From 7204eca4a28c681b5ec4801a236f521c69d0e70b Mon Sep 17 00:00:00 2001
From: spv420 <spv@spv.sh>
Date: Sun, 31 Jul 2022 22:29:54 -0400
Subject: fuck

---
 src/stage4/lib/native_ptr.js | 65 ++++++++++++++++++++++++++++++++++++++++++++
 src/stage4/main.js           | 16 ++++++++++-
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 src/stage4/lib/native_ptr.js

(limited to 'src')

diff --git a/src/stage4/lib/native_ptr.js b/src/stage4/lib/native_ptr.js
new file mode 100644
index 0000000..4dcbfeb
--- /dev/null
+++ b/src/stage4/lib/native_ptr.js
@@ -0,0 +1,65 @@
+class native_ptr {
+//	constructor(addy, size = 4, buf_to_obj = u8x4_to_u32) {
+	constructor() {
+		this.addy = arguments[0];
+		var our_proto = Object.getPrototypeOf(this);
+
+		p0laris_log(JSON.stringify(Object.getPrototypeOf(this)));
+
+		if (our_proto.predef == true) {
+			p0laris_log("lol");
+			this.size = our_proto.size;
+			this.buf_to_obj = our_proto.buf_to_obj;
+			this.obj_to_buf = our_proto.obj_to_buf;
+			return;
+		}
+
+		this.size = arguments[1];
+		this.buf_to_obj = arguments[2];
+		this.obj_to_buf = arguments[3];
+
+		if (this.size === undefined) {
+			this.size = 4;
+		}
+
+		if (this.buf_to_obj === undefined) {
+			this.buf_to_obj = u8x4_to_u32;
+		}
+		if (this.obj_to_buf === undefined) {
+			this.obj_to_buf = u32_to_u8x4;
+		}
+	}
+
+	deref() {
+		var n = arguments[0];
+		if (n === undefined) {
+			n = 0;
+		}
+
+		return this.buf_to_obj(read_buf(this.addy + (n * this.size), this.size));
+	}
+
+	write() {
+		var v = arguments[0];
+
+		var n = arguments[1];
+		if (n === undefined) {
+			n = 0;
+		}
+
+		write_buf(this.addy + (n * this.size), this.obj_to_buf(v), this.size);
+	}
+}
+
+function native_ptr_type(size, buf_to_obj, obj_to_buf) {
+	class ret extends native_ptr {
+		
+	}
+
+	ret.prototype.predef = true;
+	ret.prototype.size = size;
+	ret.prototype.buf_to_obj = buf_to_obj;
+	ret.prototype.obj_to_buf = obj_to_buf;
+
+	return ret;
+}
\ No newline at end of file
diff --git a/src/stage4/main.js b/src/stage4/main.js
index 660db75..980525b 100644
--- a/src/stage4/main.js
+++ b/src/stage4/main.js
@@ -12,6 +12,7 @@ var AF_INET = 2;
 var SOCK_DGRAM = 2;
 var SOCK_DGRAM = 2;
 var IPPROTO_UDP = 17;
+var UNSLID_BASE = 0x4000;
 
 function prep_shit() {
 	string_ref = scall("JSStringCreateWithUTF8CString", "victim");
@@ -30,7 +31,20 @@ function csbypass_wrapper() {
 }
 
 function csbypass_stage4() {
-	csbypass_wrapper();
+//	csbypass_wrapper();
+
+	var np = new native_ptr(UNSLID_BASE + (get_our_slide() << 12));
+	var native_ptr_u16 = native_ptr_type(2, u8x2_to_u16, u16_to_u8x2);
+	var native_ptr_u32 = native_ptr_type(4, u8x4_to_u32, u32_to_u8x4);
+	var native_ptr_u16_2 = native_ptr_type(2, u8x2_to_u16, u16_to_u8x2);
+
+	var np1 = new native_ptr_u16(UNSLID_BASE + (get_our_slide() << 12));
+	var np2 = new native_ptr_u32(UNSLID_BASE + (get_our_slide() << 12));
+	var np3 = new native_ptr_u16_2(UNSLID_BASE + (get_our_slide() << 12));
+
+//	p0laris_log("%s", Proxy.toString());
+	p0laris_log("%x %x %x %x", np1.deref(), np2.deref(), np3.deref());
+
 	return 0;
 }
 
-- 
cgit v1.2.3