CodeJitsu targetted CSDS running NRFIN_00063 in round 53.


Type 1 POV

eip:0x22c6ca8a - ebp:0x2e64aa0a


The application exited with a segmentation fault

0x804e970: 0x804e970 // esp: 0xbaaaaf14

Execution control corruption via return (return to: 0xbaaaaf14).

Tracing data from eip: 0x804e970 tracing source of memory: 0xbaaaaf14 (value: 0x22c6ca8a)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e970: ret // address: 0xbaaaaf14 value: 0x22c6ca8a

Negotiated general register: ebp:0x2e64aa0a

Tracing data from eip: 0x804e970 tracing source of register: ebp (value: 0x2e64aa0a)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e96f : pop ebp
0x804e970: ret // address: ebp value: 0x2e64aa0a

Curated by Lunge Technology, LLC. Questions or comments? Send us email