The-Homebrew-Cloud/JsTypeHax
2
0
Fork 0
mirror of https://github.com/wiiu-env/JsTypeHax.git synced 2024-06-28 18:56:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

32K stack size seems good !

Browse Source
This commit is contained in:
WiiUTest 2018-05-22 17:05:08 +02:00 committed by GitHub
parent aede24f975
commit 28851926b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
payload/exploit_WORKING.html
View File

@ -217,7 +217,7 @@ function UaF(a)
//prepare payload argument
payload_srcaddr = payloadAdress;
ROPHEAP = payload_srcaddr + 0x800000;
ROPHEAP = payload_srcaddr + _32K;
ropgen_pop_r24_to_r31(ROP_OSFatal, ROP_Exit, ROP_OSDynLoad_Acquire, ROP_OSDynLoad_FindExport, ROP_os_snprintf, payload_srcaddr, 8, ROPHEAP);//Setup r24..r31 at the time of payload entry. Basically a "paramblk" in the form of registers, since this is the only available way to do this with the ROP-gadgets currently used by this codebase.
//Jump on the payload