// This log follows through the creation and execution of a simplest program // made of two C compilation units that are compiled separately and then linked // together. The linking is driven by their symbol tables---created by the compiler // while processing each unit separately and then consumed by the linker as it // links the separately-compiled object (.o) files. // Reminder: cat is Unix utility that concatenates files to stdout. Here I use it // to simply display files, but it can be used to concatenate many files into one. ubuntu@secunda:~/glob$ cat glob.c int G = 57; // no code in this file, just one global variable ubuntu@secunda:~/glob$ cat use-glob.c #include extern int G; // Global variable allocated elsewhere. When compiling this, // just assume it is described in the symbol table of one of // the object files provided to the linker. Else, the linker will error out. int main(){ printf("%p\n", &G); return G; } ubuntu@secunda:~/glob$ gcc -Wall -S glob.c ubuntu@secunda:~/glob$ cat glob.s .arch armv8-a .file "glob.c" .text <<--- .text section starts here. It's empty .global G .data <<--- .data section starts here .align 2 .type G, %object <<--- This will show as OBJECT type in the symbol table .size G, 4 <<--- it's a 4-byte integer. Signed or unsigned? The linker doesn't know or care. It's up to the compiler to make sure only signed or unsigned comparisons are used accordingly (thanks to 2's complement magic, arithmetic is the same for both signed or unsigned) G: .word 57 <<--- This leads the assembler to emit the actual bytes of 0x39 00 00 00 .ident "GCC: (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0" <<--- "GCC made this/was here" .section .note.GNU-stack,"",@progbits ubuntu@secunda:~/glob$ gcc -c glob.s ubuntu@secunda:~/glob$ readelf -aW glob.o ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 <<-- causes file(1) to recognize this Class: ELF64 Data: 2's complement, little endian <<--- expect this encoding of integers Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: REL (Relocatable file) <<--- .o file Machine: AArch64 <<--- and this assembly Version: 0x1 Entry point address: 0x0 <<--- not relevant for .o Start of program headers: 0 (bytes into file) Start of section headers: 416 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 0 (bytes) Number of program headers: 0 Size of section headers: 64 (bytes) Number of section headers: 9 Section header string table index: 8 Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 [ 1] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 1 <<-- empty [ 2] .data PROGBITS 0000000000000000 000040 000004 00 WA 0 0 4 <<-- 4 bytes, our G [ 3] .bss NOBITS 0000000000000000 000044 000000 00 WA 0 0 1 <<-- no global uninitialized C variables [ 4] .comment PROGBITS 0000000000000000 000044 00002c 01 MS 0 0 1 [ 5] .note.GNU-stack PROGBITS 0000000000000000 000070 000000 00 0 0 1 [ 6] .symtab SYMTAB 0000000000000000 000070 0000d8 18 7 8 8 <<-- each symbol entry is 0x18 = 24 bytes, 9 entries make 216 bytes, exactly the length of this section, 0x148-0x70 = 0xd8 = 216 [ 7] .strtab STRTAB 0000000000000000 000148 00000d 00 0 0 1 [ 8] .shstrtab STRTAB 0000000000000000 000155 000045 00 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), D (mbind), p (processor specific) There are no section groups in this file. There are no program headers in this file. There is no dynamic section in this file. There are no relocations in this file. The decoding of unwind sections for machine type AArch64 is not currently supported. Symbol table '.symtab' contains 9 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND <<-- always 0, by convention 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS glob.c <<-- name of file 2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 .text <<-- section name 3: 0000000000000000 0 SECTION LOCAL DEFAULT 2 .data <<-- section name 4: 0000000000000000 0 SECTION LOCAL DEFAULT 3 .bss <<-- section name 5: 0000000000000000 0 NOTYPE LOCAL DEFAULT 2 $d 6: 0000000000000000 0 SECTION LOCAL DEFAULT 5 .note.GNU-stack 7: 0000000000000000 0 SECTION LOCAL DEFAULT 4 .comment 8: 0000000000000000 4 OBJECT GLOBAL DEFAULT 2 G <<-- our global variable's name No version information found in this file. ubuntu@secunda:~/glob$ gcc -S use-glob.c ubuntu@secunda:~/glob$ cat use-glob.s .arch armv8-a .file "use-glob.c" .text .section .rodata <<--- section reserved for read-only data .align 3 .LC0: .string "%p\n" <<--- format string .text .align 2 .global main .type main, %function main: .LFB0: .cfi_startproc stp x29, x30, [sp, -16]! .cfi_def_cfa_offset 16 .cfi_offset 29, -16 .cfi_offset 30, -8 mov x29, sp adrp x0, :got:G <<--- this will point to the start of the page with the Global Offset Table (GOT, a.k.a. .got as a section name) ldr x1, [x0, #:got_lo12:G] <<--- the lower 12 bits, the offset of G's entry in GOT adrp x0, .LC0 <<--- the address of the "%p\n" format string, page part add x0, x0, :lo12:.LC0 <<--- and in-page offset bl printf adrp x0, :got:G ldr x0, [x0, #:got_lo12:G] ldr w0, [x0] ldp x29, x30, [sp], 16 .cfi_restore 30 .cfi_restore 29 .cfi_def_cfa_offset 0 ret .cfi_endproc .LFE0: .size main, .-main .ident "GCC: (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0" .section .note.GNU-stack,"",@progbits ubuntu@secunda:~/glob$ gcc -c use-glob.s ubuntu@secunda:~/glob$ gcc -o ug glob.o use-glob.o ubuntu@secunda:~/glob$ ./ug ; echo $? 0xaaaabb541010 <<-- the address G got on this run 57 ubuntu@secunda:~/glob$ ./ug ; echo $? 0xaaaacafd1010 <<--- different address for G on this run, ASLR in action 57 ubuntu@secunda:~/glob$ gdb ug GNU gdb (Ubuntu 12.1-0ubuntu1~22.04.2) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "aarch64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ug... (No debugging symbols found in ug) (gdb) dis main Bad breakpoint number 'main' // This is _before_ the executable is loaded, so GDB interprets the file offsets, not actual memory addresses (gdb) disas main Dump of assembler code for function main: 0x0000000000000794 <+0>: stp x29, x30, [sp, #-16]! 0x0000000000000798 <+4>: mov x29, sp 0x000000000000079c <+8>: adrp x0, 0x10000 <<--- GDB decodes this as 0x10000 to be added to the PC of this instruction, with its lower 12 bits (0x000) forced to 0s 0x00000000000007a0 <+12>: ldr x1, [x0, #4072] <<--- G's address will be found at the above page address + 4072 0x00000000000007a4 <+16>: adrp x0, 0x0 <<--- and this is where the format string is: same 4K page, much closer than G's address in GOT 0x00000000000007a8 <+20>: add x0, x0, #0x7e0 0x00000000000007ac <+24>: bl 0x650 0x00000000000007b0 <+28>: adrp x0, 0x10000 0x00000000000007b4 <+32>: ldr x0, [x0, #4072] 0x00000000000007b8 <+36>: ldr w0, [x0] <<--- G's address in x0, now we fetch G's integer value 0x00000000000007bc <+40>: ldp x29, x30, [sp], #16 0x00000000000007c0 <+44>: ret End of assembler dump. (gdb) x/10bi main 0x794
