linked at startup (see BlackBears link), that's why following the steps from the program entry to the main function by static debugging isn't possible.
But you can figure out the address of the main function through the push before __libc_start_main is called.
0x8048417 <_start+23>: push 0x80484b4
@BlackBear: Thank you for the link!