function address still changed with ASLR disabled and canary not set during compiling

Reverse Engineering Asked by Redshrimp on September 22, 2020

Background: It is a x64 linux executable, and I am trying to jump to function sym.redirect_call @ 0x00401184, with 120 byte nopled plus 8 byte for the new address. However, every time when I insert the payload the last 8 byte changed, which makes the jump unavailable. I wonder why this is happening? I’ve disabled the ASLR on my machine, and canary flag is not set during compiling. For more details, please check the picture that I attached. Any help will be appreciated!

Add your own answers!

Related Questions

When is a wide-character function called?

0  Asked on April 12, 2021 by hightower


Getting radare2 to load z80 binaries properly

1  Asked on April 11, 2021 by gb_away


How to patch C# binary?

0  Asked on April 11, 2021 by warchantua


Reverse engineering algorithm for get keys

0  Asked on April 10, 2021 by gastone-krankenwagen


Cannot find C# obfuscator

0  Asked on April 8, 2021 by sawek-piewak


How to set search scope in radare2

1  Asked on April 6, 2021 by ju5t_4n07h3r_7ryh4rd3r


XAP2 processor firmware reverse engeneering

0  Asked on April 3, 2021 by nusch


Ghidra rename variable below current line

1  Asked on March 30, 2021 by genghiskhan


Help with LDR, LDRD and STR instructions

1  Asked on March 30, 2021 by yuanlintech


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir