Comment by blackflame7000
7 years ago
The text-segment of the code containing the machine instructions is in read-only memory. You won't be able to overflow a heap variable with the intention of writing to the text-segment of memory without causing a segfault.
But with ROP, there's usually no need to write into the text-segment to execute arbitrary code.
In order to do ROP, you need to chain together gadgets of code segments which means you need to be able to see the source code/binary. This doesn't reveal any information about the call stack nor the available libraries to chain together ROP. And that's if stack canaries haven't screwed things up already.