Menu
I'm struggling with mapping addresses to their symbols for debugging purposes (getting the callstack). The MS dbghelp.dll can tell the symbol from an address (see SymFromAddr, MSDN). However, it doesn't work and I wonder how this could ever work, because addresses seem to change with every run of the program:
#include <iostream>
void Foo() {}
int _tmain(int argc, _TCHAR* argv[])
{
const long unsigned int addr = reinterpret_cast<long unsigned int>(&Foo);
std::cout << "Address: " << std::hex << addr << std::endl;
return 0;
}
Output:
D:\dev\Sandbox\Debug>Sandbox.exe
Address: 901320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: ce1320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: 3a1320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: 3f1320
How could a different program ever read address like from a stacktrace and map it to functions? This sounds like magic to me. I didn't find anything in the linked documentation which says I would have to subtract something from the address or whatever.
In my understanding since we overcome the real-mode every process has a virtual memory space anyway, so no need to roll the dice for a load address any more. I would understand uncertainties of absolute address in case of DLLs, but not the main executable.
Tried on Win7 with VS2008.
656
Address Space Layout Randomization
64
Because your code is compiled to use Address Space Layout Randomization, which makes code less vulnerable to attacks from "StackOverflows".
If you really want to change that, there is a linker option for that.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
