CodeJitsu targetted ForAllSecure running CROMU_00051 in round 72.


Type 1 POV

eip:0x2c6e2cca - ebp:0x88a80682


Execution control corruption via return (return to: 0xbaaaac98).

Tracing data from eip: 0x804bb66 tracing source of memory: 0xbaaaac98 (value: 0xbaaaacf1)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804bb66: ret // address: 0xbaaaac98 value: 0xbaaaacf1

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaacf1 tracing source of memory: 0xbaaaacf1 (value: 0xa80682bd)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0xbaaaacf1: mov ebp,0x88a80682 // address: 0xbaaaacf1 value: 0xa80682bd

Negotiated general register: ebp:0x88a80682

Tracing data from eip: 0xbaaaacfb tracing source of register: ebp (value: 0x88a80682)

0xbaaaacf1 : mov ebp,0x88a80682
0xbaaaacfb: jmp ebx // address: ebp value: 0x88a80682

Curated by Lunge Technology, LLC. Questions or comments? Send us email