How is it that main function is always loaded at the same address whereas variables have different address most of the time?

Question

I wrote this small program today and I was blown away by the results. Here is the program

int main(int argc, char **argv)
{
 int a;
 printf("\n\tMain is located at: %p and the variable a is located at address: %p",main,&a);
 return 0;
}

on my machine the main function is always loaded at address "0x80483d4" and the address of the variable keeps on varying How does this happen? I read in operating systems that as a part of virtualization scheme the OS keeps relocating the address of instructions. So why is it that everytime I run this program that main is loaded at the same address?

thanks in advance guys.

Answer 1

On ELF systems such as Linux, the addresses at which the segments of normal executable files (ELF type ET_EXEC) load are fixed at compile time. Shared objects (ELF type ET_DYN) such as libraries are built to be position-independent, with their segments loadable anywhere in the address space (potentially with some restrictions on some architectures). It is possible to build executables such that they are actually ET_DYN -- these are known as "position-independent executables" (PIE), but is not a common technique.

What you are seeing is the fact that your main() function is in the fixed-address text segment of your compiled executable. Try also printing the address of a library function such as printf() after locating it via dlsym() -- if your system does support and have enabled address space layout randomization (ASLR), then you should see the address of that function change from run to run of your program. (If you just print the address of the library function by putting the reference directly in your code, what you may actually get is the address of the function's procedure lookup table (PLT) trampoline, which is statically compiled at a fixed address in your executable.)

The variable you see change address from run-to-run because it is an automatic variable created on the stack, not in statically allocated memory. Depending on OS and version, the address of the base of the stack may shift from run to run even without ASLR. If you move the variable declaration to be a global outside of your function, you see it behave the same way your main() function does.

Here's a full example -- compile with something like gcc -o example example.c -dl:

#include <stdio.h>
#include <dlfcn.h>

int a = 0;

int main(int argc, char **argv)
{
    int b = 0;
    void *handle = dlopen(NULL, RTLD_LAZY);
    printf("&main: %p; &a: %p\n", &main, &a);
    printf("&printf: %p; &b: %p\n", dlsym(handle, "printf"), &b);
    return 0;
}