: stp x29, x30, [sp, #-16]! 0x798 : mov x29, sp 0x79c : adrp x0, 0x10000 0x7a0 : ldr x1, [x0, #4072] 0x7a4 : adrp x0, 0x0 0x7a8 : add x0, x0, #0x7e0 0x7ac : bl 0x650 0x7b0 : adrp x0, 0x10000 0x7b4 : ldr x0, [x0, #4072] 0x7b8 : ldr w0, [x0] // Same, with the actual bits of binary encoded instructions (gdb) disas/r main Dump of assembler code for function main: 0x0000000000000794 <+0>: fd 7b bf a9 stp x29, x30, [sp, #-16]! 0x0000000000000798 <+4>: fd 03 00 91 mov x29, sp 0x000000000000079c <+8>: 80 00 00 90 adrp x0, 0x10000 ^^^^^^^^^^^ <<--- this is 0x90000080 as an instruction to decode. See below, note the byte order!! 0x00000000000007a0 <+12>: 01 f4 47 f9 ldr x1, [x0, #4072] 0x00000000000007a4 <+16>: 00 00 00 90 adrp x0, 0x0 0x00000000000007a8 <+20>: 00 80 1f 91 add x0, x0, #0x7e0 0x00000000000007ac <+24>: a9 ff ff 97 bl 0x650 0x00000000000007b0 <+28>: 80 00 00 90 adrp x0, 0x10000 0x00000000000007b4 <+32>: 00 f4 47 f9 ldr x0, [x0, #4072] 0x00000000000007b8 <+36>: 00 00 40 b9 ldr w0, [x0] 0x00000000000007bc <+40>: fd 7b c1 a8 ldp x29, x30, [sp], #16 0x00000000000007c0 <+44>: c0 03 5f d6 ret End of assembler dump. (gdb) b main Breakpoint 1 at 0x7a0 // Once we run it, the loader will actually load the executable's code into memory, // and we will see where it got loaded---and what the PC-relative offsets are. (gdb) r Starting program: /home/ubuntu/glob/ug [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". Breakpoint 1, 0x0000aaaaaaaa07a0 in main () (gdb) disas/r main Dump of assembler code for function main: 0x0000aaaaaaaa0794 <+0>: fd 7b bf a9 stp x29, x30, [sp, #-16]! 0x0000aaaaaaaa0798 <+4>: fd 03 00 91 mov x29, sp 0x0000aaaaaaaa079c <+8>: 80 00 00 90 adrp x0, 0xaaaaaaab0000 <<--- top of GOT/.got => 0x0000aaaaaaaa07a0 <+12>: 01 f4 47 f9 ldr x1, [x0, #4072] 0x0000aaaaaaaa07a4 <+16>: 00 00 00 90 adrp x0, 0xaaaaaaaa0000 <<--- top of .rodata 0x0000aaaaaaaa07a8 <+20>: 00 80 1f 91 add x0, x0, #0x7e0 0x0000aaaaaaaa07ac <+24>: a9 ff ff 97 bl 0xaaaaaaaa0650 0x0000aaaaaaaa07b0 <+28>: 80 00 00 90 adrp x0, 0xaaaaaaab0000 <<--- top of GOT/.got 0x0000aaaaaaaa07b4 <+32>: 00 f4 47 f9 ldr x0, [x0, #4072] <<--- offset of G's address 0x0000aaaaaaaa07b8 <+36>: 00 00 40 b9 ldr w0, [x0] <<--- integer value of G, fetched from G's address in GOT 0x0000aaaaaaaa07bc <+40>: fd 7b c1 a8 ldp x29, x30, [sp], #16 0x0000aaaaaaaa07c0 <+44>: c0 03 5f d6 ret End of assembler dump. (gdb) p 0xaaaaaaaa0000+16*4096 $1 = 187649984495616 <<-- ahem, I actually need a hex address (gdb) p/x 0xaaaaaaaa0000+16*4096 $2 = 0xaaaaaaab0000 <<-- OK, the hex address of the top of GOT (gdb) p/x 0xaaaaaaab0000+4072 $3 = 0xaaaaaaab0fe8 <<-- G's address is stored here in GOT (gdb) x/x 0xaaaaaaab0000+4072 0xaaaaaaab0fe8: 0xaaab1010 <<-- oops, we need a 64-bit address (gdb) x/g 0xaaaaaaab0000+4072 0xaaaaaaab0fe8: 0x0000aaaaaaab1010 <<-- this is it (gdb) x/w 0x0000aaaaaaab1010 0xaaaaaaab1010 : 0x00000039 <<-- and we find int 57 there. Indeed, the world is sane. What a relief! (gdb) quit A debugging session is active. Inferior 1 [process 31409] will be killed. Quit anyway? (y or n) y ------------[ Intermission on Generative AI decoding AArch64 instructions ]--------- So GDB's "disas/r main" showed me "80 00 00 90" for the bits of "adrp x0, 0x10000". The actual instruction is 0x90000080, when read properly in little-endian byte order. (Incidentally, LLDB's "disas -b -n main" shows it properly as 0x90000080 as a word, but GDB just gave the bytes as it saw them in memory.) I wanted to see how this instruction was encoded. A nice cheat sheet for bitwise encoding is at https://kitoslab-eng.blogspot.com/2012/10/armv8-aarch64-instruction-encoding.html In a bit of a rush, I pasted "decode aarch 64 instruction 80 00 00 90" into perplexity.ai The result was https://www.perplexity.ai/search/decode-aarch6-i-mBqjW3lFT5.A5N4u1SHjwg It gave me an almost correct explanation, in which both the opcode and the offsets as shown were wrong, though the instruction was correctly recognized as ADRP. You can check for yourself at the above link what other little mistakes it made. "Exception Syndrome Register (ESR)" is my favorite for now :) ------------[ end intermission ]---------- // Objdump has many options to show contents, symbols, and other elements of binary // executable and object files. Its disassembly style is slightly different: ubuntu@secunda:~/glob$ objdump -d ug ug: file format elf64-littleaarch64 Disassembly of section .init: 00000000000005d0 <_init>: 5d0: d503201f nop 5d4: a9bf7bfd stp x29, x30, [sp, #-16]! 5d8: 910003fd mov x29, sp 5dc: 94000036 bl 6b4 5e0: a8c17bfd ldp x29, x30, [sp], #16 5e4: d65f03c0 ret Disassembly of section .plt: 00000000000005f0 <.plt>: <<---- entry point to the dynamic linker 5f0: a9bf7bf0 stp x16, x30, [sp, #-16]! 5f4: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> 5f8: f947ce11 ldr x17, [x16, #3992] 5fc: 913e6210 add x16, x16, #0xf98 600: d61f0220 br x17 604: d503201f nop 608: d503201f nop 60c: d503201f nop // Stubs for dynamically linked functions, including printf(). The GOT slots are 8 bytes, // will be filled by the dynamic linker 0000000000000610 <__libc_start_main@plt>: 610: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> <<-- GOT table's page 614: f947d211 ldr x17, [x16, #4000] <<--- GOT slot for this stub, 8 bytes 618: 913e8210 add x16, x16, #0xfa0 61c: d61f0220 br x17 0000000000000620 <__cxa_finalize@plt>: 620: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> 624: f947d611 ldr x17, [x16, #4008] <<--- GOT slot for this stub, next 8 bytes 628: 913ea210 add x16, x16, #0xfa8 62c: d61f0220 br x17 0000000000000630 <__gmon_start__@plt>: 630: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> 634: f947da11 ldr x17, [x16, #4016] <<--- GOT slot 638: 913ec210 add x16, x16, #0xfb0 63c: d61f0220 br x17 0000000000000640 : 640: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> 644: f947de11 ldr x17, [x16, #4024] <<--- GOT slot 648: 913ee210 add x16, x16, #0xfb8 64c: d61f0220 br x17 0000000000000650 : <<---- printf 650: 90000090 adrp x16, 10000 <__FRAME_END__+0xf738> 654: f947e211 ldr x17, [x16, #4032] <<--- GOT slot 658: 913f0210 add x16, x16, #0xfc0 65c: d61f0220 br x17 Disassembly of section .text: 0000000000000680 <_start>: <<--- Entry point of execution 680: d503201f nop 684: d280001d mov x29, #0x0 // #0 688: d280001e mov x30, #0x0 // #0 68c: aa0003e5 mov x5, x0 690: f94003e1 ldr x1, [sp] 694: 910023e2 add x2, sp, #0x8 698: 910003e6 mov x6, sp 69c: 90000080 adrp x0, 10000 <__FRAME_END__+0xf738> 6a0: f947f800 ldr x0, [x0, #4080] 6a4: d2800003 mov x3, #0x0 // #0 6a8: d2800004 mov x4, #0x0 // #0 6ac: 97ffffd9 bl 610 <__libc_start_main@plt> <<---- will eventually call main() 6b0: 97ffffe4 bl 640 /// Lots of pieces pulled in from the standard library. Skip down to main for now. 00000000000006b4 : 6b4: 90000080 adrp x0, 10000 <__FRAME_END__+0xf738> 6b8: f947f000 