CodeJitsu targetted TECHx running KPRCA_00065 in round 33.


Type 2 POV

Reading from protected address: 0x4347c000

0x804d311 : int 128

Tracing data from eip: 0x804d311 tracing source of register: ecx (value: 0x4347c000)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8049d0a : mov ecx,dword ptr [ebp+0xc]
0x8049d13 : mov dword ptr [ebp-0x10],ecx
0x8049d19 : mov eax,dword ptr [ebp-0x10]
0x8049d1c : mov dword ptr [ebp-0x18],eax
0x8049d38 : mov edx,dword ptr [ebp-0x18]
0x8049d3b : add edx,dword ptr [ebp-0x1c]
0x8049d47 : mov dword ptr [esp+0x4],edx
0x804d305 : mov ecx,dword ptr [esp+0x18]
0x804d311: int 128 // address: ecx value: 0x4347c000

The application exited with a segmentation fault

0: 0 // esp: 0

Execution control corruption via return (return to: 0xbaaaafa8).

Tracing data from eip: 0x8048e02 tracing source of memory: 0xbaaaafa8 (value: 0x80483d3)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8048e02: ret // address: 0xbaaaafa8 value: 0x80483d3

Curated by Lunge Technology, LLC. Questions or comments? Send us email