You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Thanks for opening source such excellent exploit framework.
I found that the gadget pattern need change in the latest chakra.dll(2018/11/05).
The entrySlice pattern in the code is 0x8B, 0xF8, 0x41, 0x83, -1, 0x02, which matches code in Js::JavascriptString::EntryLocaleCompare instead of Js::JavascriptString::EntrySlice now.
// Js::JavascriptString::EntryLocaleCompare
.text:0000000180075ACA E8 CD 6F 1E 00 call ?GetEngineExtension@EngineInterfaceObject@Js@@QEBAPEAVEngineExtensionObjectBase@2@W4EngineInterfaceExtensionKind@2@@Z ; Js::EngineInterfaceObject::GetEngineExtension(Js::EngineInterfaceExtensionKind)
.text:0000000180075ACF 48 8B F8 mov rdi, rax
.text:0000000180075AD2 41 83 FC 02 cmp r12d, 2
Hi,
Thanks for opening source such excellent exploit framework.
I found that the gadget pattern need change in the latest chakra.dll(2018/11/05).
The entrySlice pattern in the code is
0x8B, 0xF8, 0x41, 0x83, -1, 0x02, which matches code inJs::JavascriptString::EntryLocaleCompareinstead ofJs::JavascriptString::EntrySlicenow.We may need more compatible pattern or searching approach for new version Edge.
The text was updated successfully, but these errors were encountered: