Initial commit

.gitignore

@@ -0,0 +1,101 @@
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Typescript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags

README.md

@@ -0,0 +1,80 @@
+# pwn.js
+
+## Basic Usage
+
+Pre-built version of the library is located at /dist/pwn.js. API documentation is available in /docs, and examples of complete exploits are in /examples.
+
+If you want to implement a new Chakra exploit, you can use this basic template:
+
+```js
+var Exploit = (function() {
+    var ChakraExploit = pwnjs.ChakraExploit,
+        Integer = pwnjs.Integer;
+
+    function Exploit() {
+        ChakraExploit.call(this);
+        // TODO: implement your exploit
+        // TODO: leak any Chakra.dll address (e.g. a vtable)
+        this.initChakra(vtable);
+    }
+    Exploit.prototype = Object.create(ChakraExploit.prototype);
+    Exploit.prototype.constructor = Exploit;
+    Exploit.prototype.read = function (address, size) {
+        switch (size) {
+            case 8:
+            case 16:
+            case 32:
+            case 64:
+                // TODO: implement memory read of address
+        }
+    }
+    Exploit.prototype.write = function (address, value, size) {
+        switch (size) {
+            case 8:
+            case 16:
+            case 32:
+            case 64:
+                // TODO: implement memory write of value to address
+        }
+    }
+    return Exploit;
+})();
+```
+
+Using an exploit in a payload is easier if you use the deprecated _with_ statement:
+
+```js
+with (new Exploit()) {
+    var malloc = importFunction('msvcrt.dll', 'malloc', Uint8Ptr);
+    // ...
+}
+```
+
+You can also define an Exploit object (non-deprecated, but more verbose):
+
+```js
+var e = new Exploit();
+var malloc = e.importFunction('msvcrt.dll', 'malloc', Uint8Ptr);
+// ...
+```
+
+## Build Instructions
+
+You can rebuild the library using webpack:
+
+```
+$ npm install
+$ npm run build
+```
+
+You can rebuild the documentation using jsdoc:
+
+```
+$ npm run jsdoc
+```
+
+Also, you can run a small HTTP server to host the documentation and examples:
+
+```
+$ npm start
+```