Hard Coded Address Changing after Assembling

Question

Here is a Assembly code fragment:

jmp short  getadd

shellcode:
  pop  esi
  xor  eax, eax
  mov byte [esi+9], al
  push dword esi
  call 0x8048300
  ; adress found by deassmembling a c program for printf

  xor eax,eax
  mov al,0
  xor ebx,ebx
  int 0x80

getadd:
  call shellcode
  db  "nice job!"

But after dumping the object I found:

Disassembly of section .text:

00000000 <shellcode-0x2>:
   0:   eb 14                   jmp    16 <getadd>

00000002 <shellcode>:
   2:   5e                      pop    %esi
   3:   31 c0                   xor    %eax,%eax
   5:   88 46 09                mov    %al,0x9(%esi)
   8:   56                      push   %esi
   9:   e8 fc 82 04 08          call   804830a <getadd+0x80482f4>
   e:   31 c0                   xor    %eax,%eax
  10:   b0 00                   mov    $0x0,%al
  12:   31 db                   xor    %ebx,%ebx
  14:   cd 80                   int    $0x80

00000016 <mycall>:
  16:   e8 e7 ff ff ff          call   2 <shellcode>
  1b:   6e                      outsb  %ds:(%esi),(%dx)
  1c:   69 63 65 20 6a 6f 62    imul   $0x626f6a20,0x65(%ebx),%esp
  23:   21                      .byte 0x21

---

Why the address changed from 0x8048300 to 804830a?

Answer 1

Time to bust out the Intel Instruction Set Reference!

E8 is CALL rel32 :

Call near, relative, displacement relative to next instruction.

That means you're not calling the absolute address 0x8048300, rather you're calling to an address at some displacement from where you are right now (actually from the next instruction).

If you want to call to an absolute address, you need to be using the FF Call r/m32 (call to register or memory address) form.

mov eax, 0x8048300
call eax