ldr x0, [x0, #4064] 6bc: b4000040 cbz x0, 6c4 6c0: 17ffffdc b 630 <__gmon_start__@plt> 6c4: d65f03c0 ret 6c8: d503201f nop 6cc: d503201f nop 00000000000006d0 : 6d0: b0000080 adrp x0, 11000 <__data_start> 6d4: 91006000 add x0, x0, #0x18 6d8: b0000081 adrp x1, 11000 <__data_start> 6dc: 91006021 add x1, x1, #0x18 6e0: eb00003f cmp x1, x0 6e4: 540000c0 b.eq 6fc // b.none 6e8: 90000081 adrp x1, 10000 <__FRAME_END__+0xf738> 6ec: f947e821 ldr x1, [x1, #4048] 6f0: b4000061 cbz x1, 6fc 6f4: aa0103f0 mov x16, x1 6f8: d61f0200 br x16 6fc: d65f03c0 ret 0000000000000700 : 700: b0000080 adrp x0, 11000 <__data_start> 704: 91006000 add x0, x0, #0x18 708: b0000081 adrp x1, 11000 <__data_start> 70c: 91006021 add x1, x1, #0x18 710: cb000021 sub x1, x1, x0 714: d37ffc22 lsr x2, x1, #63 718: 8b810c41 add x1, x2, x1, asr #3 71c: 9341fc21 asr x1, x1, #1 720: b40000c1 cbz x1, 738 724: 90000082 adrp x2, 10000 <__FRAME_END__+0xf738> 728: f947fc42 ldr x2, [x2, #4088] 72c: b4000062 cbz x2, 738 730: aa0203f0 mov x16, x2 734: d61f0200 br x16 738: d65f03c0 ret 73c: d503201f nop 0000000000000740 <__do_global_dtors_aux>: 740: a9be7bfd stp x29, x30, [sp, #-32]! 744: 910003fd mov x29, sp 748: f9000bf3 str x19, [sp, #16] 74c: b0000093 adrp x19, 11000 <__data_start> 750: 39405260 ldrb w0, [x19, #20] 754: 35000140 cbnz w0, 77c <__do_global_dtors_aux+0x3c> 758: 90000080 adrp x0, 10000 <__FRAME_END__+0xf738> 75c: f947ec00 ldr x0, [x0, #4056] 760: b4000080 cbz x0, 770 <__do_global_dtors_aux+0x30> 764: b0000080 adrp x0, 11000 <__data_start> 768: f9400400 ldr x0, [x0, #8] 76c: 97ffffad bl 620 <__cxa_finalize@plt> 770: 97ffffd8 bl 6d0 774: 52800020 mov w0, #0x1 // #1 778: 39005260 strb w0, [x19, #20] 77c: f9400bf3 ldr x19, [sp, #16] 780: a8c27bfd ldp x29, x30, [sp], #32 784: d65f03c0 ret 788: d503201f nop 78c: d503201f nop 0000000000000790 : 790: 17ffffdc b 700 /// Finally, main(). Objdump tries to guess what's at the memory address /// but sometimes it's not very helpful ("<__FRAME_END__+0xf738>", "<__abi_tag-0x278>") 0000000000000794
: 794: a9bf7bfd stp x29, x30, [sp, #-16]! 798: 910003fd mov x29, sp 79c: 90000080 adrp x0, 10000 <__FRAME_END__+0xf738> <<--- get the address of G 7a0: f947f401 ldr x1, [x0, #4072] <<--- from GOT 7a4: 90000000 adrp x0, 0 <__abi_tag-0x278> <<--- get the format string address 7a8: 911f8000 add x0, x0, #0x7e0 7ac: 97ffffa9 bl 650 7b0: 90000080 adrp x0, 10000 <__FRAME_END__+0xf738> <<--- get the address of G 7b4: f947f400 ldr x0, [x0, #4072] <<--- again 7b8: b9400000 ldr w0, [x0] <<--- and now the int value of G 7bc: a8c17bfd ldp x29, x30, [sp], #16 7c0: d65f03c0 ret Disassembly of section .fini: 00000000000007c4 <_fini>: 7c4: d503201f nop 7c8: a9bf7bfd stp x29, x30, [sp, #-16]! 7cc: 910003fd mov x29, sp 7d0: a8c17bfd ldp x29, x30, [sp], #16 7d4: d65f03c0 ret // Comparing the styles of disassembly. Once the program is loaded, by running // it and getting stopped at the breakpoint at the start of main (), LLDB and GDB // will show the actual addresses. GDB also calculates the page address for ADRP, // since it's relative to the program counter (PC), and it now knows the PC. ubuntu@secunda:~/glob$ lldb ug Traceback (most recent call last): File "", line 1, in ModuleNotFoundError: No module named 'lldb.embedded_interpreter' (lldb) target create "ug" Current executable set to '/home/ubuntu/glob/ug' (aarch64). (lldb) b main Breakpoint 1: where = ug`main, address = 0x0000000000000794 (lldb) r Process 31911 launched: '/home/ubuntu/glob/ug' (aarch64) Process 31911 stopped * thread #1, name = 'ug', stop reason = breakpoint 1.1 frame #0: 0x0000aaaaaaaa0794 ug`main ug`main: -> 0xaaaaaaaa0794 <+0>: stp x29, x30, [sp, #-0x10]! 0xaaaaaaaa0798 <+4>: mov x29, sp 0xaaaaaaaa079c <+8>: adrp x0, 16 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] (lldb) disas -bn main ug`main: -> 0xaaaaaaaa0794 <+0>: 0xa9bf7bfd stp x29, x30, [sp, #-0x10]! 0xaaaaaaaa0798 <+4>: 0x910003fd mov x29, sp 0xaaaaaaaa079c <+8>: 0x90000080 adrp x0, 16 <<--- immediate is decoded as 16 ^^^^^^ <<---- 100 in bits, and then *4 0xaaaaaaaa07a0 <+12>: 0xf947f401 ldr x1, [x0, #0xfe8] <<--- 0xfe8 == 4072 0xaaaaaaaa07a4 <+16>: 0x90000000 adrp x0, 0 <<--- immediate is 0 0xaaaaaaaa07a8 <+20>: 0x911f8000 add x0, x0, #0x7e0 ; + 8 0xaaaaaaaa07ac <+24>: 0x97ffffa9 bl 0xaaaaaaaa0650 ; symbol stub for: printf 0xaaaaaaaa07b0 <+28>: 0x90000080 adrp x0, 16 0xaaaaaaaa07b4 <+32>: 0xf947f400 ldr x0, [x0, #0xfe8] 0xaaaaaaaa07b8 <+36>: 0xb9400000 ldr w0, [x0] 0xaaaaaaaa07bc <+40>: 0xa8c17bfd ldp x29, x30, [sp], #0x10 0xaaaaaaaa07c0 <+44>: 0xd65f03c0 ret (lldb) ^D ubuntu@secunda:~/glob$ gdb ug GNU gdb (Ubuntu 12.1-0ubuntu1~22.04.2) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "aarch64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ug... (No debugging symbols found in ug) (gdb) b main Breakpoint 1 at 0x7a0 (gdb) r Starting program: /home/ubuntu/glob/ug [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". Breakpoint 1, 0x0000aaaaaaaa07a0 in main () (gdb) disas/r main Dump of assembler code for function main: 0x0000aaaaaaaa0794 <+0>: fd 7b bf a9 stp x29, x30, [sp, #-16]! 0x0000aaaaaaaa0798 <+4>: fd 03 00 91 mov x29, sp 0x0000aaaaaaaa079c <+8>: 80 00 00 90 adrp x0, 0xaaaaaaab0000 <<---- resolved page address off the PC, (kill lower 12 bits of 0x0000aaaaaaaa079c, add 16*4096=0x10000) => 0x0000aaaaaaaa07a0 <+12>: 01 f4 47 f9 ldr x1, [x0, #4072] <<---- 4072 is the offset 0x0000aaaaaaaa07a4 <+16>: 00 00 00 90 adrp x0, 0xaaaaaaaa0000 <<---- no immediate, just the start of this page 0x0000aaaaaaaa07a8 <+20>: 00 80 1f 91 add x0, x0, #0x7e0 0x0000aaaaaaaa07ac <+24>: a9 ff ff 97 bl 0xaaaaaaaa0650 0x0000aaaaaaaa07b0 <+28>: 80 00 00 90 adrp x0, 0xaaaaaaab0000 0x0000aaaaaaaa07b4 <+32>: 00 f4 47 f9 ldr x0, [x0, #4072] 0x0000aaaaaaaa07b8 <+36>: 00 00 40 b9 ldr w0, [x0] 0x0000aaaaaaaa07bc <+40>: fd 7b c1 a8 ldp x29, x30, [sp], #16 0x0000aaaaaaaa07c0 <+44>: c0 03 5f d6 ret End of assembler dump. (gdb) x/w 0x0000aaaaaaaa079c 0xaaaaaaaa079c : -1879048064 <<---- oops, need hex (gdb) x/xw 0x0000aaaaaaaa079c 0xaaaaaaaa079c : 0x90000080 <<---- better, here is my instruction (gdb) x/xg 0xaaaaaaab0000+4072 <<---- Let's see the contents of the GOT slot 0xaaaaaaab0fe8: 0x0000aaaaaaab1010 <<---- it's a memory address in .data (gdb) x/xw 0x0000aaaaaaab1010 <<---- and we find the value of G (57 or 0x39) 0xaaaaaaab1010 : 0x00000039 <<---- at that address, as expected! (gdb) [1]+ Stopped gdb ug ======================[ I stopped annotation here, class log below. ]======================= ubuntu@secunda:~/glob$ objdump -t glob.o glob.o: file format elf64-littleaarch64 SYMBOL TABLE: 0000000000000000 l df *ABS* 0000000000000000 glob.c 0000000000000000 l d .text 0000000000000000 .text 0000000000000000 l d .data 0000000000000000 .data 0000000000000000 l d .bss 0000000000000000 .bss 0000000000000000 l d .note.GNU-stack 0000000000000000 .note.GNU-stack 0000000000000000 