Merge pull request #16 from john-tornblom/main

Cryptogenic · web-flow · commit c811fe722498 · 2022-12-16T20:24:12.000-05:00
fix typo in .data segment copying logic
diff --git a/document/en/ps5/exploit.js b/document/en/ps5/exploit.js
@@ -1399,9 +1399,9 @@ async function userland() {
 
                     // Copy in segment data
                     let dest = p.read8(conn_ret_store);
-                    for (let i = 0; i < program_memsz; i += 0x8) {
-                        let src_qword = p.read8(elf_store.add32(program_offset + i));
-                        p.write8(dest.add32(i), src_qword);
+                    for (let j = 0; j < program_memsz; j += 0x8) {
+                        let src_qword = p.read8(elf_store.add32(program_offset + j));
+                        p.write8(dest.add32(j), src_qword);
                     }
 
                     // Map executable segment
@@ -1417,9 +1417,9 @@ async function userland() {
 
                     // Copy in segment data
                     let dest = mapping_addr.add32(program_vaddr);
-                    for (let i = 0; i < program_memsz; i += 0x8) {
-                        let src_qword = p.read8(elf_store.add32(program_offset + i));
-                        p.write8(dest, src_qword);
+                    for (let j = 0; j < program_memsz; j += 0x8) {
+                        let src_qword = p.read8(elf_store.add32(program_offset + j));
+                        p.write8(dest.add32(j), src_qword);
                     }
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -1399,9 +1399,9 @@ async function userland() {`
`1399`	`1399`
`1400`	`1400`	`// Copy in segment data`
`1401`	`1401`	`let dest = p.read8(conn_ret_store);`
`1402`		`- for (let i = 0; i < program_memsz; i += 0x8) {`
`1403`		`- let src_qword = p.read8(elf_store.add32(program_offset + i));`
`1404`		`- p.write8(dest.add32(i), src_qword);`
	`1402`	`+ for (let j = 0; j < program_memsz; j += 0x8) {`
	`1403`	`+ let src_qword = p.read8(elf_store.add32(program_offset + j));`
	`1404`	`+ p.write8(dest.add32(j), src_qword);`
`1405`	`1405`	`}`
`1406`	`1406`
`1407`	`1407`	`// Map executable segment`
`@@ -1417,9 +1417,9 @@ async function userland() {`
`1417`	`1417`
`1418`	`1418`	`// Copy in segment data`
`1419`	`1419`	`let dest = mapping_addr.add32(program_vaddr);`
`1420`		`- for (let i = 0; i < program_memsz; i += 0x8) {`
`1421`		`- let src_qword = p.read8(elf_store.add32(program_offset + i));`
`1422`		`- p.write8(dest, src_qword);`
	`1420`	`+ for (let j = 0; j < program_memsz; j += 0x8) {`
	`1421`	`+ let src_qword = p.read8(elf_store.add32(program_offset + j));`
	`1422`	`+ p.write8(dest.add32(j), src_qword);`
`1423`	`1423`	`}`
`1424`	`1424`	`}`
`1425`	`1425`	`}`