Stack-Based Buffer Overflows on Linux x86 Determine the Length for Shellcode

Hi, i’m stuck at this Q: How large can our shellcode theoretically become if we count NOPS and the shellcode size together? (Format: 00 Bytes) - i’ve tried ‘info proc mapping’ in gdb , but can’t find any clue.
I’ve tried doing the calculation with the numbers in the exemple but something seems off regarding the answer format (00 Bytes).
the shellcode plus nobs is like 250 bytes (100 bytes NOPS), it could be 250 bytes plus 768 bytes as then the buffer is completly filled and so the max size could be 1036 bytes - however this is not correct

The correct answer is NOP+shellcode. Make sure to answer in the format of XXX Bytes.

I don’t know why the buffer part does not count in this question. We can use any space between ESP and EBP as long as the program does not tamper it, I think. In the bow example, the vulnerable function does not modify anything, so the whole stack space should be free for us.

thank you!
The way the question is worded is misleading, especially the format.
I’ve been stuck for several days now, thx