On Mon, Sep 14, 2020 at 10:07:31PM -0500, Qing Zhao wrote: > > On Sep 14, 2020, at 6:09 PM, Segher Boessenkool > > <seg...@kernel.crashing.org> wrote: > >> Gadget 1: > >> > >> mov rax, value > >> syscall > >> ret > > > > No, just > > > > mov rax,59 > > syscall > > > > (no ret necessary!) > > But for ROP, a typical gadget should be ended with a “ret” (or indirect > branch), right?
Not the last one :-) (Especially if it is exec!) Segher
