Skip to content

Instantly share code, notes, and snippets.

@brad-jones

brad-jones/libc.js

Forked from hinzundcode/libc.js
Created August 18, 2021 08:23
Show Gist options
  • Save brad-jones/2489e4d204f93b8e690e081b396d08eb to your computer and use it in GitHub Desktop.
Save brad-jones/2489e4d204f93b8e690e081b396d08eb to your computer and use it in GitHub Desktop.
Download ZIP
call execve from nodejs!
Raw
libc.js
const { syscall, getAddress } = require("libsys");
const os = require("os");
if (os.endianess() != "LE")
throw "only little endian supported";
let dontGC = [];
function ref(buffer) {
dontGC.push(buffer);
return getAddress(buffer);
}
const pointerSize = 8;
const SYS_execve = 59;
const SYS_dup2 = 33;
// Buffer.from(string) doesn't append a null byte
function stringToBuffer(string) {
let buffer = Buffer.alloc(Buffer.byteLength(string)+1, 0);
buffer.write(string);
return buffer;
}
function stringArrayToBuffer(strings) {
let buffer = Buffer.alloc((strings.length+1)*pointerSize, 0);
let offset = 0;
for (let string of strings) {
let stringBuffer = stringToBuffer(string);
let pos = ref(stringBuffer);
buffer.writeInt32LE(pos[0], offset);
buffer.writeInt32LE(pos[1], offset+4);
offset += 8;
}
return buffer;
}
function dup2(oldfd, newfd) {
return syscall(SYS_dup2, oldfd, newfd);
}
function execve(cmd, argv, envp) {
let cmdBuf = stringToBuffer(cmd);
let argvBuf = stringArrayToBuffer(argv);
let envpBuf = stringArrayToBuffer(envp);
return syscall(SYS_execve, cmdBuf, argvBuf, envpBuf);
}
let cmd = "/bin/ls";
let argv = ["/bin/ls", "-la"];
let envp = [
"HOME=/",
"PATH=/bin",
];
dup2(process.stdin._handle.fd, 0);
dup2(process.stdout._handle.fd, 1);
dup2(process.stderr._handle.fd, 2);
execve(cmd, argv, envp);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment