Bob5421 Bob5421 - 7 months ago 43
Linux Question

How does elf-loader knows the address of stderr and stdout

I am disassembling a very simple ELF program (Linux x86).

With IDA PRO software I see

And I haven't found anything that sets the values of
How does it work?

be null?


So you mean stdout and stderr should always be at the same memory address in .bss

The offset from start of .bss to stdout and stderr is determined at static link time.

The address of start of .bss is subject to ASLR (heap placement randomization). Thus, for a given binary, the address of stdout may change from run to run.

how IDA pro knows this item in .bss is stdout or stderr

The only way it can know is via the symbol table. You should see it in output from:

readelf -Ws ./a.out | egrep 'stdout|stderr'
nm ./a.out          | egrep 'stdout|stderr'
nm -D ./a.out       | egrep 'stdout|stderr'


but what happens if symbol table is stripped

There are two cases to consider: fully-static link, and dynamic link.

In the fully-static case, all references to stderr can be completely removed, and IDA pro will not know where stderr is.

In the dynamically-linked case, there are two symbol tables: the "regular" one (displayed by nm) and the dynamic one (displayed by nm -D). Strip will remove only the regular symbol table (because removing dynamic symbol table makes no sense -- the executable will not run without it). IDA pro can then use the dynamic symbol table entry for stderr to tell where that symbol is.