[Noisebridge-discuss] nop slide/sleds?

Dr. Jesus j at hug.gs
Tue Oct 6 20:55:10 UTC 2009


On Tue, Oct 6, 2009 at 1:40 PM, dpc <weasel at meer.net> wrote:
> figured someone out there might know of something extant while i'm
> (possibly) wasting my time writing one.
>
> i'm looking for a weird sort of nop sled generator. the output would be
> a bunch of code that when executed as a block appears as a nop but
> doesn't consist of actual nop instructions. for me, the size constraint
> is what is interesting (for a sort of test mark that i'd like to flow
> through a different tool). for example in x86-land,
>
>  xor eax, eax  ; 33 c0
>  imul eax, esi ; 0f af f0
>
> would be a 5 byte nop (nevermind that eax/flags aren't preserved since i
> wrote this off teh top of my head). i've been using things like:
>
>  jmp short $+2+xx  ; eb xx
>  <xx random bytes> ; ...
>
> but figured actual instructions might be amusing.
>
> anyway, the metasploit one seems to use chains of nop-ish instructions
> but the varying patterns are helpful for 'tagging'.

Opcodes 0x91, 0x92, and 0x93 work if you do them in sequences of 2*n,
where n is an integer.  If you hand disassemble 0x90 it should be
obvious why :)



More information about the Noisebridge-discuss mailing list