如何做一个NOP雪橇的工作? [英] How does a NOP sled work?
问题描述
我已经破解我的头打开,无法找到该回答这个问题的良好来源。我知道,一个NOP雪橇是用来绕过堆栈随机化的缓冲区溢出攻击的技术,但我不能让我的头围绕它是如何工作的。
I've been cracking my head open and can't find a good source that answers this question. I know that a nop sled is a technique used to circumvent stack randomization in a buffer overflow attack, but I can't get my head around how it works.
什么是一个简单的例子,说明了这种方法?
What's a simple example that illustrates this method?
什么样128个字节的NOP雪橇而言意味着什么呢?
What do terms like 128-byte nop sled mean?
推荐答案
有些攻击是由于使程序跳转到一个特定的地址,并从那里继续运行。该injectec code具有在准确位置加载previously弄好了。
Some attacks consist on making the program jump into an specific address and continue running from there. The injectec code has to be loaded previously somehow in that exact location.
堆栈随机化和其他运行时的差异可能使那里的程序会跳转不可能predict的地址,所以攻击者放置一个NOP雪橇在一个大范围的内存。如果程序跳转到任何地方进入雪橇,它将运行所有剩余的NOP,无所事事,然后将运行负载code,毗邻雪橇。
Stack randomization and other runtime differences may make the address where the program will jump impossible to predict, so the attacker places a NOP sled in a big range of memory. If the program jumps to anywhere into the sled, it will run all the remaining NOPs, doing nothing, and then will run the payload code, just next to the sled.
攻击者使用中的NOP雪橇的原因是为了使目标地址更大:所述code可以在注入code的开头的雪橇的任何位置跳跃,而不是正好
The reason the attacker uses the NOP sled is to make the target address bigger: the code can jump anywhere in the sled, instead of exactly at the beginning of the injected code.
一个128字节的NOP雪橇仅仅是一组NOP说明资讯的128字节宽。
A 128-byte NOP sled is just a group of NOP intructions 128 bytes wide.
请注意#1:NOP(无操作)在大多数(?所有)架构用的指令,什么也不做,不是占用内存和一些运行时的其它
NOTE #1: NOP (No-OPeration) is an instruction available in most (all?) architectures that does nothing, other than occupying memory and some runtime.
注2:在具有可变长度指令的架构,NOP指令通常是在长度只是一个字节,因此它可以被用来作为一种方便的指令填充。不幸的是,这也使得它容易做到的一个NOP雪橇。
NOTE #2: in architectures with variable length instructions, a NOP instruction is usually just one byte in length, so it can be used as a convenient instruction padding. Unfortunately, that also makes it easy to do a NOP sled.
这篇关于如何做一个NOP雪橇的工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
