You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm trying to understand the substitutions but I don't understand whats the meaning in assembly of "jmp 3" (get_nops, size=3, bits=32)? or why it's considered a nop. Also, why you pop from the stack? Wouldn't it destroy the stack? (for example, if the executable tries to access some already pop'd variable)
return "jmp %s; pop %s" % (3 + prev_ins_size, random.choice(regs))
Thanks in advance.
The text was updated successfully, but these errors were encountered:
That return is returning a 3 bytes size NOP sequence (as requested in the function parameter size). To do this, it creates a jmp+3 and inserts a random 1 byte instruction that will never be executed (because of the jmp).
For example, lets consider the random 1 byte instruction is 'pop eax'. The sequence would be as follows:
As we can see, when the code reaches the jmp, it will go directly to the nops, without executing the pop, giving us a 3 bytes NOP sequence (jmp + pop) because it doesn't affect any value in our execution context (registers, flags ...).
Hi, I'm trying to understand the substitutions but I don't understand whats the meaning in assembly of "jmp 3" (get_nops, size=3, bits=32)? or why it's considered a nop. Also, why you pop from the stack? Wouldn't it destroy the stack? (for example, if the executable tries to access some already pop'd variable)
Thanks in advance.
The text was updated successfully, but these errors were encountered: