No Operation (NOP) Sled If you are using a direct address when injecting code, you will be left with the burden of guessing exactly where your payload is located in memory, which is next to impossible.The problem is that your payload will not always be in the exact same place. Under UNIX, it is common that the same software package is recompiled on different systems, different compilers, and different optimization settings. What works on one copy of the software might not work on another. Therefore, to minimize this effect and decrease the required precision of a smash, we use the no operation (NOP) sled. The idea is simple.A NOP is an instruction that does nothing; it only takes up space. (Incidentally, the NOP was originally created for debugging.) Since the NOP is only a single byte long, it is immune to the problems of byte ordering and alignment issues. Figure 5.9
No Operation (NOP) Sled
If you are using a direct address when injecting code, you will be left with the
burden of guessing exactly where your payload is located in memory, which is
next to impossible.The problem is that your payload will not always be in the
exact same place. Under UNIX, it is common that the same software package is
recompiled on different systems, different compilers, and different optimization
settings. What works on one copy of the software might not work on another.
Therefore, to minimize this effect and decrease the required precision of a
smash, we use the no operation (NOP) sled. The idea is simple.A NOP is an
instruction that does nothing; it only takes up space. (Incidentally, the NOP was
originally created for debugging.) Since the NOP is only a single byte long, it is
immune to the problems of byte ordering and alignment issues. Figure 5.9
shows an example of the NOP sled in mem
Step by step
Solved in 3 steps