I am disassembling a very simple ELF program (Linux x86).
With IDA PRO software I see stdout and stderr in .bss-section.
And I haven’t found anything that sets the values of stdout or stderr.
How does it work?
Сan stdout and stderr be null?
Advertisement
Answer
So you mean stdout and stderr should always be at the same memory address in .bss
The offset from start of .bss to stdout and stderr is determined at static link time.
The address of start of .bss is subject to ASLR (heap placement randomization). Thus, for a given binary, the address of stdout may change from run to run.
how IDA pro knows this item in .bss is stdout or stderr
The only way it can know is via the symbol table. You should see it in output from:
readelf -Ws ./a.out | egrep 'stdout|stderr' nm ./a.out | egrep 'stdout|stderr' nm -D ./a.out | egrep 'stdout|stderr'
Update:
but what happens if symbol table is stripped
There are two cases to consider: fully-static link, and dynamic link.
In the fully-static case, all references to stderr can be completely removed, and IDA pro will not know where stderr is.
In the dynamically-linked case, there are two symbol tables: the “regular” one (displayed by nm) and the dynamic one (displayed by nm -D). Strip will remove only the regular symbol table (because removing dynamic symbol table makes no sense — the executable will not run without it). IDA pro can then use the dynamic symbol table entry for stderr to tell where that symbol is.