l d .comment 0000000000000000 .comment 0000000000000000 g O .data 0000000000000004 G ubuntu@secunda:~/glob$ objdump -t ug ug: file format elf64-littleaarch64 SYMBOL TABLE: 0000000000000238 l d .interp 0000000000000000 .interp 0000000000000254 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id 0000000000000278 l d .note.ABI-tag 0000000000000000 .note.ABI-tag 0000000000000298 l d .gnu.hash 0000000000000000 .gnu.hash 00000000000002b8 l d .dynsym 0000000000000000 .dynsym 00000000000003a8 l d .dynstr 0000000000000000 .dynstr 000000000000043c l d .gnu.version 0000000000000000 .gnu.version 0000000000000450 l d .gnu.version_r 0000000000000000 .gnu.version_r 0000000000000480 l d .rela.dyn 0000000000000000 .rela.dyn 0000000000000558 l d .rela.plt 0000000000000000 .rela.plt 00000000000005d0 l d .init 0000000000000000 .init 00000000000005f0 l d .plt 0000000000000000 .plt 0000000000000680 l d .text 0000000000000000 .text 00000000000007c4 l d .fini 0000000000000000 .fini 00000000000007d8 l d .rodata 0000000000000000 .rodata 00000000000007e4 l d .eh_frame_hdr 0000000000000000 .eh_frame_hdr 0000000000000820 l d .eh_frame 0000000000000000 .eh_frame 0000000000010d88 l d .init_array 0000000000000000 .init_array 0000000000010d90 l d .fini_array 0000000000000000 .fini_array 0000000000010d98 l d .dynamic 0000000000000000 .dynamic 0000000000010f88 l d .got 0000000000000000 .got 0000000000011000 l d .data 0000000000000000 .data 0000000000011014 l d .bss 0000000000000000 .bss 0000000000000000 l d .comment 0000000000000000 .comment 0000000000000000 l df *ABS* 0000000000000000 Scrt1.o 0000000000000278 l O .note.ABI-tag 0000000000000020 __abi_tag 0000000000000000 l df *ABS* 0000000000000000 crti.o 00000000000006b4 l F .text 0000000000000014 call_weak_fn 0000000000000000 l df *ABS* 0000000000000000 crtn.o 0000000000000000 l df *ABS* 0000000000000000 crtstuff.c 00000000000006d0 l F .text 0000000000000000 deregister_tm_clones 0000000000000700 l F .text 0000000000000000 register_tm_clones 0000000000000740 l F .text 0000000000000000 __do_global_dtors_aux 0000000000011014 l O .bss 0000000000000001 completed.0 0000000000010d90 l O .fini_array 0000000000000000 __do_global_dtors_aux_fini_array_entry 0000000000000790 l F .text 0000000000000000 frame_dummy 0000000000010d88 l O .init_array 0000000000000000 __frame_dummy_init_array_entry 0000000000000000 l df *ABS* 0000000000000000 glob.c 0000000000000000 l df *ABS* 0000000000000000 use-glob.c 0000000000000000 l df *ABS* 0000000000000000 crtstuff.c 00000000000008c8 l O .eh_frame 0000000000000000 __FRAME_END__ 0000000000000000 l df *ABS* 0000000000000000 0000000000010d98 l O *ABS* 0000000000000000 _DYNAMIC 00000000000007e4 l .eh_frame_hdr 0000000000000000 __GNU_EH_FRAME_HDR 0000000000010fc8 l O *ABS* 0000000000000000 _GLOBAL_OFFSET_TABLE_ 0000000000000000 F *UND* 0000000000000000 __libc_start_main@GLIBC_2.34 0000000000000000 w *UND* 0000000000000000 _ITM_deregisterTMCloneTable 0000000000011000 w .data 0000000000000000 data_start 0000000000011014 g .bss 0000000000000000 __bss_start__ 0000000000000000 w F *UND* 0000000000000000 __cxa_finalize@GLIBC_2.17 0000000000011018 g .bss 0000000000000000 _bss_end__ 0000000000011014 g .data 0000000000000000 _edata 00000000000007c4 g F .fini 0000000000000000 .hidden _fini 0000000000011018 g .bss 0000000000000000 __bss_end__ 0000000000011000 g .data 0000000000000000 __data_start 0000000000000000 w *UND* 0000000000000000 __gmon_start__ 0000000000011008 g O .data 0000000000000000 .hidden __dso_handle 0000000000000000 F *UND* 0000000000000000 abort@GLIBC_2.17 00000000000007d8 g O .rodata 0000000000000004 _IO_stdin_used 0000000000011010 g O .data 0000000000000004 G 0000000000011018 g .bss 0000000000000000 _end 0000000000000680 g F .text 0000000000000034 _start 0000000000011018 g .bss 0000000000000000 __end__ 0000000000011014 g .bss 0000000000000000 __bss_start 0000000000000794 g F .text 0000000000000030 main 0000000000011018 g O .data 0000000000000000 .hidden __TMC_END__ 0000000000000000 w *UND* 0000000000000000 _ITM_registerTMCloneTable 0000000000000000 F *UND* 0000000000000000 printf@GLIBC_2.17 00000000000005d0 g F .init 0000000000000000 .hidden _init ubuntu@secunda:~/glob$ objdump -t ug | grep -i got 0000000000010f88 l d .got 0000000000000000 .got ubuntu@secunda:~/glob$ objdump -s ug ug: file format elf64-littleaarch64 Contents of section .interp: 0238 2f6c6962 2f6c642d 6c696e75 782d6161 /lib/ld-linux-aa 0248 72636836 342e736f 2e3100 rch64.so.1. Contents of section .note.gnu.build-id: 0254 04000000 14000000 03000000 474e5500 ............GNU. 0264 47080dea 3a20ccbc 70b48d4d 1daf996a G...: ..p..M...j 0274 efcc8de2 .... Contents of section .note.ABI-tag: 0278 04000000 10000000 01000000 474e5500 ............GNU. 0288 00000000 03000000 07000000 00000000 ................ Contents of section .gnu.hash: 0298 01000000 01000000 01000000 00000000 ................ 02a8 00000000 00000000 00000000 ............ Contents of section .dynsym: 02b8 00000000 00000000 00000000 00000000 ................ 02c8 00000000 00000000 00000000 03000b00 ................ 02d8 d0050000 00000000 00000000 00000000 ................ 02e8 00000000 03001600 00100100 00000000 ................ 02f8 00000000 00000000 10000000 12000000 ................ 0308 00000000 00000000 00000000 00000000 ................ 0318 4f000000 20000000 00000000 00000000 O... ........... 0328 00000000 00000000 01000000 22000000 ............"... 0338 00000000 00000000 00000000 00000000 ................ 0348 6b000000 20000000 00000000 00000000 k... ........... 0358 00000000 00000000 22000000 12000000 ........"....... 0368 00000000 00000000 00000000 00000000 ................ 0378 7a000000 20000000 00000000 00000000 z... ........... 0388 00000000 00000000 28000000 12000000 ........(....... 0398 00000000 00000000 00000000 00000000 ................ Contents of section .dynstr: 03a8 005f5f63 78615f66 696e616c 697a6500 .__cxa_finalize. 03b8 5f5f6c69 62635f73 74617274 5f6d6169 __libc_start_mai 03c8 6e006162 6f727400 7072696e 7466006c n.abort.printf.l 03d8 6962632e 736f2e36 00474c49 42435f32 ibc.so.6.GLIBC_2 03e8 2e313700 474c4942 435f322e 3334005f .17.GLIBC_2.34._ 03f8 49544d5f 64657265 67697374 6572544d ITM_deregisterTM 0408 436c6f6e 65546162 6c65005f 5f676d6f CloneTable.__gmo 0418 6e5f7374 6172745f 5f005f49 544d5f72 n_start__._ITM_r 0428 65676973 74657254 4d436c6f 6e655461 egisterTMCloneTa 0438 626c6500 ble. Contents of section .gnu.version: 043c 00000000 00000200 01000300 01000300 ................ 044c 01000300 .... Contents of section .gnu.version_r: 0450 01000200 2f000000 10000000 00000000 ..../........... 0460 97919606 00000300 39000000 10000000 ........9....... 0470 b4919606 00000200 44000000 00000000 ........D....... Contents of section .rela.dyn: 0480 880d0100 00000000 03040000 00000000 ................ 0490 90070000 00000000 900d0100 00000000 ................ 