0

I'm doing a binary challenge from pwnable.kr and I'm examining a some ROP gadget.

Until now I've always used gadget ending with ret or syscall/int 0x80, but now ROPgadget gave me a gadget ending with ret 0.

What's the difference wrt ret?

Improve this question
1
  • You can set an offset on ret like ret 4 so i assume that ret Is the same of ret 0
    – Marco Nappi
    Commented May 24, 2022 at 11:11

1 Answer 1

Reset to default
1

This is not strictly a security question but the short answer is that there is no functional difference between ret and ret 0. In-fact, this notation is often compiler independent for some bizarre reason.

The reason for your notation is being displayed as ret 0 is likely due to a ret imm16=0 instruction. MSVC for example emits ret as ret 0. However, these are exactly the same instruction in terms of operation. If you want to visualise the difference, compile a simple:

xor eax, eax 
ret 0

in MASM and then compile the same program in NASM. NASM will likely optimize the above to

xor eax, eax
ret

whereas MASM will display it as the former with the ret 0.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .