I am disassembling a very simple ELF program (Linux x86).
With IDA PRO software I see
So you mean stdout and stderr should always be at the same memory address in .bss
The offset from start of
stderr is determined at static link time.
The address of start of
.bss is subject to ASLR (heap placement randomization). Thus, for a given binary, the address of
stdout may change from run to run.
how IDA pro knows this item in .bss is stdout or stderr
The only way it can know is via the symbol table. You should see it in output from:
readelf -Ws ./a.out | egrep 'stdout|stderr' nm ./a.out | egrep 'stdout|stderr' nm -D ./a.out | egrep 'stdout|stderr'
but what happens if symbol table is stripped
There are two cases to consider: fully-static link, and dynamic link.
In the fully-static case, all references to
stderr can be completely removed, and IDA pro will not know where
In the dynamically-linked case, there are two symbol tables: the "regular" one (displayed by
nm) and the dynamic one (displayed by
nm -D). Strip will remove only the regular symbol table (because removing dynamic symbol table makes no sense -- the executable will not run without it). IDA pro can then use the dynamic symbol table entry for
stderr to tell where that symbol is.