About: NOP slide     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : yago:YagoPermanentlyLocatedEntity, within Data Space : dbpedia.org:8891 associated with source document(s)
QRcode icon
http://dbpedia.org:8891/describe/?url=http%3A%2F%2Fdbpedia.org%2Fresource%2FNOP_slide

In computer security, a NOP slide, NOP sled or NOP ramp is a sequence of NOP (no-operation) instructions meant to "slide" the CPU's instruction execution flow to its final, desired destination whenever the program branches to a memory address anywhere on the slide. The technique sees common usage in software exploits, where it is used to direct program execution when a branch instruction target is not known precisely. Other notable applications include defensive programming strategies such as EMC-aware programming.

AttributesValues
rdf:type
rdfs:label
  • NOP 슬라이드 (ko)
  • NOP slide (en)
rdfs:comment
  • In computer security, a NOP slide, NOP sled or NOP ramp is a sequence of NOP (no-operation) instructions meant to "slide" the CPU's instruction execution flow to its final, desired destination whenever the program branches to a memory address anywhere on the slide. The technique sees common usage in software exploits, where it is used to direct program execution when a branch instruction target is not known precisely. Other notable applications include defensive programming strategies such as EMC-aware programming. (en)
  • 컴퓨터 보안에서 NOP 슬라이드, NOP 슬레드, NOP 램프, 혹은 NOP 미끄럼틀은 NOP 명령어들을 나열시킨 바이너리 조각으로써, 프로그램이 NOP 슬라이드 안의 어느 메모리 주소부터 실행을 시작하든 CPU 명령어 실행 흐름(컨트롤)이 슬라이드 끝까지 미끄러져 내려오게 만든 것이다. 보통 NOP 슬라이드의 끝은 궁극적으로 실행시키고자 하는 명령어들의 시작점과 연결되어 있다. 이 기법은 소프트웨어 익스플로잇에서 흔히 사용되는데, 특히 분기 (혹은 호출) 명령어의 목적지가 되는 주소를 정확하게 알 수 없는 상황에서 특정 명령어들이 궁극적으로 실행될 수 있도록 만드는데 사용된다. 다른 유명한 애플리케이션으로는 EMC-aware 프로그래밍 같은 방어적 프로그래밍 전략이 있다. (ko)
dcterms:subject
Wikipage page ID
Wikipage revision ID
Link from a Wikipage to another Wikipage
Link from a Wikipage to an external page
sameAs
dbp:wikiPageUsesTemplate
cs1-dates
  • y (en)
date
  • December 2021 (en)
has abstract
  • In computer security, a NOP slide, NOP sled or NOP ramp is a sequence of NOP (no-operation) instructions meant to "slide" the CPU's instruction execution flow to its final, desired destination whenever the program branches to a memory address anywhere on the slide. The technique sees common usage in software exploits, where it is used to direct program execution when a branch instruction target is not known precisely. Other notable applications include defensive programming strategies such as EMC-aware programming. While a NOP slide will function if it consists of a list of canonical NOP instructions, the presence of such code is suspicious and easy to automatically detect. For this reason, practical NOP slides are often composed of non-canonical NOP instructions (such as moving a register to itself or adding zero), or of instructions that affect program state only inconsequentially, which makes them much more difficult to identify. A NOP-sled is the oldest and most widely known technique for exploiting stack buffer overflows. It solves the problem of finding the exact address of the buffer by effectively increasing the size of the target area. To do this, much larger sections of the stack are corrupted with the no-op machine instruction. At the end of the attacker-supplied data, after the no-op instructions, the attacker places an instruction to perform a relative jump to the top of the buffer where the shellcode is located. This collection of no-ops is referred to as the "NOP-sled" because if the return address is overwritten with any address within the no-op region of the buffer, the execution will "slide" down the no-ops until it is redirected to the actual malicious code by the jump at the end. This technique requires the attacker to guess where on the stack the NOP-sled is instead of the comparatively small shellcode. Because of the popularity of this technique, many vendors of intrusion prevention systems will search for this pattern of no-op machine instructions in an attempt to detect shellcode in use. It is important to note that a NOP-sled does not necessarily contain only