Seems to me that if you were getting the Dr. Watson indicating the pointer issues you probably adjusted the overflow. Now, it seems, your adjustment is almost working insofar as the system isn't recognizing there is an issue but you aren't quite close enough to leave a functional netcat running. Are you running any memory mapping software on the exploitable machine so you can watch the effect?