CodeJitsu targetted DeepRed running CROMU_00073 in round 28.

Type 2 POV

Reading from protected address: 0x4347c000

0x805025b : int 128

The application exited with a segmentation fault

0: 0 // esp: 0

Execution control corruption via return (return to: 0xbaaaaef8).

Tracing data from eip: 0x80482c6 tracing source of memory: 0xbaaaaef8 (value: 0x8048d80)

0x805027d : receive syscall (return)
0x80483b7 : mov dl,byte ptr [ecx+eax]
0x80483c7 : mov byte ptr [ecx+eax],dl
0x80482c6: ret // address: 0xbaaaaef8 value: 0x8048d80

Transmission of protected memory 0x4347c004 (value: 77d0790b)

Tracing data from eip: 0x805025b tracing source of register: ecx (value: 0x4347c000)

0x805027d : receive syscall (return)
0x80483b7 : mov dl,byte ptr [ecx+eax]
0x80483c7 : mov byte ptr [ecx+eax],dl
0x8048d8a : mov ecx,dword ptr [ebp+0x8]
0x8048d8d : mov dword ptr [ebp-0x8],ecx
0x8048db5 : mov edx,dword ptr [ebp-0x8]
0x8048db8 : add edx,dword ptr [ebp-0x10]
0x8048dc8 : mov dword ptr [esp+0x4],edx
0x805024f : mov ecx,dword ptr [esp+0x18]
0x805025b: int 128 // address: ecx value: 0x4347c000

Curated by Lunge Technology, LLC. Questions or comments? Send us email