No eXecute
The defence against shellcode
As you can expect, programmers were hardly pleased that people could inject their own instructions into the program. The NX bit, which stands for No eXecute, defines areas of memory as either instructions or data. This means that your input will be stored as data, and any attempt to run it as instructions will crash the program, effectively neutralising shellcode.
To get around NX, exploit developers have to leverage a technique called ROP, Return-Oriented Programming.
The Windows version of NX is DEP, which stands for Data Execution Prevention

Checking for NX

You can either use pwntools' checksec or rabin2.
1
$ checksec vuln
2
[*] 'vuln'
3
Arch: i386-32-little
4
RELRO: Partial RELRO
5
Stack: No canary found
6
NX: NX disabled
7
PIE: No PIE (0x8048000)
8
RWX: Has RWX segments
Copied!
1
$ rabin2 -I vuln
2
[...]
3
nx false
4
[...]
Copied!
Export as PDF
Copy link
Contents