> ok. i'm beginning to understand better. is there a specific use case, > such as the kernel or userland? > > i didn't see anything like a tool that could poke nops into the right > places. i started to write an acid function to put the nops in one > named function, and then i realized that the ret can appear several > times in one function and i would need to search for and patch them > out. but only the *first* ret, not second, e.g.:
this tool was ment for use with the kernel. there is a devtrace in 9atom's pc and pcpae kernels that does this. ron wrote a paper for the first athens, ga iwp9. i don't remember the year. 2009? - erik
