Reverse Engineering Asked by Sathyam Lokare on October 22, 2020
I have read many articles regarding the buffer overflow exploit. Everywhere its written as follow.
“It’s difficult to know the starting address of the shellcode”
Why do we need to know the address of the shellcode? Why does stack not execute the shellcode as it is?
say we inject our shellcode this way
our shellcode — some padding — our choice of saved return
address
should the shellcode not be executed by default by the stack? Why do we add NOP sleds and complicate things.
Exploiting a software by injecting a shellcode in its memory always requires the following steps:
Have a way to inject your shellcode in memory (usually, it can take place in any buffer of the program).
Redirect the execution flow (i.e. be able to write on the rip) to point to the shellcode and execute it (usually, it is done through a buffer-overflow).
If you are not sure about the address of your shellcode, the second part of the exploitation (the redirection of the eip) cannot be achieved reliably.
Correct answer by perror on October 22, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP