Position-Independent Code

Position-independent code (PIC) is code that uses no hard-coded addresses for either code or data. Shellcode is PIC. It cannot assume that it will be located at a particular memory location when it executes, because at runtime, different versions of a vulnerable program may load the shellcode into different memory locations. The shellcode must ensure that all memory access for both code and data uses PIC techniques.

Table 19-1 shows several common types of x86 code and data access, and whether they are PIC.

Table 19-1. Different Types of x86 Code and Data Access

Instruction mnemonics		Instruction bytes	Position-independent?
`call`	`sub_401000`	`E8 C1 FF FF FF` ❶	Yes
`jnz`	`short loc_401044`	`75 0E` ❷	Yes
`mov`	`edx, dword_407030` ❸	`8B 15 30 70 40 00 ...`

Get Practical Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Malware Analysis by Michael Sikorski, Andrew Honig

Position-Independent Code

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly