Hi...

On Sun, Jul 15, 2012 at 4:18 PM, ?? [off-list ref] wrote:

   thanks for reply.
   and i wander why the address of vsyscall page is not 0xffffe000 in my
system?

address space randomization sometimes put the vsyscall page in much
lower address AFAIK. And it varies per invocation...

But wait, i just recall that your getpid() might contain a jump into
unpatched PLT first. It happens for the first time an external
function is called. On subsequent call, getpid() will jump directly to
the needed address in glibc.

Once I wrote about it....try google...

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com