diff options
author | Sam Bingner <sam@bingner.com> | 2018-12-21 14:57:51 -1000 |
---|---|---|
committer | Sam Bingner <sam@bingner.com> | 2018-12-21 14:57:51 -1000 |
commit | ae8077efe69311b8eee2846affebd6194b7b29c4 (patch) | |
tree | 15f39189fd0031e93f32e96e510604d6b92fb5ec /kern_funcs.c | |
parent | ee8a0cfb5148f3376fbfe7103354811c6b69c64f (diff) |
Use AMFI to check AMFI dynamic cache and clean up kern_funcs
Diffstat (limited to 'kern_funcs.c')
-rw-r--r-- | kern_funcs.c | 72 |
1 files changed, 16 insertions, 56 deletions
diff --git a/kern_funcs.c b/kern_funcs.c index 09e1e4f..cd43438 100644 --- a/kern_funcs.c +++ b/kern_funcs.c @@ -21,75 +21,30 @@ #include "CSCommon.h" extern mach_port_t tfp0; +size_t kread(uint64_t where, void *p, size_t size); +size_t kwrite(uint64_t where, const void *p, size_t size); void wk32(uint64_t kaddr, uint32_t val) { - if (tfp0 == MACH_PORT_NULL) { - printf("attempt to write to kernel memory before any kernel memory write primitives available\n"); - sleep(3); - return; - } - - kern_return_t err; - err = mach_vm_write(tfp0, - (mach_vm_address_t)kaddr, - (vm_offset_t)&val, - (mach_msg_type_number_t)sizeof(uint32_t)); - - if (err != KERN_SUCCESS) { - printf("tfp0 write failed: %s %x\n", mach_error_string(err), err); - return; - } + kwrite(kaddr, &val, sizeof(uint32_t)); } void wk64(uint64_t kaddr, uint64_t val) { - uint32_t lower = (uint32_t)(val & 0xffffffff); - uint32_t higher = (uint32_t)(val >> 32); - wk32(kaddr, lower); - wk32(kaddr+4, higher); + kwrite(kaddr, &val, sizeof(uint64_t)); } uint32_t rk32(uint64_t kaddr) { - kern_return_t err; uint32_t val = 0; - mach_vm_size_t outsize = 0; - err = mach_vm_read_overwrite(tfp0, - (mach_vm_address_t)kaddr, - (mach_vm_size_t)sizeof(uint32_t), - (mach_vm_address_t)&val, - &outsize); - if (err != KERN_SUCCESS){ - printf("tfp0 read failed %s addr: 0x%llx err:%x port:%x\n", mach_error_string(err), kaddr, err, tfp0); - sleep(3); - return 0; - } - - if (outsize != sizeof(uint32_t)){ - printf("tfp0 read was short (expected %lx, got %llx\n", sizeof(uint32_t), outsize); - sleep(3); + + if (kread(kaddr, &val, sizeof(val)) != sizeof(val)) { return 0; } return val; } uint64_t rk64(uint64_t kaddr) { - kern_return_t err; uint64_t val = 0; - mach_vm_size_t outsize = 0; - err = mach_vm_read_overwrite(tfp0, - (mach_vm_address_t)kaddr, - (mach_vm_size_t)sizeof(uint64_t), - (mach_vm_address_t)&val, - &outsize); - - if (err != KERN_SUCCESS){ - printf("tfp0 read failed %s addr: 0x%llx err:%x port:%x\n", mach_error_string(err), kaddr, err, tfp0); - sleep(3); - return 0; - } - if (outsize != sizeof(uint64_t)){ - printf("tfp0 read was short (expected %lx, got %llx\n", sizeof(uint64_t), outsize); - sleep(3); + if (kread(kaddr, &val, sizeof(val)) != sizeof(val)) { return 0; } return val; @@ -163,8 +118,7 @@ vm_address_t get_kernel_base(mach_port_t tfp0) } } -size_t -kread(uint64_t where, void *p, size_t size) +size_t kread(uint64_t where, void *p, size_t size) { int rv; size_t offset = 0; @@ -183,11 +137,17 @@ kread(uint64_t where, void *p, size_t size) return offset; } -size_t -kwrite(uint64_t where, const void *p, size_t size) +size_t kwrite(uint64_t where, const void *p, size_t size) { int rv; size_t offset = 0; + + if (tfp0 == MACH_PORT_NULL) { + printf("attempt to write to kernel memory before any kernel memory write primitives available\n"); + sleep(3); + return offset; + } + while (offset < size) { size_t chunk = 2048; if (chunk > size - offset) { |