Also check amfi cache before injecting

author: Sam Bingner <sam@bingner.com> 2018-12-21 14:02:36 -1000
committer: Sam Bingner <sam@bingner.com> 2018-12-21 14:02:36 -1000
commit: ee8a0cfb5148f3376fbfe7103354811c6b69c64f (patch)
tree: ab6fa4ef53220bd99635b9e4cf60560f05ee10d7 /kern_funcs.c
parent: cf517d0809b21acd87c3df7acb7552d6226b0e2c (diff)
1 files changed, 21 insertions, 4 deletions
diff --git a/kern_funcs.c b/kern_funcs.c
index 967cb13..09e1e4f 100644
--- a/kern_funcs.c
+++ b/kern_funcs.c
@@ -72,10 +72,27 @@ uint32_t rk32(uint64_t kaddr) {
 }
  
 uint64_t rk64(uint64_t kaddr) {
-    uint64_t lower = rk32(kaddr);
-    uint64_t higher = rk32(kaddr+4);
-    uint64_t full = ((higher<<32) | lower);
-    return full;
+    kern_return_t err;
+    uint64_t val = 0;
+    mach_vm_size_t outsize = 0;
+    err = mach_vm_read_overwrite(tfp0,
+            (mach_vm_address_t)kaddr,
+            (mach_vm_size_t)sizeof(uint64_t),
+            (mach_vm_address_t)&val,
+            &outsize);
+
+    if (err != KERN_SUCCESS){
+        printf("tfp0 read failed %s addr: 0x%llx err:%x port:%x\n", mach_error_string(err), kaddr, err, tfp0);
+        sleep(3);
+        return 0;
+    }
+
+    if (outsize != sizeof(uint64_t)){
+        printf("tfp0 read was short (expected %lx, got %llx\n", sizeof(uint64_t), outsize);
+        sleep(3);
+        return 0;
+    }
+    return val;
 }
  
 uint64_t kmem_alloc(uint64_t size) {
author	Sam Bingner <sam@bingner.com>	2018-12-21 14:02:36 -1000
committer	Sam Bingner <sam@bingner.com>	2018-12-21 14:02:36 -1000
commit	ee8a0cfb5148f3376fbfe7103354811c6b69c64f (patch)
tree	ab6fa4ef53220bd99635b9e4cf60560f05ee10d7 /kern_funcs.c
parent	cf517d0809b21acd87c3df7acb7552d6226b0e2c (diff)