04a0 03040000 00000000 40070000 00000000 ........@....... 04b0 e80f0100 00000000 03040000 00000000 ................ 04c0 10100100 00000000 f00f0100 00000000 ................ 04d0 03040000 00000000 94070000 00000000 ................ 04e0 08100100 00000000 03040000 00000000 ................ 04f0 08100100 00000000 d00f0100 00000000 ................ 0500 01040000 04000000 00000000 00000000 ................ 0510 d80f0100 00000000 01040000 05000000 ................ 0520 00000000 00000000 e00f0100 00000000 ................ 0530 01040000 06000000 00000000 00000000 ................ 0540 f80f0100 00000000 01040000 08000000 ................ 0550 00000000 00000000 ........ Contents of section .rela.plt: 0558 a00f0100 00000000 02040000 03000000 ................ 0568 00000000 00000000 a80f0100 00000000 ................ 0578 02040000 05000000 00000000 00000000 ................ 0588 b00f0100 00000000 02040000 06000000 ................ 0598 00000000 00000000 b80f0100 00000000 ................ 05a8 02040000 07000000 00000000 00000000 ................ 05b8 c00f0100 00000000 02040000 09000000 ................ 05c8 00000000 00000000 ........ Contents of section .init: 05d0 1f2003d5 fd7bbfa9 fd030091 36000094 . ...{......6... 05e0 fd7bc1a8 c0035fd6 .{...._. Contents of section .plt: 05f0 f07bbfa9 90000090 11ce47f9 10623e91 .{........G..b>. 0600 20021fd6 1f2003d5 1f2003d5 1f2003d5 .... ... ... .. 0610 90000090 11d247f9 10823e91 20021fd6 ......G...>. ... 0620 90000090 11d647f9 10a23e91 20021fd6 ......G...>. ... 0630 90000090 11da47f9 10c23e91 20021fd6 ......G...>. ... 0640 90000090 11de47f9 10e23e91 20021fd6 ......G...>. ... 0650 90000090 11e247f9 10023f91 20021fd6 ......G...?. ... Contents of section .text: 0680 1f2003d5 1d0080d2 1e0080d2 e50300aa . .............. 0690 e10340f9 e2230091 e6030091 80000090 ..@..#.......... 06a0 00f847f9 030080d2 040080d2 d9ffff97 ..G............. 06b0 e4ffff97 80000090 00f047f9 400000b4 ..........G.@... 06c0 dcffff17 c0035fd6 1f2003d5 1f2003d5 ......_.. ... .. 06d0 800000b0 00600091 810000b0 21600091 .....`......!`.. 06e0 3f0000eb c0000054 81000090 21e847f9 ?......T....!.G. 06f0 610000b4 f00301aa 00021fd6 c0035fd6 a............._. 0700 800000b0 00600091 810000b0 21600091 .....`......!`.. 0710 210000cb 22fc7fd3 410c818b 21fc4193 !..."...A...!.A. 0720 c10000b4 82000090 42fc47f9 620000b4 ........B.G.b... 0730 f00302aa 00021fd6 c0035fd6 1f2003d5 .........._.. .. 0740 fd7bbea9 fd030091 f30b00f9 930000b0 .{.............. 0750 60524039 40010035 80000090 00ec47f9 `R@9@..5......G. 0760 800000b4 800000b0 000440f9 adffff97 ..........@..... 0770 d8ffff97 20008052 60520039 f30b40f9 .... ..R`R.9..@. 0780 fd7bc2a8 c0035fd6 1f2003d5 1f2003d5 .{...._.. ... .. 0790 dcffff17 fd7bbfa9 fd030091 80000090 .....{.......... 07a0 01f447f9 00000090 00801f91 a9ffff97 ..G............. 07b0 80000090 00f447f9 000040b9 fd7bc1a8 ......G...@..{.. 07c0 c0035fd6 .._. Contents of section .fini: 07c4 1f2003d5 fd7bbfa9 fd030091 fd7bc1a8 . ...{.......{.. 07d4 c0035fd6 .._. Contents of section .rodata: 07d8 01000200 00000000 25700a00 ........%p.. Contents of section .eh_frame_hdr: 07e4 011b033b 38000000 06000000 9cfeffff ...;8........... 07f4 50000000 ecfeffff 64000000 1cffffff P.......d....... 0804 78000000 5cffffff 8c000000 acffffff x...\........... 0814 b0000000 b0ffffff c4000000 ............ Contents of section .eh_frame: 0820 10000000 00000000 017a5200 04781e01 .........zR..x.. 0830 1b0c1f00 10000000 18000000 44feffff ............D... 0840 34000000 0041071e 10000000 2c000000 4....A......,... 0850 80feffff 30000000 00000000 10000000 ....0........... 0860 40000000 9cfeffff 3c000000 00000000 @.......<....... 0870 20000000 54000000 c8feffff 48000000 ...T.......H... 0880 00410e20 9d049e03 4293024e deddd30e .A. ....B..N.... 0890 00000000 10000000 78000000 f4feffff ........x....... 08a0 04000000 00000000 1c000000 8c000000 ................ 08b0 e4feffff 30000000 00410e10 9d029e01 ....0....A...... 08c0 4adedd0e 00000000 00000000 J........... Contents of section .init_array: 10d88 90070000 00000000 ........ Contents of section .fini_array: 10d90 40070000 00000000 @....... Contents of section .dynamic: 10d98 01000000 00000000 2f000000 00000000 ......../....... 10da8 0c000000 00000000 d0050000 00000000 ................ 10db8 0d000000 00000000 c4070000 00000000 ................ 10dc8 19000000 00000000 880d0100 00000000 ................ 10dd8 1b000000 00000000 08000000 00000000 ................ 10de8 1a000000 00000000 900d0100 00000000 ................ 10df8 1c000000 00000000 08000000 00000000 ................ 10e08 f5feff6f 00000000 98020000 00000000 ...o............ 10e18 05000000 00000000 a8030000 00000000 ................ 10e28 06000000 00000000 b8020000 00000000 ................ 10e38 0a000000 00000000 94000000 00000000 ................ 10e48 0b000000 00000000 18000000 00000000 ................ 10e58 15000000 00000000 00000000 00000000 ................ 10e68 03000000 00000000 880f0100 00000000 ................ 10e78 02000000 00000000 78000000 00000000 ........x....... 10e88 14000000 00000000 07000000 00000000 ................ 10e98 17000000 00000000 58050000 00000000 ........X....... 10ea8 07000000 00000000 80040000 00000000 ................ 10eb8 08000000 00000000 d8000000 00000000 ................ 10ec8 09000000 00000000 18000000 00000000 ................ 10ed8 1e000000 00000000 08000000 00000000 ................ 10ee8 fbffff6f 00000000 01000008 00000000 ...o............ 10ef8 feffff6f 00000000 50040000 00000000 ...o....P....... 10f08 ffffff6f 00000000 01000000 00000000 ...o............ 10f18 f0ffff6f 00000000 3c040000 00000000 ...o....<....... 10f28 f9ffff6f 00000000 05000000 00000000 ...o............ 10f38 00000000 00000000 00000000 00000000 ................ 10f48 00000000 00000000 00000000 00000000 ................ 10f58 00000000 00000000 00000000 00000000 ................ 10f68 00000000 00000000 00000000 00000000 ................ 10f78 00000000 00000000 00000000 00000000 ................ Contents of section .got: 10f88 00000000 00000000 00000000 00000000 ................ 10f98 00000000 00000000 f0050000 00000000 ................ 10fa8 f0050000 00000000 f0050000 00000000 ................ 10fb8 f0050000 00000000 f0050000 00000000 ................ 10fc8 980d0100 00000000 00000000 00000000 ................ 10fd8 00000000 00000000 00000000 00000000 ................ 10fe8 10100100 00000000 94070000 00000000 ................ 10ff8 00000000 00000000 ........ Contents of section .data: 11000 00000000 00000000 08100100 00000000 ................ 11010 39000000 9... Contents of section .comment: 0000 4743433a 20285562 756e7475 2031312e GCC: (Ubuntu 11. 0010 342e302d 31756275 6e747531 7e32322e 4.0-1ubuntu1~22. 