JonathanSalwan
commented
8 months ago Instructions on x86/x64 are variable length. They can go from 1 byte to 15 bytes. So, if you jump into the middle of a 4-bytes long instructions, you can trigger another instruction. This is probably why you think the instruction pop rdi is not mapped. This is because it's right in the middle of another instruction.
vricosti
Sorry to open a bug but there is no discussion section in this project. So I am really new to asm and ROP but when I try to follow a tutorial using the x86_64 binary from https://ropemporium.com/challenge/split.html at one point it does:
ROPgadget --binary split | grep "pop rdi" 0x00000000004007c3 : pop rdi ; ret
but when I disassemble the split binary 4007c3 is not even a valid address however at 00000000004007C4 I can find a ret.
So how does it work and why does it find a "pop rdi" ? Thnaks