ForAllSecure targetted Shellphish running CROMU_00055 in round 2.

---

Type 2 POV

Reading from protected address: 0x4347c3be

0xbaaaafb3 : push dword ptr [0x4347c3be]

---

Execution control corruption via return (return to: 0xbaaaafa8).

Tracing data from eip: 0x8048536 tracing source of memory: 0xbaaaafa8 (value: 0xbaaaafac)

0x804fd27 : receive syscall (return)
0x8048536: ret // address: 0xbaaaafa8 value: 0xbaaaafac

---

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaafac tracing source of memory: 0xbaaaafac (value: 0xf389f631)

0x804fd27 : receive syscall (return)
0xbaaaafac: xor esi,esi // address: 0xbaaaafac value: 0xf389f631