Reverse Engineering Asked by Sathyam Lokare on October 22, 2020
I have read many articles regarding the buffer overflow exploit. Everywhere its written as follow.
“It’s difficult to know the starting address of the shellcode”
Why do we need to know the address of the shellcode? Why does stack not execute the shellcode as it is?
say we inject our shellcode this way
our shellcode — some padding — our choice of saved return
address
should the shellcode not be executed by default by the stack? Why do we add NOP sleds and complicate things.
Exploiting a software by injecting a shellcode in its memory always requires the following steps:
Have a way to inject your shellcode in memory (usually, it can take place in any buffer of the program).
Redirect the execution flow (i.e. be able to write on the rip) to point to the shellcode and execute it (usually, it is done through a buffer-overflow).
If you are not sure about the address of your shellcode, the second part of the exploitation (the redirection of the eip) cannot be achieved reliably.
Correct answer by perror on October 22, 2020
0 Asked on March 11, 2021 by hergeleci
0 Asked on March 10, 2021
0 Asked on March 7, 2021 by rustam-shirinov
0 Asked on March 6, 2021
2 Asked on March 3, 2021 by 18446744073709551615
1 Asked on March 3, 2021
1 Asked on March 3, 2021 by yoav-danieli
0 Asked on March 2, 2021
0 Asked on March 1, 2021 by garde-des-ombres
6 Asked on February 26, 2021 by alex-beals
1 Asked on February 25, 2021 by ramesses-ii
2 Asked on February 25, 2021 by fraserofsmeg
1 Asked on February 25, 2021
0 Asked on February 22, 2021 by haxerl
Get help from others!
Recent Questions
Recent Answers
© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP