CodeJitsu targetted Disekt running YAN01_00016 in round 79.

Type 2 POV

Reading from protected address: 0x4347c000

0xbaaaafd0 : int 128

Tracing data from eip: 0xbaaaafd0 tracing source of register: ecx (value: 0x4347c000)

0xbaaaafc9 : shl ecx,8
0xbaaaafd0: int 128 // address: ecx value: 0x4347c000

The application exited with a segmentation fault

0: 0 // esp: 0

Execution control corruption via return (return to: 0xbaaaaff8).

Tracing data from eip: 0x8048e4c tracing source of memory: 0xbaaaaff8 (value: 0xbaaaafb1)

0x804956a : receive syscall (return)
0x804926b : mov bl,byte ptr [esi+ecx]
0x804926e : mov byte ptr [ebp-0x29],bl
0x8049271 : mov bl,byte ptr [ebp-0x29]
0x804927a : mov byte ptr [edx+ecx],bl
0x8048e4c: ret // address: 0xbaaaaff8 value: 0xbaaaafb1

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaafb1 tracing source of memory: 0xbaaaafb1 (value: 0xdb31c031)

0x804956a : receive syscall (return)
0x804926b : mov bl,byte ptr [esi+ecx]
0x804926e : mov byte ptr [ebp-0x29],bl
0x8049271 : mov bl,byte ptr [ebp-0x29]
0x804927a : mov byte ptr [edx+ecx],bl
0xbaaaafb1: xor eax,eax // address: 0xbaaaafb1 value: 0xdb31c031

Curated by Lunge Technology, LLC. Questions or comments? Send us email