CodeJitsu targetted Disekt running YAN01_00016 in round 95.

Type 1 POV

eip:0x9e82088f - eax:0xd2392b67

Execution control corruption via return (return to: 0xbaaaaff8).

Tracing data from eip: 0x8048e4c tracing source of memory: 0xbaaaaff8 (value: 0xbaaaafb0)

0x804956a : receive syscall (return)
0x804926b : mov bl,byte ptr [esi+ecx]
0x804926e : mov byte ptr [ebp-0x29],bl
0x8049271 : mov bl,byte ptr [ebp-0x29]
0x804927a : mov byte ptr [edx+ecx],bl
0x8048e4c: ret // address: 0xbaaaaff8 value: 0xbaaaafb0

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaafb0 tracing source of memory: 0xbaaaafb0 (value: 0x392b67b8)

0x804956a : receive syscall (return)
0x804926b : mov bl,byte ptr [esi+ecx]
0x804926e : mov byte ptr [ebp-0x29],bl
0x8049271 : mov bl,byte ptr [ebp-0x29]
0x804927a : mov byte ptr [edx+ecx],bl
0xbaaaafb0: mov eax,0xd2392b67 // address: 0xbaaaafb0 value: 0x392b67b8

Negotiated general register: eax:0xd2392b67

Tracing data from eip: 0xbaaaafba tracing source of register: eax (value: 0xd2392b67)

0xbaaaafb0 : mov eax,0xd2392b67
0xbaaaafba: jmp ebx // address: eax value: 0xd2392b67

Curated by Lunge Technology, LLC. Questions or comments? Send us email