Pwn Day4

I heard great things about pwn. Its time to finally go through it from Beginning to End!

I am using Medium as a repo for my notes from the pwn courses.

Biggest issue Ive been running into currently through these challenges is jumping to a relative address. traditionally Im used to creating a loop of nops

jmp short 0x51

Unfortunately the above is not working. Again to be clear my instructions are to do a trampoline jmp

_start:
        .rept 0x51
        nop
        .endr
        pop rdi
        mov rax, 0x403000
        jmp fword ptr [eax]

I will add a jmp short 0x51 before i create the nop of 0x51 bytes

Another thing to mention is I need to add a label instead of a jmp address

To be clear of my challenge. I did to create one relative jmp and one absolute jmp.

Whats still odd to me it is overriding

From some google fooo I need a two byte jmp

Short relative jmp instructions can go to anywhere in memory

Appears to be jumping to my label

It appears 2 bytes are clobbering it up