Assume you have a buffer over­flow vul­ner­a­bil­i­ty. You can con­trol the EIP. But your shell­code is nev­er executed. Your shell­code is exe­cut­ed when a ret instruc­tion is exe­cut­ed which calls the address you overwrite. But maybe the ret at the end of the func­tion where the buffer over­flow occurs is nev­er reached, because you over­wrote the…