-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathconfigdoc.xml
42 lines (29 loc) · 4.86 KB
/
configdoc.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?xml version="1.0" encoding="UTF-8"?>
<config>
<!-- Optional message to display after parsing this config. If 'prompt="1"' is used, the app will display the following: "Press A to continue, B to abort." Abort here means immediately exit to main() without running any haxx at all. -->
<message prompt="1">Test message.</message>
<!-- Each targeturl is setup in the linked-list in memory in the same order as config, hence the CreateContext hook uses that same order. If you specify a targeturl with a name that was already used, you can use that to override config for that previously configured targeturl(regardless of where the targeturl originally came from). The only config that can't be overriden this way is requestoverride. -->
<!-- If you use the 'disabled' attribute with targeturl, for example '<targeturl disabled="1">', the specified targeturl config will be completely removed from configuration in memory. This can be used for disabling targeturls which were previously configured(like server config), or even disable a new targeturl without commenting it out. -->
<targeturl>
<!-- To have a targeturl config only be loaded when a certain title-version of a title is detected, you can use the following: <targeturl required_title="{titleid},{mediatype},v{titlever}"> -->
<!-- If you use the 'reset="1"' attribute with <caps>, <url>, and/or <new_url>, the data for that config in memory will be cleared to zero, as if the config for those fields were never set. This is mainly intended when for when overriding targeturls. -->
<name>mytargetname</name> <!-- Optional name, however targeturl overriding can only be done if the name is set. Only used during config parsing(still stored under sysmodule memory however). The name value "bosshaxx" should not be specified here by user_config since it's used by ctr-httpwn itself. -->
<caps>AddRequestHeader AddPostDataAscii SendPOSTDataRawTimeout</caps> <!-- Optional capabilities bitmask. strstr() is used for each of these. See also source/config.h. Each type of requestoverride is only usable when it's enabled with these caps. -->
<url>targeturl</url> <!-- URL to target. If not set, this targeturl entry will trigger on *all* URLs handled by the CreateContext hook, if no targeturl triggers before this. The input CreateContext URL is compared with this, without the nul-terminator from the former. Hence, this targeturl will trigger on all URLs that start with this url(used with the server config for NNID). -->
<new_url>overwriteurl</new_url> <!-- Optional URL which replaces the URL passed to CreateContext. This shouldn't be longer than the original input URL for CreateContext, otherwise in some cases HTTP-sysmodule might crash due to trying to access unmapped memory. -->
<maxrun_set>1</maxrun_set> <!-- Optional, enables using maxrun. -->
<maxrun>1</maxrun> <!-- Optional, counter which is decreased by 1 each time this targeturl triggers. Once zero this targeturl will not be used anymore. Hence, this is the maximum number of times this targeturl can be used. The value here should be non-zero since otherwise this targeturl will never trigger. -->
<!-- The requestoverride(s) enabled by caps start here, if any. These are processed by the ROP in the same order used by the config here. -->
<requestoverride type="VAL"> <!-- Valid values for VAL are(without quotes): "reqheader"(AddRequestHeader) and "postform"(AddPostDataAscii). -->
<id>decimalid</id> <!-- Optional decimal ID for this requestoverride. -->
<required_id>decimalid</required_id> <!-- When used, the last written ID to this targeturl state via setid_onmatch must match this required_id, in order for this requestoverride to trigger. -->
<setid_onmatch>1</setid_onmatch> <!-- When used, copy this requestoverride ID(from <id>) into this targeturl state, when this requestoverride was completely triggered successfully. -->
<name>requestname</name> <!-- Required, the entire input request name string must match this. -->
<value>requestvalue</value> <!-- Optional, when used the entire input request value string must match this. -->
<new_value>requestnewvalue</new_value> <!-- Optional, when used the specified string is basically used for the input request value string for the command, via a memcpy. Normally you shouldn't use value-strings longer than the original since the sysmodule might crash in some cases, however ctr-httpwn won't block that. If you use the 'format' attribute with this, for example '<new_value format="hex">', the tag content can be hex instead of a string. -->
<new_descriptorword_value>0xhexval</new_descriptorword_value><!-- Optional, when set to non-zero this overwrites the cmdreply value-buffer descriptor with the specified value. Can only be used with requestoverride type reqheader. -->
</requestoverride>
<!-- Even more requestoverride(s) go here if needed. -->
</targeturl>
<!-- Even more targeturls go here if needed. -->
</config>