<div dir="ltr"><div>A guess: Fedora has ASLR enabled. Debian doesn't. GDB turns off ASLR (<a href="https://outflux.net/blog/archives/2010/07/03/gdb-turns-off-aslr/">https://outflux.net/blog/archives/2010/07/03/gdb-turns-off-aslr/</a>).<br><br></div>M.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-06-02 10:04 GMT-07:00 Igor R <span dir="ltr"><<a href="mailto:boost.lists@gmail.com" target="_blank">boost.lists@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
My plugin logs basic-blocks' and some instructions' addresses, which<br>
belong to the main executable only. I test it with a simple C program<br>
that runs in Debian x86 guest, and the plugin logs the addresses that<br>
I'd expect to see.<br>
Now I tried to test it with the very same 32-bit program that runs in<br>
Fedora x86_64 guest (with glibc.i686 installed), and I was surprised<br>
to discover that the instruction addresses that my plugin sees are<br>
quite different from the ones I see in gdb (or when reversing<br>
statically).<br>
I re-compiled the program for 64 bit, but the addresses are still weird.<br>
OTOH, if I run the program under gdb, while plugin is active, the<br>
addresses are reasonable again.<br>
<br>
That's said, the program seems to be loaded to the expected base<br>
address, because my plugin identifies the target process by<br>
identifying a pre-set "cookie" in its data segment - and it *is*<br>
there.<br>
<br>
What could be the reason for such a behavior?<br>
<br>
Thanks.<br>
_______________________________________________<br>
panda-users mailing list<br>
<a href="mailto:panda-users@mit.edu">panda-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
</blockquote></div><br></div>