Why offset got from disassembly in gdb shows out of range error in hex editors?

Question

When I disassemble ELF64 in gdb and find that special instruction offset, then open that elf in a hexeditor (ghex, bless,...) and enter offset, it says :

Invalid offset - EOF error (out of range offset).

I searched the we and figure out that ASLR may made this problem but the elf isn't pie, any way I disabled the ASLR but it didn't help.

Also tried radare2 and objdump, No difference...

This is the function with instruction (0x00000000004f013b <+43>: je 0x4f01a0) that i want to edit 'je' to 'jne' (74 -> 75)

    Dump of assembler code for function _ZN9bombsquad4Game13StartKickVoteEPNS_18ConnectionToClientES2_:
       0x00000000004f0110 <+0>:     push   r15
       0x00000000004f0112 <+2>:     mov    r15,rdi
       0x00000000004f0115 <+5>:     push   r14
       0x00000000004f0117 <+7>:     push   r13
       0x00000000004f0119 <+9>:     mov    r13,rsi
       0x00000000004f011c <+12>:    push   r12
       0x00000000004f011e <+14>:    mov    r12,rdx
       0x00000000004f0121 <+17>:    push   rbp
       0x00000000004f0122 <+18>:    push   rbx
       0x00000000004f0123 <+19>:    sub    rsp,0xe8
       0x00000000004f012a <+26>:    call   0x4a66b0 <_ZN9bombsquad11GetRealTimeEv>
       0x00000000004f012f <+31>:    cmp    BYTE PTR [r15+0x2bc],0x0
       0x00000000004f0137 <+39>:    mov    DWORD PTR [rsp+0xc],eax
       0x00000000004f013b <+43>:    je     0x4f01a0 <_ZN9bombsquad4Game13StartKickVoteEPNS_18ConnectionToClientES2_+144>
       0x00000000004f013d <+45>:    lea    rdi,[rsp+0xc0]
       0x00000000004f0145 <+53>:    lea    rdx,[rsp+0x80]
       0x00000000004f014d <+61>:    mov    esi,0x72c3c1
       0x00000000004f0152 <+66>:    call   0x48fa00 <_ZNSsC1EPKcRKSaIcE@plt>
       0x00000000004f0157 <+71>:    xorps  xmm2,xmm2
       0x00000000004f015a <+74>:    lea    rsi,[rsp+0xc0]
       0x00000000004f0162 <+82>:    movss  xmm0,DWORD PTR [rip+0x2353d6]

The disassembled ELF is bs_headless

It won't run without other files you can download the full server on its official website

Answer 1

gdb isn't showing you a file offset. It's showing you a virtual memory address. You will want to consult the section headers to get a starting file position you can then add your offset within the containg section to. Or, just search for some unique bytes in the neighborhood.

$ objdump -h -j .text bs_headless 

bs_headless:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
 12 .text         002933c2  0000000000490090  0000000000490090  00090090  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE

To get file offset for address X, you want to do X - VMA + File off for start of the containing section. In this case conveniently that means you can chop off the leading 4 from the address. Thus your instruction at 0x4f013b is at file offset 0x0f013b:

000F0138 44 24 0C 74 │ 63 48 8D BC │