Browse Source

32K stack size seems good !

master
WiiUTest 3 years ago
committed by GitHub
parent
commit
28851926b8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      payload/exploit_WORKING.html

+ 1
- 1
payload/exploit_WORKING.html View File

@ -217,7 +217,7 @@ function UaF(a)
//prepare payload argument
payload_srcaddr = payloadAdress;
ROPHEAP = payload_srcaddr + 0x800000;
ROPHEAP = payload_srcaddr + _32K;
ropgen_pop_r24_to_r31(ROP_OSFatal, ROP_Exit, ROP_OSDynLoad_Acquire, ROP_OSDynLoad_FindExport, ROP_os_snprintf, payload_srcaddr, 8, ROPHEAP);//Setup r24..r31 at the time of payload entry. Basically a "paramblk" in the form of registers, since this is the only available way to do this with the ROP-gadgets currently used by this codebase.
//Jump on the payload


Loading…
Cancel
Save