Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

1. ico file format

(df0.1188): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=000211c0 ecx=1c921000 edx=0275a400 esi=0266dd10 edi=0000ee50
eip=008e3ffe esp=0012f7bc ebp=0012fc8c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Editor.exe -
Editor!TMethodImplementationIntercept+0x4189c6:
008e3ffe 668901 mov word ptr [ecx],ax ds:0023:1c921000=????
0:000> !exploitable -v

!exploitable 1.6.0.0
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\kernel32.dll -
Exception Faulting Address: 0x1c921000
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Write Access Violation

Faulting Instruction:008e3ffe mov word ptr [ecx],ax

Exception Hash (Major/Minor): 0x439ec9fa.0xd3da6413

Hash Usage : Stack Trace:
Major+Minor : Editor!TMethodImplementationIntercept+0x4189c6
Major+Minor : Editor!TMethodImplementationIntercept+0x55548d
Major+Minor : Editor!TMethodImplementationIntercept+0x5555bc
Major+Minor : Editor!TMethodImplementationIntercept+0x5510a5
Major+Minor : Editor!TMethodImplementationIntercept+0x5514a3
Minor : Editor!TMethodImplementationIntercept+0x74eeb9
Minor : Editor!TMethodImplementationIntercept+0x7455cb
Minor : Editor!TMethodImplementationIntercept+0x30a223
Minor : Editor!TMethodImplementationIntercept+0x3094f8
Minor : Editor!TMethodImplementationIntercept+0x77b249
Minor : kernel32!BaseThreadInitThunk+0x12
Minor : ntdll!__RtlUserThreadStart+0x70
Minor : ntdll!_RtlUserThreadStart+0x1b
Instruction Address: 0x00000000008e3ffe

Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x00000000004189c6 (Hash=0x439ec9fa.0xd3da6413)