- javascript runtime for windows , based on chakra
- author: TinySec( @TinySecEx )
- JSRT is friend for binary hacker , special for windows.
- this version is a public new version , feel free to open issue.
- always download the latest version.
https://github.com/tinysec/jsrt/wiki
| filename | host | arch | usage |
|---|---|---|---|
| js.exe | console | i386 | js.exe [options] [--eval script or script.js] [arguments] |
| js64.exe | console | amd64 | js64.exe [options] [--eval script or script.js] [arguments] |
| jsw.exe | window | i386 | jsw.exe [options] [--eval script or script.js] [arguments] |
| jsw64.exe | window | amd64 | jsw64.exe [options] [--eval script or script.js] [arguments] |
| jsida.plw | IDA | i386 | [options] [--eval script or script.js] [arguments] |
| jsida.p64 | IDA | amd64 | [options] [--eval script or script.js] [arguments] |
| jswd.dll | windbg | i386 | !js [options] [--eval script or script.js] [arguments] |
| jswd64.dll | windbg | amd64 | !js [options] [--eval script or script.js] [arguments] |
| jsk.sys | kernel | i386 | TODO , support kernel access |
| jsk64.sys | kernel | amd64 | TODO , support kernel access |
- real native multi-thread support
- 64-bit number
- Buffer
- host full memory access , and support both GC and manual memory manager.
- c-like printf and sprintf
- ffi , support some windows type , full windows api access
- serialize and unserialize
- re-entry support for windbg and ida mode
- portable from windows xp ~ windows 10 rs2
- small dist.
- anything you want for binary hack.
- firefox style ctypes
- c-style struct and union handle
- kernel support
- more documents.
Usage: js [options] [--eval script or script.js] [arguments] Options: --version show version --verbose verbose mode --help show help --eval eval mode Environment: JSRT_SYSTEM_MODULE_PATH system jsrt module search path JSRT_MODULE_PATH common jsrt module search path JSRT_IDA_MODULE_PATH jsrt-ida module search path JSRT_WINDBG_MODULE_PATH jsrt-windbg module search path more info is at https://github.com/tinysec/jsrt
enum windows
const ffi = require("ffi"); const printf = require("cprintf").printf; const sprintf = require("cprintf").sprintf; const KdPrint = require("cprintf").KdPrint; var hUser32 = ffi.loadLibrary( "user32.dll" ); var fnEnumWindows = ffi.bindModule( hUser32 , "BOOL WINAPI EnumWindows(_In_ void* lpEnumFunc,_In_ LPARAM lParam); " ); var fnGetClassNameA = ffi.bindModule( hUser32 , "int WINAPI GetClassNameA(_In_ HWND hWnd,_Out_ LPTSTR lpClassName,_In_ int nMaxCount);" ); // BOOL CALLBACK EnumWindowsProc(_In_ HWND hwnd,_In_ LPARAM lParam); function enumRoutine( hWnd , lParam ) { var lpClassNameA = Buffer.alloc( 250 ).fill( 0 ); var nRet = 0; nRet = fnGetClassNameA( hWnd , lpClassNameA , 250 ); printf("0x%p -> %s|\n" , hWnd , lpClassNameA.toString() ); lpClassNameA.free(); return true; } function main( ) { var lpEnumFunc = ffi.thunk( enumRoutine , "BOOL CALLBACK EnumWindowsProc(_In_ HWND hwnd,_In_ LPARAM lParam);" ); fnEnumWindows( lpEnumFunc , 0 ); lpEnumFunc.free(); return 0; } if ( !module.parent ) { main(); }
and you will got
0x0001014A -> ForegroundStaging| 0x00010176 -> ForegroundStaging| 0x000100FC -> tooltips_class32| 0x00010100 -> tooltips_class32| 0x002F0A7E -> Net UI Tool Window| 0x01840922 -> Net UI Tool Window| 0x02A50EF4 -> tooltips_class32| 0x016D0E1A -> UIRibbonStdCompMgr| 0x02A00DCC -> tooltips_class32| 0x010C0DA4 -> tooltips_class32| 0x00890D2E -> tooltips_class32| 0x0001041A -> Chrome_SystemMessageWindow| 0x00010414 -> Base_PowerMessageWindow| 0x00010180 -> IME| 0x00010148 -> IME| 0x0001011C -> IME| 0x02630B5A -> IME| 0x015A074C -> IME| ..........
JSRT project had two version ,
- the pre-version is self use , not-published , it was written between 2015-07 ~ 2016-09
- the current version is going to public release , support some compatible to other bindings.