ForAllSecure targetted Disekt running CROMU_00095 in round 25.

Type 1 POV

eip:0xc85b5b5 - ebp:0x432d8cce

Execution control corruption via return (return to: 0xbaaaaefc).

Tracing data from eip: 0x8053c7c tracing source of memory: 0xbaaaaefc (value: 0xbaaaaeef)

0x8053c78 : receive syscall (return)
0x8053c7c: ret // address: 0xbaaaaefc value: 0xbaaaaeef

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaeef tracing source of memory: 0xbaaaaeef (value: 0x2d8ccebd)

0x8053c78 : receive syscall (return)
0xbaaaaeef: mov ebp,0x432d8cce // address: 0xbaaaaeef value: 0x2d8ccebd

Negotiated general register: ebp:0x432d8cce

Tracing data from eip: 0xbaaaaef9 tracing source of register: ebp (value: 0x432d8cce)

0xbaaaaeef : mov ebp,0x432d8cce
0xbaaaaef9: jmp eax // address: ebp value: 0x432d8cce

Curated by Lunge Technology, LLC. Questions or comments? Send us email