C/C++: Determine [My] Module's Load Address

Hi All,

I’m trying to determine my module’s load address at runtime (not an arbitrary module). Everything I’ve found on the web is kernel-centric [1,2], and Stevens does not cover it in Advanced Unix Programming.

I believe I want information from the struct module in kernel/modules.c. I did find sys_query_module, but it has been depricated.

In the Windows world, I would use __ImageBase (fixed up by the link-loader) or GetModuleHandle(…).

Can anyone point me to the proper syscall? (Or to a forum that fields C/C++ and Linux API questions).

Thanks,
Jeff
Jeffrey Walton

[1] LKML: “Richard B. Johnson”: Re: determining load address of module
[2] Linux-Kernel Archive: Re: determining load address of module

What do you mean by “load address?” You can easily get the address of a function within the module and work from that.

Hi smpoole7,

> What do you mean by “load address?”
I expect my load address to be a Elf32_Ehdr* (I could be wrong, but I won’t know until I see what’s going on under a debugger). In the Windows world, the load address of a module points to the first byte of the program’s IMAGE_DOS_HEADER structure. So the address of the first byte is a IMAGE_DOS_HEADER*. I expect about the same in Linux.

> You can easily get the address of a function within the module and work from that.
A function address (such as &main) may help me with the .text section. But I’m looking for the preamble that the link-loader uses. Given the Elf32_Ehdr*, I can find all sections.

Sorry about the Win32 analogies. I know how to accomplish these things in the Windows world.

Jeff

The question is rather why on earth you would need to know that.

See what jengelh said. I was a long-time Windoze developer myself (and still use it for some projects), but you learn to think differently in the 'Nix world. For security reasons, many kernels actually obscure addresses, and/or those addresses will change with each load.

I’m sure it can be done – GNU’s debugger, just to name one, will allow you to look at things in memory, so IT has to know how to find them – but agreeing with jengelh, I can’t see what you’d want to. If you want to change code on the fly, that’s generally considered very bad programming practice (and will be difficult to do under 'Nix, anyway, because it uses a true protected model for the Code/TXT segment(s)). If you’re encrypting your code and want to decrypt it just before execution, there are easier (and more acceptable) ways of doing it.

Hey, I started out in DOS, where things like this were done all the time. I used to change code on the fly, encrypt and decrypt – I even wrote a device driver one time that decrypted EACH FUNCTION as it was called, to make it more difficult to debug or trace! :slight_smile:

But 'Nix uses a different philosophy.

I’m not trying to tell you not to do it. Nothing annoys me worse than when I post a question here and the answers all come back, “you shouldn’t do it that way.” I don’t know what you’re trying to do – and don’t NEED to know. But to answer your question, you’ll probably need to quite a few Google searches, and maybe even pore over the source code for GNU’s Debugger to see how they do it.