sigmaSd · March 27, 2022 09:44
diff --git a/denoFun.ts b/denoFun.ts
 const maps = () => Deno.readTextFileSync("/proc/self/maps").trim();
 const parseMaps = (maps: string) => {
  const data = [];
  for (const line of maps.split("\n")) {
    const [adddrRange, flags, , , , name] = line.split(/ +/);
    data.push({
      name: name !== "" ? name : undefined,
      startAddr: parseInt(adddrRange.split("-")[0], 16),
      endAddr: parseInt(adddrRange.split("-")[1], 16),
      flags: {
        r: flags.includes("r"),
        w: flags.includes("w"),
      },
    });
  }
  return data;
 };

 const data = parseMaps(maps());
 const mem = Deno.openSync(`/proc/self/mem`, { read: true, write: true });
 const heap = data.find((d) => d.name === "[heap]")!;

 const ankor = new TextEncoder().encode(
  "hello",
 );
 const buf = new Uint8Array(512);
 let count = 0;

 Deno.seekSync(mem.rid, heap.startAddr, Deno.SeekMode.Start);

 while (1) {
  const n = (await Deno.read(mem.rid, buf))!;
  count += n;
  const data = decode(buf.slice(0, n));
  if (
    data.includes(
      decode(ankor),
    )
  ) {
    const o = findSubArrayIndex(buf, ankor);
    if (!data.includes(decode(ankor) + '"')) { // "string is code section, if its not it we probably hit the right spot
      console.log(decode(ankor));
      Deno.seekSync(mem.rid, -n! + o, Deno.SeekMode.Current);
      await mem.write(encode("world"));
      console.log(decode(ankor));
      Deno.exit(0);
    }
  }
 }

 async function _printBuf() {
  const buf = new Uint8Array(512);
  await Deno.read(mem.rid, buf);
  console.log(new TextDecoder().decode(buf));
 }
 function encode(str: string) {
  return new TextEncoder().encode(str);
 }
 function decode(buf: Uint8Array) {
  return new TextDecoder().decode(buf);
 }
 function findSubArrayIndex(array: Uint8Array, subArray: Uint8Array) {
  for (let i = 0; i < array.length - subArray.length; i++) {
    if (
      array.slice(i, i + subArray.length).every((v, j) => v === subArray[j])
    ) {
      return i;
    }
  }
  return -1;
 }
	const maps = () => Deno.readTextFileSync("/proc/self/maps").trim();
	const parseMaps = (maps: string) => {
	const data = [];
	for (const line of maps.split("\n")) {
	const [adddrRange, flags, , , , name] = line.split(/ +/);
	data.push({
	name: name !== "" ? name : undefined,
	startAddr: parseInt(adddrRange.split("-")[0], 16),
	endAddr: parseInt(adddrRange.split("-")[1], 16),
	flags: {
	r: flags.includes("r"),
	w: flags.includes("w"),
	},
	});
	}
	return data;
	};

	const data = parseMaps(maps());
	const mem = Deno.openSync(`/proc/self/mem`, { read: true, write: true });
	const heap = data.find((d) => d.name === "[heap]")!;

	const ankor = new TextEncoder().encode(
	"hello",
	);
	const buf = new Uint8Array(512);
	let count = 0;

	Deno.seekSync(mem.rid, heap.startAddr, Deno.SeekMode.Start);

	while (1) {
	const n = (await Deno.read(mem.rid, buf))!;
	count += n;
	const data = decode(buf.slice(0, n));
	if (
	data.includes(
	decode(ankor),
	)
	) {
	const o = findSubArrayIndex(buf, ankor);
	if (!data.includes(decode(ankor) + '"')) { // "string is code section, if its not it we probably hit the right spot
	console.log(decode(ankor));
	Deno.seekSync(mem.rid, -n! + o, Deno.SeekMode.Current);
	await mem.write(encode("world"));
	console.log(decode(ankor));
	Deno.exit(0);
	}
	}
	}

	async function _printBuf() {
	const buf = new Uint8Array(512);
	await Deno.read(mem.rid, buf);
	console.log(new TextDecoder().decode(buf));
	}
	function encode(str: string) {
	return new TextEncoder().encode(str);
	}
	function decode(buf: Uint8Array) {
	return new TextDecoder().decode(buf);
	}
	function findSubArrayIndex(array: Uint8Array, subArray: Uint8Array) {
	for (let i = 0; i < array.length - subArray.length; i++) {
	if (
	array.slice(i, i + subArray.length).every((v, j) => v === subArray[j])
	) {
	return i;
	}
	}
	return -1;
	}