DeepRed targetted Disekt running NRFIN_00052 in round 84.

Type 1 POV

eip:0x4e7c7450 - edx:0x584d455f

Execution control corruption via call.

Tracing data from eip: 0x804904f tracing source of register: ecx (value: 0x4e7c7450)

0x804a86d : receive syscall (return)
0x804938e : mov dl,byte ptr [eax+ecx]
0x8049397 : mov byte ptr [eax+ecx],dl
0x8048fd0 : mov ecx,dword ptr [0x804cf58]
0x8048fee : mov dword ptr [0x804bea4],ecx
0x8049043 : mov ecx,dword ptr [0x804bea4]
0x804904f: call ecx // address: ecx value: 0x4e7c7450

Negotiated general register: edx:0x584d455f

Tracing data from eip: 0x804904f tracing source of register: edx (value: 0x584d455f)

0x804a86d : receive syscall (return)
0x804938e : mov dl,byte ptr [eax+ecx]
0x8049397 : mov byte ptr [eax+ecx],dl
0x8048fd6 : mov edx,dword ptr [0x804cf00]
0x8048fe8 : mov dword ptr [0x804bea0],edx
0x804903d : mov edx,dword ptr [0x804bea0]
0x804904f: call ecx // address: edx value: 0x584d455f

Curated by Lunge Technology, LLC. Questions or comments? Send us email