AnswerBun.com

Why do we need to know the address of shellcode?

Reverse Engineering Asked by Sathyam Lokare on October 22, 2020

I have read many articles regarding the buffer overflow exploit. Everywhere its written as follow.

“It’s difficult to know the starting address of the shellcode”

Why do we need to know the address of the shellcode? Why does stack not execute the shellcode as it is?

say we inject our shellcode this way

our shellcode — some padding — our choice of saved return
address

should the shellcode not be executed by default by the stack? Why do we add NOP sleds and complicate things.

One Answer

Exploiting a software by injecting a shellcode in its memory always requires the following steps:

  1. Have a way to inject your shellcode in memory (usually, it can take place in any buffer of the program).

  2. Redirect the execution flow (i.e. be able to write on the rip) to point to the shellcode and execute it (usually, it is done through a buffer-overflow).

If you are not sure about the address of your shellcode, the second part of the exploitation (the redirection of the eip) cannot be achieved reliably.

Correct answer by perror on October 22, 2020

Add your own answers!

Related Questions

Advanced Anti-Debugging Techniques

1  Asked on March 10, 2021 by 0x58

   

Remapping Branch Instructions After Obfuscation

0  Asked on March 7, 2021 by rustam-shirinov

         

What is a non-virtual thunk?

2  Asked on March 3, 2021 by 18446744073709551615

     

how to calculate max possible stack size utilization

1  Asked on March 3, 2021 by yoav-danieli

     

Bypassing debugger detection in radar2

0  Asked on March 1, 2021 by garde-des-ombres

     

Patching PLT entries

3  Asked on February 27, 2021 by movecx

     

Decoding New Jersey Driver’s License Codes

6  Asked on February 26, 2021 by alex-beals

   

Symbols for detecting UBSan

0  Asked on February 26, 2021 by packmad

   

Arrays assembly

1  Asked on February 25, 2021 by ramesses-ii

         

How to ‘hack’ the chat box in an online game

2  Asked on February 25, 2021 by fraserofsmeg

 

How to dump heap from packed program (unpack asprotect)

0  Asked on February 22, 2021 by haxerl

 

Call of a suspicious method cannot be found

1  Asked on February 20, 2021 by fellower4

 

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP