hacktricks/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md

# No-exec / NX

{% hint style="success" %}
学习并练习AWS黑客技术：<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks培训AWS红队专家（ARTE）**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习并练习GCP黑客技术：<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks培训GCP红队专家（GRTE）**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>支持HackTricks</summary>

* 检查[**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享黑客技巧。

</details>
{% endhint %}

## 基本信息

**No-Execute (NX)** 位，也称为Intel术语中的**Execute Disable (XD)**，是一种基于硬件的安全功能，旨在**减轻****缓冲区溢出**攻击的影响。当实施和启用时，它区分用于**可执行代码**和用于**数据**（如**堆栈**和**堆**）的内存区域。其核心思想是通过将恶意代码放在堆栈中，然后将执行流程引导到该代码，防止攻击者通过缓冲区溢出漏洞执行恶意代码。

## 绕过

* 可以使用诸如[**ROP**](../rop-return-oriented-programing/)之类的技术**绕过**此保护，通过执行二进制文件中已存在的可执行代码块。
* [**Ret2libc**](../rop-return-oriented-programing/ret2lib/)
* [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/)
* **Ret2...**

{% hint style="success" %}
学习并练习AWS黑客技术：<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks培训AWS红队专家（ARTE）**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习并练习GCP黑客技术：<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks培训GCP红队专家（GRTE）**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>支持HackTricks</summary>

* 检查[**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享黑客技巧。

</details>
{% endhint %}
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								# No-exec / NX
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								{% hint style="success" %}
 								学习并练习AWS黑客技术：<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks培训AWS红队专家（ARTE）**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								学习并练习GCP黑客技术：<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks培训GCP红队专家（GRTE）**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								<details>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								<summary>支持HackTricks</summary>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								* 检查[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享黑客技巧。
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
 								</details>
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								{% endhint %}
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
 								## 基本信息
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								**No-Execute (NX)** 位，也称为Intel术语中的**Execute Disable (XD)**，是一种基于硬件的安全功能，旨在**减轻****缓冲区溢出**攻击的影响。当实施和启用时，它区分用于**可执行代码**和用于**数据**（如**堆栈**和**堆**）的内存区域。其核心思想是通过将恶意代码放在堆栈中，然后将执行流程引导到该代码，防止攻击者通过缓冲区溢出漏洞执行恶意代码。
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
 								## 绕过
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								* 可以使用诸如[**ROP**](../rop-return-oriented-programing/)之类的技术**绕过**此保护，通过执行二进制文件中已存在的可执行代码块。
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
+								* [**Ret2libc**](../rop-return-oriented-programing/ret2lib/)
-												Translated ['binary-exploitation/basic-binary-exploitation-methodology/R

											
										
										
											2024-04-12 01:34:59 +00:00
+								* [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
+								* **Ret2...**
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								{% hint style="success" %}
 								学习并练习AWS黑客技术：<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks培训AWS红队专家（ARTE）**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								学习并练习GCP黑客技术：<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks培训GCP红队专家（GRTE）**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								<details>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								<summary>支持HackTricks</summary>
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								* 检查[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享黑客技巧。
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-04-07 02:33:04 +00:00
 								</details>
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:33:27 +00:00
+								{% endhint %}