Well a writer that writes a file to HDD
@esc0rtd3w i thought about something in defaults.js there is db_rebuild_bytes=0x000003E9
(which are added in base_fp(hex2bin(write_bytes))
Those are the bytes being written but if i want to write a whole folder what do i write instead of bytes because you know you cant get bytes from folder you get it only from file or do we just point to the address of the folder without specifying the bytes being written but if so what do we add at base_fp .
You cannot use a file write function to write a full folder! Additionally don't confuse loading a file in memory to edit its contents then saving it (ie patching) with simply copying/replacing a file, as that may or may not require loading it into memory at all, it all depends on how you do things, and loading a file in memory to copy it means making 2 file open operations & 2 file close, not just one...
Check the s#ny sdk & psdevwiki for the file operations syscalls or use standard C library exports to see what is available to you for the file operations you need.
Then for each operation you usually need to use a couple of gadgets to setup the function/syscall parameters then a third gadget to call the syscall or the vsh export.
Each operation will be 3 gadgets long.
So obviously if you need to create a folder then that's 3 gadgets for starters, each copy operation is up to 18 gadgets depending on how you handle it (the standard long way loading each file into memory then saving it elsewhere would be 6 operations: open/read/close then open/write/close), 3 gadgets for deletes etc..
That's also why ROP is not really suited to this kind of things although it's quite easy to do as all necessary gadgets are already available in this tutorial ... Keep in mind that generally speaking, the most difficult part of ROPing (and especially so on ppc) is to find the gadgets you require to achieve your objectives, the stack frame implementation is actually the easier part...
Usually we search for individual gadget & we assemble them in a linear way as a chain, without actual testing, to do that, you must understand the basics of ppc language, there is no way around it... Although all the hardest work has been done for you here & you can reuse the gadgets as well as their corresponding stack frame portions, understanding the most common ppc instructions is still a requirement to complete the job you have in mind. That and using a debugger in DEX to test/debug/validate....
FYI,
IF programming comes quite naturally to you, learning ppc basics may still seem impossible but it's not, if you spent say a couple of weeks reading about + debugging ppc 2 hours every day, you would likely learn enough to get started. So it's all a matter of time & perspective...
Note that it's possible to actually "copy" or rather "move" a file or a complete folder by using the trick of renaming that file/folder...
http://www.psdevwiki.com/ps3/LV2_Functions_and_Syscalls
http://www.psdevwiki.com/ps3/VSH_Exports
