summaryrefslogtreecommitdiff
path: root/src/stage4/main.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/stage4/main.js')
-rw-r--r--src/stage4/main.js16
1 files changed, 15 insertions, 1 deletions
diff --git a/src/stage4/main.js b/src/stage4/main.js
index 660db75..980525b 100644
--- a/src/stage4/main.js
+++ b/src/stage4/main.js
@@ -12,6 +12,7 @@ var AF_INET = 2;
var SOCK_DGRAM = 2;
var SOCK_DGRAM = 2;
var IPPROTO_UDP = 17;
+var UNSLID_BASE = 0x4000;
function prep_shit() {
string_ref = scall("JSStringCreateWithUTF8CString", "victim");
@@ -30,7 +31,20 @@ function csbypass_wrapper() {
}
function csbypass_stage4() {
- csbypass_wrapper();
+// csbypass_wrapper();
+
+ var np = new native_ptr(UNSLID_BASE + (get_our_slide() << 12));
+ var native_ptr_u16 = native_ptr_type(2, u8x2_to_u16, u16_to_u8x2);
+ var native_ptr_u32 = native_ptr_type(4, u8x4_to_u32, u32_to_u8x4);
+ var native_ptr_u16_2 = native_ptr_type(2, u8x2_to_u16, u16_to_u8x2);
+
+ var np1 = new native_ptr_u16(UNSLID_BASE + (get_our_slide() << 12));
+ var np2 = new native_ptr_u32(UNSLID_BASE + (get_our_slide() << 12));
+ var np3 = new native_ptr_u16_2(UNSLID_BASE + (get_our_slide() << 12));
+
+// p0laris_log("%s", Proxy.toString());
+ p0laris_log("%x %x %x %x", np1.deref(), np2.deref(), np3.deref());
+
return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 20:03:46 +0000