0020 30342920 31312e34 2e3000 04) 11.4.0. =======================[[ Class log starts here ]]======================= ubuntu@secunda:~/glob$ cat glob.c int G = 57; ubuntu@secunda:~/glob$ gcc -Wall -S glob.c ubuntu@secunda:~/glob$ view glob.s ubuntu@secunda:~/glob$ gcc -Wall -c glob.s ubuntu@secunda:~/glob$ ls -ltr total 36 -rw-rw-r-- 1 ubuntu ubuntu 79 Sep 26 08:10 use-glob.c -rw-rw-r-- 1 ubuntu ubuntu 13 Sep 26 08:11 glob.c -rw-rw-r-- 1 ubuntu ubuntu 652 Sep 26 08:19 use-glob.s -rw-rw-r-- 1 ubuntu ubuntu 1736 Sep 26 08:21 use-glob.o -rwxrwxr-x 1 ubuntu ubuntu 8952 Sep 26 08:21 ug -rw-rw-r-- 1 ubuntu ubuntu 201 Sep 26 17:08 glob.s -rw-rw-r-- 1 ubuntu ubuntu 992 Sep 26 17:12 glob.o ubuntu@secunda:~/glob$ xxd glob.o | less ubuntu@secunda:~/glob$ objdump -d glob.o glob.o: file format elf64-littleaarch64 ubuntu@secunda:~/glob$ objdump | grep data Usage: objdump Display information from object . At least one of the following switches must be given: -a, --archive-headers Display archive header information -f, --file-headers Display the contents of the overall file header -p, --private-headers Display object format specific file header contents -P, --private=OPT,OPT... Display object format specific contents -h, --[section-]headers Display the contents of the section headers -x, --all-headers Display the contents of all headers -d, --disassemble Display assembler contents of executable sections -D, --disassemble-all Display assembler contents of all sections --disassemble= Display assembler contents from -S, --source Intermix source code with disassembly --source-comment[=] Prefix lines of source code with -s, --full-contents Display the full contents of all sections requested -g, --debugging Display debug information in object file -e, --debugging-tags Display debug information using ctags style -G, --stabs Display (in raw form) any STABS info in the file -W, --dwarf[a/=abbrev, A/=addr, r/=aranges, c/=cu_index, L/=decodedline, f/=frames, F/=frames-interp, g/=gdb_index, i/=info, o/=loc, m/=macro, p/=pubnames, t/=pubtypes, R/=Ranges, l/=rawline, s/=str, O/=str-offsets, u/=trace_abbrev, T/=trace_aranges, U/=trace_info] Display the contents of DWARF debug sections -Wk,--dwarf=links Display the contents of sections that link to separate debuginfo files -WK,--dwarf=follow-links Follow links to separate debug info files (default) -WN,--dwarf=no-follow-links Do not follow links to separate debug info files -L, --process-links Display the contents of non-debug sections in separate debuginfo files. (Implies -WK) --ctf[=SECTION] Display CTF info from SECTION, (default `.ctf') -t, --syms Display the contents of the symbol table(s) -T, --dynamic-syms Display the contents of the dynamic symbol table -r, --reloc Display the relocation entries in the file -R, --dynamic-reloc Display the dynamic relocation entries in the file @ Read options from -v, --version Display this program's version number -i, --info List object formats and architectures supported -H, --help Display this information ubuntu@secunda:~/glob$ objdump -s glob.o glob.o: file format elf64-littleaarch64 Contents of section .data: 0000 39000000 9... Contents of section .comment: 0000 00474343 3a202855 62756e74 75203131 .GCC: (Ubuntu 11 0010 2e342e30 2d317562 756e7475 317e3232 .4.0-1ubuntu1~22 0020 2e303429 2031312e 342e3000 .04) 11.4.0. ubuntu@secunda:~/glob$ readelf -a glob.o | less ubuntu@secunda:~/glob$ readelf -aW glob.o | less ubuntu@secunda:~/glob$ cat use-glob.c #include extern int G; int main(){ printf("%p\n", &G); return G; } ubuntu@secunda:~/glob$ gcc -Wall -S use-glob.c ubuntu@secunda:~/glob$ view use-glob.s ubuntu@secunda:~/glob$ gcc -Wall -c use-glob.s ubuntu@secunda:~/glob$ objdump -s use-glob.o use-glob.o: file format elf64-littleaarch64 Contents of section .text: 0000 fd7bbfa9 fd030091 00000090 010040f9 .{............@. 0010 00000090 00000091 00000094 00000090 ................ 0020 000040f9 000040b9 fd7bc1a8 c0035fd6 ..@...@..{...._. Contents of section .rodata: 0000 25700a00 %p.. Contents of section .comment: 0000 00474343 3a202855 62756e74 75203131 .GCC: (Ubuntu 11 0010 2e342e30 2d317562 756e7475 317e3232 .4.0-1ubuntu1~22 0020 2e303429 2031312e 342e3000 .04) 11.4.0. Contents of section .eh_frame: 0000 10000000 00000000 017a5200 04781e01 .........zR..x.. 0010 1b0c1f00 20000000 18000000 00000000 .... ........... 0020 30000000 00410e10 9d029e01 4adedd0e 0....A......J... 0030 00000000 00000000 ........ ubuntu@secunda:~/glob$ gcc -o ug glob.o use-glob.o ubuntu@secunda:~/glob$ objdump -s ug ug: file format elf64-littleaarch64 Contents of section .interp: 0238 2f6c6962 2f6c642d 6c696e75 782d6161 /lib/ld-linux-aa 0248 72636836 342e736f 2e3100 rch64.so.1. Contents of section .note.gnu.build-id: 0254 04000000 14000000 03000000 474e5500 ............GNU. 0264 47080dea 3a20ccbc 70b48d4d 1daf996a G...: ..p..M...j 0274 efcc8de2 .... Contents of section .note.ABI-tag: 0278 04000000 10000000 01000000 474e5500 ............GNU. 0288 00000000 03000000 07000000 00000000 ................ Contents of section .gnu.hash: 0298 01000000 01000000 01000000 00000000 ................ 02a8 00000000 00000000 00000000 ............ Contents of section .dynsym: 02b8 00000000 00000000 00000000 00000000 ................ 02c8 00000000 00000000 00000000 03000b00 ................ 02d8 d0050000 00000000 00000000 00000000 ................ 02e8 00000000 03001600 00100100 00000000 ................ 02f8 00000000 00000000 10000000 12000000 ................ 0308 00000000 00000000 00000000 00000000 ................ 0318 4f000000 20000000 00000000 00000000 O... ........... 0328 00000000 00000000 01000000 22000000 ............"... 0338 00000000 00000000 00000000 00000000 ................ 0348 6b000000 20000000 00000000 00000000 k... ........... 0358 00000000 00000000 22000000 12000000 ........"....... 0368 00000000 00000000 00000000 00000000 ................ 0378 7a000000 20000000 00000000 00000000 z... ........... 0388 00000000 00000000 28000000 12000000 ........(....... 0398 00000000 00000000 00000000 00000000 ................ Contents of section .dynstr: 03a8 005f5f63 78615f66 696e616c 697a6500 .__cxa_finalize. 03b8 5f5f6c69 62635f73 74617274 5f6d6169 __libc_start_mai 03c8 6e006162 6f727400 7072696e 7466006c n.abort.printf.l 03d8 6962632e 736f2e36 00474c49 42435f32 ibc.so.6.GLIBC_2 03e8 2e313700 474c4942 435f322e 3334005f .17.GLIBC_2.34._ 03f8 49544d5f 64657265 67697374 6572544d ITM_deregisterTM 0408 436c6f6e 65546162 6c65005f 5f676d6f CloneTable.__gmo 0418 6e5f7374 6172745f 5f005f49 544d5f72 n_start__._ITM_r 0428 65676973 74657254 4d436c6f 6e655461 egisterTMCloneTa 0438 626c6500 ble. Contents of section .gnu.version: 043c 00000000 00000200 01000300 01000300 ................ 044c 01000300 .... Contents of section .gnu.version_r: 0450 01000200 2f000000 10000000 00000000 ..../........... 0460 97919606 00000300 39000000 10000000 ........9....... 0470 b4919606 00000200 44000000 00000000 ........D....... Contents of section .rela.dyn: 0480 880d0100 00000000 03040000 00000000 ................ 0490 90070000 00000000 900d0100 00000000 ................ 