Home/ Questions/Q 4549464
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T16:21:50+00:00

8048563: e8 0d 00 00 00 call 8048575 <exit@plt+0x141> I was trying to reverse

  • 0
8048563:       e8 0d 00 00 00          call   8048575 <exit@plt+0x141>

I was trying to reverse engineer a binary for fun and I saw this call in the objdump output. Looking at this line, I thought the call would be to the exit function which was dynamically linked. However, 8048575 seems to be an address in the .text section of this program!

  1. Why does this wrong naming of function happen?
  2. The place where the call lands has the following line; why is the function prologue missing?
8048575:       83 ec 6c                sub    esp,0x6c
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    That’s not actually a IAT/PLT call, it’s a call to another function in the same file. The file probably has had its internal symbol stripped, and objdump displays all addresses as the last defined symbol before the address + an offset. With no internal symbols, this will hit the last plt-linked function, since the plt section comes before text.

    So, the displayed name is just bogus and can be ignored.

    • 0