One-Byte NOOP Equivalent Sled¶
This technique involves utilizing one-byte opcodes to perform the same sled effect. Some IDSs may focus on only some possible variations that can be used.
Additional one-byte Opcodes: The following opcodes can be utilized to create a sled. The majority are the increment opcodes that manipulate registers and return pointers.
| Opcode | Assembly | ASCII |
|---|---|---|
| 27 | DAA | ` |
| 2f | DAS | / |
| 33 c0 | XOR %EAX, %EAX | |
| 37 | AAA | 7 |
| 3f | AAS | ? |
| 40 | INC %EAX | @ |
| 41 | INC %ECX | A |
| 42 | INC %EDX | B |
| 43 | INC %EBX | C |
| 44 | INC %ESP | D |
| 45 | INC %EBP | E |
| 46 | INC %ESI | F |
| 47 | INC%EDI | G |
| 48 | DEC %EAX | H |
| 4a | DEC %EDX | J |