Disekt targetted TECHx running KPRCA_00065 in round 34.

Type 2 POV

Reading from protected address: 0x4347c000

0xbaaaaf3b : int 128

Tracing data from eip: 0xbaaaaf3b tracing source of register: ecx (value: 0x4347c000)

0xbaaaaf1f : xor ecx,0x1010101
0xbaaaaf3b: int 128 // address: ecx value: 0x4347c000

Execution control corruption via return (return to: 0xbaaaafa8).

Tracing data from eip: 0x8048e02 tracing source of memory: 0xbaaaafa8 (value: 0xbaaaaf14)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8048e02: ret // address: 0xbaaaafa8 value: 0xbaaaaf14

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf14 tracing source of memory: 0xbaaaaf14 (value: 0x8940c031)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0xbaaaaf14: xor eax,eax // address: 0xbaaaaf14 value: 0x8940c031

Curated by Lunge Technology, LLC. Questions or comments? Send us email