Let's try to open our malicious file. We should be somewhere here:
Version I tried you can find here:
Results from debugger:
---<windbg>---
eax=003a75f0 ebx=015ca2b0 ecx=7ffdf000 edx=00000000 esi=015ca2b0 edi=ffffffff
eip=015ca2cd esp=001bf158 ebp=001bf168 iopl=0 nv up ei ng nz na po nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010282
CANopen_Builder+0x2ea2cd:
015ca2cd e42d in al,2Dh
---<windbg>---
---<windbg>---
eax=6b119e5c ebx=014aa2b0 ecx=00000003 edx=00000000 esi=014aa2b0 edi=ffffffff
eip=76e14425 esp=00000000 ebp=001ff288 iopl=0 nv up ei pl zr na pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
SHELL32!ShellExecuteExW+0x2899:
76e14425 0000 add byte ptr [eax],al ds:0023:6b119e5c=78
---<windbg>---
---<windbg>---
eax=0012f408 ebx=0064a2b0 ecx=00000003 edx=00000000 esi=0064a2b0 edi=ffffffff
eip=00609a3f esp=76e73fff ebp=6b119e5c iopl=0 nv up ei pl nz ac pe nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216
CANopen_Builder+0x2a9a3f:
00609a3f 00a03e4b00e0 add byte ptr [eax-1FFFB4C2h],ah ds:0023:e0133f46=??
---<windbg>---
There are few more bugs found during this fuzzing so if you want them too - feel free to drop me an email/comment or ping me at twitter. I'm waiting...
Balthazar / Constantine |
See you next time.
Brak komentarzy:
Prześlij komentarz