Показать сообщение отдельно
Старый 11.12.2013, 18:44   #8
profexer
 
Регистрация: 06.01.2011
Сообщений: 117
Репутация: 63
По умолчанию

С разрешения nobody, выкладываю исходники из той самой темы (там уже закрыто).

Код:
/**
 * Make FF Sexy patch v2 (i hope)
 * tested on
 *  FF >=9.0     arch-x86_64, debian-x86_64, mint-x86_64
 *  10.0	 	 Windows XP 32 bit $compiled by Tiny C Compiler
 *  
 * Thanks to SynQ, Andrey1800, tipsy
 * https://rdot.org/forum/showthread.php?t=1403
 * 
 * nobody cares (c)
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>


unsigned char sequence[] = "\xff\x03\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00";
//unsigned char psequence[] = "\xff\x03\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\xff\x03\x00\x00";
int sequence_len = 16;
unsigned char UNESCAPE[] = "\xff\x03";

unsigned long findOffsetByFilename(char* fname) {

    unsigned int buf, match = 0;
    unsigned long offset = 0;

    FILE *fp = fopen(fname, "rb");
    if( fp ) {
        while( (buf = fgetc(fp)) != EOF ) {

            if( buf == sequence[match] ) {
                ++match;
            } else {
                match = 0;
            }

            if( sequence_len == match ) {
                offset = ftell(fp) - 2*sequence_len;	//nsEscape.cpp: start at 2x of EscapeChars[]
            }
        }
        fclose(fp);
    }
    if( offset == 0 )
        ; /* Shity thing, signature changed if libxul already patched for singlequote            */
          /* We can use  psequence  here but it will make much more crap that we already have =( */
    return offset;
}

void help(char* me) {
	printf("Make FF Sexy!\n\n\
USAGE: %s [version] /path/to/libxul.so\n\
Versions:\n\
1 - patch for single quote (')\n\
2 - patch for double-quote (\")\n\
3 - patch for backquote (`)\n\
4 - 1+2 versions\n\
5 - 1+3 versions\n\
6 - 2+3 versions\n\
7 - 1+2+3 versions\n\
Example: %s 7 /usr/lib/xulrunner-2.0/libxul.so\n\
", me, me);
	exit(0);
}

void patch_sequence(FILE* dst, unsigned long goffset, unsigned short v) {

    if( fseek(dst, goffset, SEEK_SET) )
        perror("fseek");

    long int qlo = 0;
    if( v == 1 ) {		//single quote
        qlo = 8 + 16 + 4;
    }
    else if (v == 2) {          //double quote
        qlo = 8;
    }
    else if (v == 3) {          //backquote
        qlo = 16 * 16;
    }
    else if (v == 4) {          //single+double
        patch_sequence(dst, goffset, 1);
        patch_sequence(dst, goffset, 2);
    }
    else if (v == 5) {          //single+back
        patch_sequence(dst, goffset, 1);
        patch_sequence(dst, goffset, 3);
    }
    else if (v == 6) {          //double+back
        patch_sequence(dst, goffset, 2);
        patch_sequence(dst, goffset, 3);
    }
    else if (v == 7) {          //real sexy
        patch_sequence(dst, goffset, 1);
        patch_sequence(dst, goffset, 2);
        patch_sequence(dst, goffset, 3);
    }


    if( fseek(dst, qlo, SEEK_CUR) ) {
        perror("fseek");
    }
    if( (fwrite(UNESCAPE, strlen( (char*)UNESCAPE ), 1, dst)) != 1 ) {
        perror("fwrite");
    }
}

int main(int argc, char** argv) {

    int v = 0;
    char *srcFilename;

    if( argc != 3 ) {
        help(argv[0]);
    }
    else {
        v = atoi(argv[1]);
        if( v < 1 || v > 7 )
            help(argv[0]);

        srcFilename = argv[2];
    }
    struct stat __srcFilename;
    stat(srcFilename, &__srcFilename);
    if( !(S_ISREG(__srcFilename.st_mode)) ) {
        printf("%s: No such file (maybe wrong path, or it's a symbolic link)\n", srcFilename);
        return errno;
    }
    if( access(srcFilename, R_OK) != 0 || access(srcFilename, W_OK) != 0 ) {
        printf("You must have permissions to read and write %s\n", srcFilename);
        return -1;
    }


    unsigned long offset = findOffsetByFilename(srcFilename);
    if( offset == 0 ) {
        printf("Please use original (not patched) libxul!\n");
        return -1;
    }

    FILE *fp = fopen(srcFilename, "rb+");
    if( fp ) {
        patch_sequence(fp, offset, v);
        fclose(fp);
    }
    printf("[+] Patched!\n");

    return 0;
}
// # nc -lp 80
// http://localhost/?single_quote=123'&double_quote=-5"&back_quote=`select`
profexer вне форума   Ответить с цитированием