[Noisebridge-discuss] nop slide/sleds?

[dpc]

figured someone out there might know of something extant while i'm
(possibly) wasting my time writing one.

i'm looking for a weird sort of nop sled generator. the output would be
a bunch of code that when executed as a block appears as a nop but
doesn't consist of actual nop instructions. for me, the size constraint
is what is interesting (for a sort of test mark that i'd like to flow
through a different tool). for example in x86-land,

  xor eax, eax  ; 33 c0
  imul eax, esi ; 0f af f0

would be a 5 byte nop (nevermind that eax/flags aren't preserved since i
wrote this off teh top of my head). i've been using things like:

  jmp short $+2+xx  ; eb xx
  <xx random bytes> ; ...

but figured actual instructions might be amusing.

anyway, the metasploit one seems to use chains of nop-ish instructions
but the varying patterns are helpful for 'tagging'.

\p
---
If you cannot grok the overall structure of a program while taking a
shower, you are not ready to code it. - Richard Pattis