CodeJitsu targetted ForAllSecure running CROMU_00051 in round 71.
Type 1 POV
eip:0xe2c84008 - ebp:0x2ec26ca
Execution control corruption via return (return to: 0xbaaaac98).
Tracing data from eip: 0x804bb66 tracing source of memory: 0xbaaaac98 (value: 0xbaaaacf1)
0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804bb66: ret // address: 0xbaaaac98 value: 0xbaaaacf1
Execution of memory occurred that was not part of the initial text sections or an executably allocated page.
Tracing data from eip: 0xbaaaacf1 tracing source of memory: 0xbaaaacf1 (value: 0xec26cabd)
0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0xbaaaacf1: mov ebp,0x2ec26ca // address: 0xbaaaacf1 value: 0xec26cabd
Negotiated general register: ebp:0x2ec26ca
Tracing data from eip: 0xbaaaacfb tracing source of register: ebp (value: 0x2ec26ca)
0xbaaaacf1 : mov ebp,0x2ec26ca
0xbaaaacfb: jmp ebx // address: ebp value: 0x2ec26ca