Position-independent code (PIC) is code that uses no hard-coded addresses for either code or data. Shellcode is PIC. It cannot assume that it will be located at a particular memory location when it executes, because at runtime, different versions of a vulnerable program may load the shellcode into different memory locations. The shellcode must ensure that all memory access for both code and data uses PIC techniques.
Table 19-1 shows several common types of x86 code and data access, and whether they are PIC.
Table 19-1. Different Types of x86 Code and Data Access