why is the entry point of elf is 0x8048320. From This question, its the virual address used by the operating system kernel to map the process. But From This, the virual address where a process is mapped (in x86 processors) is 0xc0000000 (lower 3GB for user space and upper 1GB for kernel space). Now whats the theory behind this 0x8048320 starting point address. shouldn't it suppose to be 0c0000000h??
Regards,
The entry point is not the beginning of the mapping of the executable. It is the address of the first instruction that will be run when the program is started. As such, it is usually in the middle of the .text section.
If you use GCC or a compatible compiler, it will be the address of a function _start in libc. That is the function that will eventually call your main().
From your example, 0x8048320 the base address will probably be 0x8000000 and the offset of _start will be 0x48320.
In my machine, however:
$ readelf -h /usr/bin/ls | grep Entry
Entry point address: 0x404030
All these virtual addresses are usually up to the compiler and/or linker.
readelf -h a.out– Aimal