The NOP sleds in Heap Spray is more general. It doesn't necessary to be 0x90. It could be anything which doesn't hurt the register values or affect the shell code to run
For example
0c0c instruction: it means OR AL, 0c
Basically, the first 0c0c instruction will change the low value in EAX register, as long as it doesn't crash the program after popa instruction in shell code, it could be used as heap spray.
http://www.ask-a-pentester.com/index.php/9/about-nop-slides-in-js-heap-overflows
No comments:
Post a Comment