| Protection | What It Does | Why It Matters |
|---|---|---|
| NX | Marks stack/heap memory as non-executable. | Blocks classic stack shellcode. |
| ASLR | Randomizes stack, heap, binary, and library locations. | Forces address leaks or brute force. |
| PIE | Makes the main binary load at a random base. | Program gadgets and PLT/GOT addresses move. |
| Stack canary | Places a secret value before the saved return address. | Detects many stack overflows before ret. |
| RELRO | Hardens relocation/GOT behavior. | Full RELRO blocks GOT overwrites. |
| Fortify | Adds extra checks to some libc calls. | May turn unsafe use into aborts. |
Strategy Choices
| Situation | Common Strategy |
|---|---|
| NX disabled | Place shellcode on the stack and return to it. |
| NX enabled, useful hidden function exists | Return-to-win. |
| NX enabled, libc available | ret2libc. |
| Need to set registers first | ROP chain. |
| PIE enabled | Leak a program address, calculate binary base, then continue. |
| Canary enabled | Leak or bypass the canary before overwriting the return address. |
| Full RELRO | GOT overwrite is blocked, but GOT reads/leaks may still be useful. |