lancelot icon indicating copy to clipboard operation
lancelot copied to clipboard

Published 20 hours ago verified publisher icon williballenthin

function padding background research

Open williballenthin opened this issue 3 years ago • 1 comments

  • https://stackoverflow.com/questions/25545470/long-multi-byte-nops-commonly-understood-macros-or-other-notation
  • https://github.com/intelxed/xed/blob/b53f33e44dd2e5fb2e63f9c0e35c65b72c933dae/src/enc/xed-encode.c#L460
  • https://gist.github.com/stevemk14ebr/d117e8d0fd1432fb2a92354a034ce5b9
  • https://reverseengineering.stackexchange.com/questions/4084/why-ther-are-some-many-padding-leading-nop-instructions-in-my-binary-code
  • https://stackoverflow.com/questions/7912464/why-does-gcc-pad-functions-with-nops
  • https://reviews.llvm.org/D70157 -https://www.reddit.com/r/programming/comments/8vha0o/two_little_nuggets_about_nop_instruction/

williballenthin avatar Aug 25 '20 04:08 williballenthin

Research using your SoK analysis data: https://gist.github.com/stevemk14ebr/d117e8d0fd1432fb2a92354a034ce5b9

Analysis of that, led to creation of these patterns as the most common pad sequences: https://github.com/stevemk14ebr/PolyHook_2_0/blob/e4601b19692956360b39da0f873e73cdb13c6f47/sources/x64Detour.cpp#L53-L79

stevemk14ebr avatar Mar 11 '21 16:03 stevemk14ebr