CodeJitsu targetted CSDS running NRFIN_00063 in round 57.

Type 1 POV

eip:0xc8ca0426 - ebp:0xe22e8648

The application exited with a segmentation fault

0x804e970: 0x804e970 // esp: 0xbaaaaf14

Execution control corruption via return (return to: 0xbaaaaf14).

Tracing data from eip: 0x804e970 tracing source of memory: 0xbaaaaf14 (value: 0xc8ca0426)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e970: ret // address: 0xbaaaaf14 value: 0xc8ca0426

Negotiated general register: ebp:0xe22e8648

Tracing data from eip: 0x804e970 tracing source of register: ebp (value: 0xe22e8648)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e96f : pop ebp
0x804e970: ret // address: ebp value: 0xe22e8648

Curated by Lunge Technology, LLC. Questions or comments? Send us email