ForAllSecure targetted TECHx running KPRCA_00065 in round 33.

Type 1 POV

eip:0x63f85f20 - esi:0xaffb69b1

Execution control corruption via return (return to: 0xbaaaafa8).

Tracing data from eip: 0x8048e02 tracing source of memory: 0xbaaaafa8 (value: 0x8048153)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8048e02: ret // address: 0xbaaaafa8 value: 0x8048153

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaafa0 tracing source of memory: 0xbaaaafa0 (value: 0xc3a4618b)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8048e00 : pop esi
0x8049b33 : push esi
0x8049cf2 : pop esi
0x8048e73 : push esi
0x8048eb8 : pop esi
0x8049b33 : push esi
0x8049cf2 : pop esi
0x8048e73 : push esi
0xbaaaafa0: mov esp,dword ptr [ecx-0x5c] // address: 0xbaaaafa0 value: 0xc3a4618b

Negotiated general register: esi:0xaffb69b1

Tracing data from eip: 0x804d42c tracing source of register: esi (value: 0xaffb69b1)

0x804d333 : receive syscall (return)
0x804d42b : pop esi
0x804d42c: ret // address: esi value: 0xaffb69b1

Curated by Lunge Technology, LLC. Questions or comments? Send us email