traditional no-op machine instructions; any instruction that does not corrupt the machine state to a point where the shellcode will not run can be used in place of the hardware assisted no-op. As a result, it has become common practice for exploit writers to compose the no-op sled with randomly chosen instructions which will have no real effect on the shellcode execution. While this method greatly improves the chances that an attack will be successful, it is not without problems. Exploits using this technique still must rely on some amount of luck that they will guess offsets on the stack that are within the NOP-sled region. An incorrect guess will usually result in the target program crashing and could alert the system administrator to the attacker's activities. Another problem is that the NOP-sled requires a much larger amount of memory in which to hold a NOP-sled large enough to be of any use. This can be a problem when the allocated size of the affected buffer is too small and the current depth of the stack is shallow (i.e., there is not much space from the end of the current stack frame to the start of the stack). Despite its problems, the NOP-sled is often the only method that will work for a given platform, environment, or situation, and as such it is still an important technique. The entropy of a NOP slide is dependent upon the constraints placed on it. If it can be determined that certain registers are not in use (that is to say, they will be set to a known value before their next use), instructions which manipulate them arbitrarily may be used in the NOP slide. Additionally, if the alignment of both the NOP slide and the instruction pointer are deterministic, multi-byte instructions can be used in a NOP slide without regard to the results of unaligned execution. If the input providing the attack vector into which the NOP slide and payload are to be introduced are filtered (such as accepting only printable characters), the field of possible instructions for inclusion is limited. While instructions that are part of an architecture extension (such as SSE) may frequently be irrelevant to program state, they cannot be used in a NOP slide targeting a computer on which the extension is not supported. (en)
  • 컴퓨터 보안에서 NOP 슬라이드, NOP 슬레드, NOP 램프, 혹은 NOP 미끄럼틀은 NOP 명령어들을 나열시킨 바이너리 조각으로써, 프로그램이 NOP 슬라이드 안의 어느 메모리 주소부터 실행을 시작하든 CPU 명령어 실행 흐름(컨트롤)이 슬라이드 끝까지 미끄러져 내려오게 만든 것이다. 보통 NOP 슬라이드의 끝은 궁극적으로 실행시키고자 하는 명령어들의 시작점과 연결되어 있다. 이 기법은 소프트웨어 익스플로잇에서 흔히 사용되는데, 특히 분기 (혹은 호출) 명령어의 목적지가 되는 주소를 정확하게 알 수 없는 상황에서 특정 명령어들이 궁극적으로 실행될 수 있도록 만드는데 사용된다. 다른 유명한 애플리케이션으로는 EMC-aware 프로그래밍 같은 방어적 프로그래밍 전략이 있다. 비록 NOP 슬라이드가 기능적으로는 동작할 수 있다 하더라도, 이것이 단순 NOP 명령어가 나열된 방식으로 구성된다면 굉장히 의심스럽기 때문에 자동으로 탐지되기 쉽다. 따라서 실질적인 NOP 슬라이드들은 종종 비표준적인 NOP 명령어들 (가령 출처 레지스터와 목적지 레지스터가 같은 mov 명령 - 같은 데이터를 같은 곳으로 옮기는 것이므로 아무런 효력이 없다 - 혹은 레지스터에 0을 더하기)을 이용해 구성되거나, 더 식별하기 힘들게 만들기 위해 프로그램의 상태에 특별히 의미가 없는 영향을 주도록 설계되기도 한다. NOP 슬라이드는 설치되는 곳에서 적용받는 제약 조건에 따라 그 복잡도가 다르다. 만약 특정 레지스터가 NOP 슬라이드가 설치될 위치에서 사용되지 않고 있는 것이 확실시 된다면, 이 레지스터를 아무렇게나 이용하는 어떤 종류의 인스트럭션이라도 NOP 슬라이드에서 사용하는 것이 가능하다. 더 나아가서, 만약 NOP 슬라이드의 바이트 정렬과 인스트럭션 포인터의 바이트 정렬이 모두 예측 가능한 상황이라면, 여러 바이트로 이루어진 인스트럭션을 이용해 NOP 슬라이드를 구성할 수도 있다. 만약 NOP 슬라이드를 설치할 수 있도록 만들어주는 공격 통로가 (출력 가능한 ASCII 문자만을 받아들이는 식으로) 필터링을 수행하고 있다면, NOP 슬라이드에서 사용할 수 있는 인스트럭션의 범위가 제한될 수밖에 없다. 한편, 아키텍처 확장으로 추가된 명령어 (예: Intel의 SSE 확장)는 대다수가 실행 후에도 프로그램 상태에 영향을 주지 않기 때문에 NOP 슬라이드를 구성하는 데 사용될 수 있지만, (공격) 대상이 되는 컴퓨터가 해당 아키텍처 확장을 지원하지 않은 경우에는 사용할 수 없다. (ko)
gold:hypernym
prov:wasDerivedFrom
page length (characters) of wiki page
foaf:isPrimaryTopicOf
is Link from a Wikipage to another Wikipage of
is Wikipage redirect of
is foaf:primaryTopic of
Faceted Search & Find service v1.17_git139 as of Feb 29 2024


Alternative Linked Data Documents: ODE     Content Formats:   [cxml] [csv]     RDF   [text] [turtle] [ld+json] [rdf+json] [rdf+xml]     ODATA   [atom+xml] [odata+json]     Microdata   [microdata+json] [html]    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3331 as of Sep 2 2024, on Linux (x86_64-generic-linux-glibc212), Single-Server Edition (62 GB total memory, 43 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software