Skip to content

Instantly share code, notes, and snippets.

@n30m1nd
Created December 31, 2019 02:06
Show Gist options
  • Save n30m1nd/d75862bddc496616d95d95153aebb21f to your computer and use it in GitHub Desktop.
Save n30m1nd/d75862bddc496616d95d95153aebb21f to your computer and use it in GitHub Desktop.
REM =========================================================================
REM | THIS SCRIPT IS TOTALLY UNSAFE TO USE IF YOU'RE PLANNING TO COMPILE V8!! |
REM =========================================================================
REM Script to build a vulnerable v8 version on Windows (produces d8.exe)
REM This script is a variation from: http://www.lfdm.net/development/5-how-to-compile-v8-on-windows.html
REM https://bugs.chromium.org/p/project-zero/issues/detail?id=1710
REM It is important to compile a release build (debug=false) and to
REM disable v8_untrusted_code_mitigations to prevent unwanted boundary checks :)
REM https://twitter.com/NeomindMusic/status/1210536157815148544
REM https://v8.dev/docs/untrusted-code-mitigations
REM You'll need VS2017 and depot tools amongst others. This is not a magic .BAT!
set "VSCMD_START_DIR=%CD%"
call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat"
set PATH=%DEPO_TOOLS%;%PATH%
set DEPOT_TOOLS_WIN_TOOLCHAIN=0
set GYP_MSVS_VERSION=2017
call fetch v8
cd v8
git checkout 9680338c622d4693f984b49fb24d101acd2d8112
REM The next commands should be executed on a different file (build_pt2.bat), as the git checkout "borks" the execution
cd v8
call gclient sync
call gn gen out.gn/library --args="is_debug=false is_component_build=true v8_enable_i18n_support=false v8_untrusted_code_mitigations=false"
call ninja -C out.gn/library d8.exe
dir /b /s d8.exe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment