Disekt targetted ForAllSecure running CROMU_00051 in round 73.

Type 2 POV

Reading from protected address: 0x4347c001

0xbaaaadab : mov edi,dword ptr [0x4347c001]

The application exited with a segmentation fault

0: 0 // esp: 0

Execution control corruption via return (return to: 0xbaaaac98).

Tracing data from eip: 0x804bb66 tracing source of memory: 0xbaaaac98 (value: 0xbaaaad71)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804bb66: ret // address: 0xbaaaac98 value: 0xbaaaad71

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaad71 tracing source of memory: 0xbaaaad71 (value: 0x4c4c4c4c)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0xbaaaad71: dec esp // address: 0xbaaaad71 value: 0x4c4c4c4c

Curated by Lunge Technology, LLC. Questions or comments? Send us email