[panda-users] Strange PCs in 64 bit Linux guest
Manolis Stamatogiannakis
mstamat at gmail.com
Tue Jun 2 15:20:06 EDT 2015
A guess: Fedora has ASLR enabled. Debian doesn't. GDB turns off ASLR (
https://outflux.net/blog/archives/2010/07/03/gdb-turns-off-aslr/).
M.
2015-06-02 10:04 GMT-07:00 Igor R <boost.lists at gmail.com>:
> Hello,
>
> My plugin logs basic-blocks' and some instructions' addresses, which
> belong to the main executable only. I test it with a simple C program
> that runs in Debian x86 guest, and the plugin logs the addresses that
> I'd expect to see.
> Now I tried to test it with the very same 32-bit program that runs in
> Fedora x86_64 guest (with glibc.i686 installed), and I was surprised
> to discover that the instruction addresses that my plugin sees are
> quite different from the ones I see in gdb (or when reversing
> statically).
> I re-compiled the program for 64 bit, but the addresses are still weird.
> OTOH, if I run the program under gdb, while plugin is active, the
> addresses are reasonable again.
>
> That's said, the program seems to be loaded to the expected base
> address, because my plugin identifies the target process by
> identifying a pre-set "cookie" in its data segment - and it *is*
> there.
>
> What could be the reason for such a behavior?
>
> Thanks.
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150602/6463a176/attachment.htm
More information about the panda-users
mailing list