04a0 03040000 00000000 40070000 00000000 ........@....... 04b0 e80f0100 00000000 03040000 00000000 ................ 04c0 10100100 00000000 f00f0100 00000000 ................ 04d0 03040000 00000000 94070000 00000000 ................ 04e0 08100100 00000000 03040000 00000000 ................ 04f0 08100100 00000000 d00f0100 00000000 ................ 0500 01040000 04000000 00000000 00000000 ................ 0510 d80f0100 00000000 01040000 05000000 ................ 0520 00000000 00000000 e00f0100 00000000 ................ 0530 01040000 06000000 00000000 00000000 ................ 0540 f80f0100 00000000 01040000 08000000 ................ 0550 00000000 00000000 ........ Contents of section .rela.plt: 0558 a00f0100 00000000 02040000 03000000 ................ 0568 00000000 00000000 a80f0100 00000000 ................ 0578 02040000 05000000 00000000 00000000 ................ 0588 b00f0100 00000000 02040000 06000000 ................ 0598 00000000 00000000 b80f0100 00000000 ................ 05a8 02040000 07000000 00000000 00000000 ................ 05b8 c00f0100 00000000 02040000 09000000 ................ 05c8 00000000 00000000 ........ Contents of section .init: 05d0 1f2003d5 fd7bbfa9 fd030091 36000094 . ...{......6... 05e0 fd7bc1a8 c0035fd6 .{...._. Contents of section .plt: 05f0 f07bbfa9 90000090 11ce47f9 10623e91 .{........G..b>. 0600 20021fd6 1f2003d5 1f2003d5 1f2003d5 .... ... ... .. 0610 90000090 11d247f9 10823e91 20021fd6 ......G...>. ... 0620 90000090 11d647f9 10a23e91 20021fd6 ......G...>. ... 0630 90000090 11da47f9 10c23e91 20021fd6 ......G...>. ... 0640 90000090 11de47f9 10e23e91 20021fd6 ......G...>. ... 0650 90000090 11e247f9 10023f91 20021fd6 ......G...?. ... Contents of section .text: 0680 1f2003d5 1d0080d2 1e0080d2 e50300aa . .............. 0690 e10340f9 e2230091 e6030091 80000090 ..@..#.......... 06a0 00f847f9 030080d2 040080d2 d9ffff97 ..G............. 06b0 e4ffff97 80000090 00f047f9 400000b4 ..........G.@... 06c0 dcffff17 c0035fd6 1f2003d5 1f2003d5 ......_.. ... .. 06d0 800000b0 00600091 810000b0 21600091 .....`......!`.. 06e0 3f0000eb c0000054 81000090 21e847f9 ?......T....!.G. 06f0 610000b4 f00301aa 00021fd6 c0035fd6 a............._. 0700 800000b0 00600091 810000b0 21600091 .....`......!`.. 0710 210000cb 22fc7fd3 410c818b 21fc4193 !..."...A...!.A. 0720 c10000b4 82000090 42fc47f9 620000b4 ........B.G.b... 0730 f00302aa 00021fd6 c0035fd6 1f2003d5 .........._.. .. 0740 fd7bbea9 fd030091 f30b00f9 930000b0 .{.............. 0750 60524039 40010035 80000090 00ec47f9 `R@9@..5......G. 0760 800000b4 800000b0 000440f9 adffff97 ..........@..... 0770 d8ffff97 20008052 60520039 f30b40f9 .... ..R`R.9..@. 0780 fd7bc2a8 c0035fd6 1f2003d5 1f2003d5 .{...._.. ... .. 0790 dcffff17 fd7bbfa9 fd030091 80000090 .....{.......... 07a0 01f447f9 00000090 00801f91 a9ffff97 ..G............. 07b0 80000090 00f447f9 000040b9 fd7bc1a8 ......G...@..{.. 07c0 c0035fd6 .._. Contents of section .fini: 07c4 1f2003d5 fd7bbfa9 fd030091 fd7bc1a8 . ...{.......{.. 07d4 c0035fd6 .._. Contents of section .rodata: 07d8 01000200 00000000 25700a00 ........%p.. Contents of section .eh_frame_hdr: 07e4 011b033b 38000000 06000000 9cfeffff ...;8........... 07f4 50000000 ecfeffff 64000000 1cffffff P.......d....... 0804 78000000 5cffffff 8c000000 acffffff x...\........... 0814 b0000000 b0ffffff c4000000 ............ Contents of section .eh_frame: 0820 10000000 00000000 017a5200 04781e01 .........zR..x.. 0830 1b0c1f00 10000000 18000000 44feffff ............D... 0840 34000000 0041071e 10000000 2c000000 4....A......,... 0850 80feffff 30000000 00000000 10000000 ....0........... 0860 40000000 9cfeffff 3c000000 00000000 @.......<....... 0870 20000000 54000000 c8feffff 48000000 ...T.......H... 0880 00410e20 9d049e03 4293024e deddd30e .A. ....B..N.... 0890 00000000 10000000 78000000 f4feffff ........x....... 08a0 04000000 00000000 1c000000 8c000000 ................ 08b0 e4feffff 30000000 00410e10 9d029e01 ....0....A...... 08c0 4adedd0e 00000000 00000000 J........... Contents of section .init_array: 10d88 90070000 00000000 ........ Contents of section .fini_array: 10d90 40070000 00000000 @....... Contents of section .dynamic: 10d98 01000000 00000000 2f000000 00000000 ......../....... 10da8 0c000000 00000000 d0050000 00000000 ................ 10db8 0d000000 00000000 c4070000 00000000 ................ 10dc8 19000000 00000000 880d0100 00000000 ................ 10dd8 1b000000 00000000 08000000 00000000 ................ 10de8 1a000000 00000000 900d0100 00000000 ................ 10df8 1c000000 00000000 08000000 00000000 ................ 10e08 f5feff6f 00000000 98020000 00000000 ...o............ 10e18 05000000 00000000 a8030000 00000000 ................ 10e28 06000000 00000000 b8020000 00000000 ................ 10e38 0a000000 00000000 94000000 00000000 ................ 10e48 0b000000 00000000 18000000 00000000 ................ 10e58 15000000 00000000 00000000 00000000 ................ 10e68 03000000 00000000 880f0100 00000000 ................ 10e78 02000000 00000000 78000000 00000000 ........x....... 10e88 14000000 00000000 07000000 00000000 ................ 10e98 17000000 00000000 58050000 00000000 ........X....... 10ea8 07000000 00000000 80040000 00000000 ................ 10eb8 08000000 00000000 d8000000 00000000 ................ 10ec8 09000000 00000000 18000000 00000000 ................ 10ed8 1e000000 00000000 08000000 00000000 ................ 10ee8 fbffff6f 00000000 01000008 00000000 ...o............ 10ef8 feffff6f 00000000 50040000 00000000 ...o....P....... 10f08 ffffff6f 00000000 01000000 00000000 ...o............ 10f18 f0ffff6f 00000000 3c040000 00000000 ...o....<....... 10f28 f9ffff6f 00000000 05000000 00000000 ...o............ 10f38 00000000 00000000 00000000 00000000 ................ 10f48 00000000 00000000 00000000 00000000 ................ 10f58 00000000 00000000 00000000 00000000 ................ 10f68 00000000 00000000 00000000 00000000 ................ 10f78 00000000 00000000 00000000 00000000 ................ Contents of section .got: 10f88 00000000 00000000 00000000 00000000 ................ 10f98 00000000 00000000 f0050000 00000000 ................ 10fa8 f0050000 00000000 f0050000 00000000 ................ 10fb8 f0050000 00000000 f0050000 00000000 ................ 10fc8 980d0100 00000000 00000000 00000000 ................ 10fd8 00000000 00000000 00000000 00000000 ................ 10fe8 10100100 00000000 94070000 00000000 ................ 10ff8 00000000 00000000 ........ Contents of section .data: 11000 00000000 00000000 08100100 00000000 ................ 11010 39000000 9... Contents of section .comment: 0000 4743433a 20285562 756e7475 2031312e GCC: (Ubuntu 11. 0010 342e302d 31756275 6e747531 7e32322e 4.0-1ubuntu1~22. 