Why program header segment virtual address is 0x40004000?

Question

I am studying some things about the ELF format (on a x64 Linux platform) and in the program header the first segment (PT_PHDR) has this virtual address 0x40004000 (alignment is 8 bytes). I don't understand and I don't find a place where that is explained. In some other examples on the Internet it is 0x08048034 and I don't know if this is because of the OS or the processor architecture. Is there a place where these fixed values are listed and briefly explained, like a reference book or manual or something? Thanks

Answer 1

on a x64 Linux platform

That platform does not exist. You mean Linux x86_64 platform.

(PT_PHDR) has this virtual address 0x40004000

That is a very strange address. Are you sure it's not 0x400040 ?

I don't understand and I don't find a place where that is explained. In some other examples on the Internet it is 0x08048034 and I don't know if this is because of the OS or the processor architecture.

For Linux x86_64, the default address where the executable is linked is 0x400000, and the size of Elf64_Ehdr (which is at the start of every ELF binary) is 64, giving you default PT_PHDR address of 0x400040.

For Linux i*86, the default address for executables is 0x08048000, and the size of Elf32_Ehdr is 52, giving you the default PT_PHDR address of 0x08048034.

Either of these addresses can be changed by e.g. using the linker -Ttext=0xNNNN flag.