[Noisebridge-discuss] nop slide/sleds?
Dr. Jesus
j at hug.gs
Tue Oct 6 20:55:10 UTC 2009
On Tue, Oct 6, 2009 at 1:40 PM, dpc <weasel at meer.net> wrote:
> figured someone out there might know of something extant while i'm
> (possibly) wasting my time writing one.
>
> i'm looking for a weird sort of nop sled generator. the output would be
> a bunch of code that when executed as a block appears as a nop but
> doesn't consist of actual nop instructions. for me, the size constraint
> is what is interesting (for a sort of test mark that i'd like to flow
> through a different tool). for example in x86-land,
>
> xor eax, eax ; 33 c0
> imul eax, esi ; 0f af f0
>
> would be a 5 byte nop (nevermind that eax/flags aren't preserved since i
> wrote this off teh top of my head). i've been using things like:
>
> jmp short $+2+xx ; eb xx
> <xx random bytes> ; ...
>
> but figured actual instructions might be amusing.
>
> anyway, the metasploit one seems to use chains of nop-ish instructions
> but the varying patterns are helpful for 'tagging'.
Opcodes 0x91, 0x92, and 0x93 work if you do them in sequences of 2*n,
where n is an integer. If you hand disassemble 0x90 it should be
obvious why :)
More information about the Noisebridge-discuss
mailing list