On a single system, can I expect main() to always be at the same EIP?
https://stackoverflow.com/questions/12550823
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am running some benchmarks in Linux, and I am looking for some indication that the program has completed loading and started running. Is it reasonable to expect that main() would always be at the same EIP?
Is the EIP of main() dependent on the language? Is it dependent on the compiler?
Is there any EIP that a program can always be expected to start at?
Solution
Nope. In C, the entry point is actually _start, which comes from libc; _start does some libc initialization, then calls main.
main is just a regular function. The linker can choose to rearrange it anyway it likes in the process image. Furthermore, with things like relocation tables at the start of the executable, the start of the .text section might not even be constant. Heck, if you're writing the program in assembly, main might not even exist.
A program, however, can always be trusted to start at the entry point address declared in its ELF header (assuming it's an ELF executable). So, use that. readelf can tell you the value.