0020 30342920 31312e34 2e3000 04) 11.4.0. ubuntu@secunda:~/glob$ ls -l /lib/ld-linux-aarch64.so.1 lrwxrwxrwx 1 root root 39 May 6 16:34 /lib/ld-linux-aarch64.so.1 -> aarch64-linux-gnu/ld-linux-aarch64.so.1 ubuntu@secunda:~/glob$ ls -l /lib/aarch64-linux-gnu/ld-linux-aarch64.so.1 -rwxr-xr-x 1 root root 187776 May 6 16:34 /lib/aarch64-linux-gnu/ld-linux-aarch64.so.1 ubuntu@secunda:~/glob$ lldb ug Traceback (most recent call last): File "", line 1, in ModuleNotFoundError: No module named 'lldb.embedded_interpreter' (lldb) target create "ug" Current executable set to '/home/ubuntu/glob/ug' (aarch64). (lldb) b main Breakpoint 1: where = ug`main, address = 0x0000000000000794 (lldb) disas -n main ug`main: ug[0x794] <+0>: stp x29, x30, [sp, #-0x10]! ug[0x798] <+4>: mov x29, sp ug[0x79c] <+8>: adrp x0, 16 ug[0x7a0] <+12>: ldr x1, [x0, #0xfe8] ug[0x7a4] <+16>: adrp x0, 0 ug[0x7a8] <+20>: add x0, x0, #0x7e0 ; + 8 ug[0x7ac] <+24>: bl 0x650 ; symbol stub for: printf ug[0x7b0] <+28>: adrp x0, 16 ug[0x7b4] <+32>: ldr x0, [x0, #0xfe8] ug[0x7b8] <+36>: ldr w0, [x0] ug[0x7bc] <+40>: ldp x29, x30, [sp], #0x10 ug[0x7c0] <+44>: ret (lldb) disas -bn main ug`main: ug[0x794] <+0>: 0xa9bf7bfd stp x29, x30, [sp, #-0x10]! ug[0x798] <+4>: 0x910003fd mov x29, sp ug[0x79c] <+8>: 0x90000080 adrp x0, 16 ug[0x7a0] <+12>: 0xf947f401 ldr x1, [x0, #0xfe8] ug[0x7a4] <+16>: 0x90000000 adrp x0, 0 ug[0x7a8] <+20>: 0x911f8000 add x0, x0, #0x7e0 ; + 8 ug[0x7ac] <+24>: 0x97ffffa9 bl 0x650 ; symbol stub for: printf ug[0x7b0] <+28>: 0x90000080 adrp x0, 16 ug[0x7b4] <+32>: 0xf947f400 ldr x0, [x0, #0xfe8] ug[0x7b8] <+36>: 0xb9400000 ldr w0, [x0] ug[0x7bc] <+40>: 0xa8c17bfd ldp x29, x30, [sp], #0x10 ug[0x7c0] <+44>: 0xd65f03c0 ret (lldb) b main Breakpoint 2: where = ug`main, address = 0x0000000000000794 (lldb) r Process 32092 launched: '/home/ubuntu/glob/ug' (aarch64) Process 32092 stopped * thread #1, name = 'ug', stop reason = breakpoint 1.1 2.1 frame #0: 0x0000aaaaaaaa0794 ug`main ug`main: -> 0xaaaaaaaa0794 <+0>: stp x29, x30, [sp, #-0x10]! 0xaaaaaaaa0798 <+4>: mov x29, sp 0xaaaaaaaa079c <+8>: adrp x0, 16 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] (lldb) disas -bn main ug`main: -> 0xaaaaaaaa0794 <+0>: 0xa9bf7bfd stp x29, x30, [sp, #-0x10]! 0xaaaaaaaa0798 <+4>: 0x910003fd mov x29, sp 0xaaaaaaaa079c <+8>: 0x90000080 adrp x0, 16 0xaaaaaaaa07a0 <+12>: 0xf947f401 ldr x1, [x0, #0xfe8] 0xaaaaaaaa07a4 <+16>: 0x90000000 adrp x0, 0 0xaaaaaaaa07a8 <+20>: 0x911f8000 add x0, x0, #0x7e0 ; + 8 0xaaaaaaaa07ac <+24>: 0x97ffffa9 bl 0xaaaaaaaa0650 ; symbol stub for: printf 0xaaaaaaaa07b0 <+28>: 0x90000080 adrp x0, 16 0xaaaaaaaa07b4 <+32>: 0xf947f400 ldr x0, [x0, #0xfe8] 0xaaaaaaaa07b8 <+36>: 0xb9400000 ldr w0, [x0] 0xaaaaaaaa07bc <+40>: 0xa8c17bfd ldp x29, x30, [sp], #0x10 0xaaaaaaaa07c0 <+44>: 0xd65f03c0 ret (lldb) p/x 0xaaaaaaaa000+16*4096 <<<<----- I see the typo! Should be 0xaaaaaaaa0000 not 0xaaaaaaaa000 for the page address. I lost a 0 when copy-pasting the address! (long) $0 = 0x00000aaaaaaba000 (lldb) p/x 0xaaaaaaaa000+16*4096+0xfe8 (long) $1 = 0x00000aaaaaabafe8 (lldb) x/xg 0x00000aaaaaabafe8 error: memory read failed for 0xaaaaaabae00 <<<<---- Wrong address, nothing there, that page is not even mapped. (lldb) p/x 0xaaaaaaaa000+16*4096+0xfe8 <<--- Still with a type, won't help :) (long) $2 = 0x00000aaaaaabafe8 (lldb) x/xg 0x00000aaaaaabafe8 error: memory read failed for 0xaaaaaabae00 <<---- Still no use :) (lldb) b 0xaaaaaaaa079c Breakpoint 3: where = ug`main + 8, address = 0x0000aaaaaaaa079c (lldb) c Process 32092 resuming Process 32092 stopped * thread #1, name = 'ug', stop reason = breakpoint 3.1 frame #0: 0x0000aaaaaaaa079c ug`main + 8 ug`main: -> 0xaaaaaaaa079c <+8>: adrp x0, 16 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] 0xaaaaaaaa07a4 <+16>: adrp x0, 0 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 ; + 8 (lldb) reg r x0 x0 = 0x0000000000000001 (lldb) si Process 32092 stopped * thread #1, name = 'ug', stop reason = instruction step into frame #0: 0x0000aaaaaaaa07a0 ug`main + 12 ug`main: -> 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] 0xaaaaaaaa07a4 <+16>: adrp x0, 0 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 ; + 8 0xaaaaaaaa07ac <+24>: bl 0xaaaaaaaa0650 ; symbol stub for: printf (lldb) si Process 32092 stopped * thread #1, name = 'ug', stop reason = instruction step into frame #0: 0x0000aaaaaaaa07a4 ug`main + 16 ug`main: -> 0xaaaaaaaa07a4 <+16>: adrp x0, 0 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 ; + 8 0xaaaaaaaa07ac <+24>: bl 0xaaaaaaaa0650 ; symbol stub for: printf 0xaaaaaaaa07b0 <+28>: adrp x0, 16 (lldb) reg r x0 x0 = 0x0000aaaaaaab0000 (lldb) si Process 32092 stopped * thread #1, name = 'ug', stop reason = instruction step into frame #0: 0x0000aaaaaaaa07a8 ug`main + 20 ug`main: -> 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 0xaaaaaaaa07ac <+24>: bl 0xaaaaaaaa0650 ; symbol stub for: printf 0xaaaaaaaa07b0 <+28>: adrp x0, 16 0xaaaaaaaa07b4 <+32>: ldr x0, [x0, #0xfe8] (lldb) reg r x0 x0 = 0x0000aaaaaaaa0000 ug.PT_LOAD[0] + 0 (lldb) si Process 32092 stopped * thread #1, name = 'ug', stop reason = instruction step into frame #0: 0x0000aaaaaaaa07ac ug`main + 24 ug`main: -> 0xaaaaaaaa07ac <+24>: bl 0xaaaaaaaa0650 ; symbol stub for: printf 0xaaaaaaaa07b0 <+28>: adrp x0, 16 0xaaaaaaaa07b4 <+32>: ldr x0, [x0, #0xfe8] 0xaaaaaaaa07b8 <+36>: ldr w0, [x0] (lldb) reg r x0 x0 = 0x0000aaaaaaaa07e0 ug` + 8 (lldb) x/xs 0x0000aaaaaaaa07e0 0xaaaaaaaa07e0: "%p\n" (lldb) r There is a running process, kill it and restart?: [Y/n] Process 32092 exited with status = 9 (0x00000009) Process 32108 launched: '/home/ubuntu/glob/ug' (aarch64) Process 32108 stopped * thread #1, name = 'ug', stop reason = breakpoint 1.1 2.1 frame #0: 0x0000aaaaaaaa0794 ug`main ug`main: -> 0xaaaaaaaa0794 <+0>: stp x29, x30, [sp, #-0x10]! 0xaaaaaaaa0798 <+4>: mov x29, sp 0xaaaaaaaa079c <+8>: adrp x0, 16 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] (lldb) b 0xaaaaaaaa079c Breakpoint 4: where = ug`main + 8, address = 0x0000aaaaaaaa079c (lldb) c Process 32108 stopped * thread #1, name = 'ug', stop reason = breakpoint 3.1 4.1 frame #0: 0x0000aaaaaaaa079c ug`main + 8 ug`main: -> 0xaaaaaaaa079c <+8>: adrp x0, 16 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] 0xaaaaaaaa07a4 <+16>: adrp x0, 0 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 ; + 8 Process 32108 resuming (lldb) reg r x0 x0 = 0x0000000000000001 (lldb) si Process 32108 stopped * thread #1, name = 'ug', stop reason = instruction step into frame #0: 0x0000aaaaaaaa07a0 ug`main + 12 ug`main: -> 0xaaaaaaaa07a0 <+12>: ldr x1, [x0, #0xfe8] 0xaaaaaaaa07a4 <+16>: adrp x0, 0 0xaaaaaaaa07a8 <+20>: add x0, x0, #0x7e0 ; + 8 0xaaaaaaaa07ac <+24>: bl 0xaaaaaaaa0650 ; symbol stub for: printf (lldb) reg r x0 x0 = 0x0000aaaaaaab0000 (lldb) p/x 0x0000aaaaaaab0000+0xfe8 <<---- Now it works :) (long) $3 = 0x0000aaaaaaab0fe8 (lldb) x/xg 0x0000aaaaaaab0fe8 0xaaaaaaab0fe8: 0x0000aaaaaaab1010 (lldb) x/xw 0x0000aaaaaaab1010 0xaaaaaaab1010: 0x00000039 (lldb) p/x 16*4096 (int) $4 = 0x00010000 (lldb)