I have seen a lot of PoC which everyone use at least one line of NOP intrustruction ,but I would like to if this is a bad habit. I have seen many post / google people say are good / other is bad habit. I know sometimes we dont really need NOPslide instruction , but sometimes of course we do. my question is good or bad?
Can you explain your question? “good or bad” for what?
I mean I some people say is bad habit using bad instruction because indicate a bigger problem or it is because you dont know what u doing, but others say it is good to make your exploit more stable.s So what is the best to do ?
It really depends, If you’re redirecting the execution flow to an address that is slightly different on two runs, you can just put a nop sled there and it would increase the chances of success. Or maybe you’re trying to delay execution of the next instruction for a while? (Not if out-of-order execution is happening there). In most cases, it wouldn’t be source of a “bigger problem”, and if it somehow happens, just “NOPtimize” it.
3 Likes
This topic was automatically closed after 30 days. New replies are no longer allowed.