How do NOP slides help in code execution off of the stack?

Hey guys, I wanted to ask, how do NOP slides ACTUALLY even help with getting shellcode to run in a basic buffer overflow? From my understanding, it is done because the stack pointer changes depending on the environment in which you are running the vulnerable binary. And because of that, there needs to be a way to compensate for the address changing; thus, the NOP slide helps to hit the shellcode after the EIP points to the stack pointer. Please correct me if I'm wrong.

Also, the reason this is somewhat confusing for me is that FROM MY EXPERIENCE isn't an issue if you just overwrite the EIP by pointing to an address with the instructions JMP ESP, which then accurately jumps to the stack pointer for that specific environment.

If my question isn't clear or doesn't make sense, please let me know and I'll rephrase it in a better way.

Thank you.

submitted by /u/Garlic-George-420
[link] [comments]

from hacking: security in practice https://ift.tt/WCUVvry

Comments