diff options
| author | Pwn20wnd <pwn20wndstuff@gmail.com> | 2019-03-09 23:30:26 +0300 |
|---|---|---|
| committer | Sam Bingner <sam@bingner.com> | 2019-03-20 23:27:12 -1000 |
| commit | 7bca6ad19e54e2edc4ec9cfa10da20a26e294334 (patch) | |
| tree | 9805a17e7d5ecdedc2aeb0a0328c6b2df1b26828 /kernel_call/kernel_call.h | |
| parent | 4abbd1f554d3f1a185fd7079ee84944f1b0a355b (diff) | |
Merge pwn's changes to support arm64e via rebase
Diffstat (limited to 'kernel_call/kernel_call.h')
| -rwxr-xr-x | kernel_call/kernel_call.h | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/kernel_call/kernel_call.h b/kernel_call/kernel_call.h new file mode 100755 index 0000000..5199fdc --- /dev/null +++ b/kernel_call/kernel_call.h @@ -0,0 +1,93 @@ +/* + * kernel_call.h + * Brandon Azad + */ +#ifndef VOUCHER_SWAP__KERNEL_CALL_H_ +#define VOUCHER_SWAP__KERNEL_CALL_H_ + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> + +/* + * kernel_call_init + * + * Description: + * Initialize kernel_call functions. + */ +bool kernel_call_init(void); + +/* + * kernel_call_deinit + * + * Description: + * Deinitialize the kernel call subsystem and restore the kernel to a safe state. + */ +void kernel_call_deinit(void); + +/* + * kernel_call_7 + * + * Description: + * Call a kernel function with the specified arguments. + * + * Restrictions: + * See kernel_call_7v(). + */ +uint32_t kernel_call_7(uint64_t function, size_t argument_count, ...); + +/* + * kernel_call_7v + * + * Description: + * Call a kernel function with the specified arguments. + * + * Restrictions: + * At most 7 arguments can be passed. + * arguments[0] must be nonzero. + * The return value is truncated to 32 bits. + */ +uint32_t kernel_call_7v(uint64_t function, size_t argument_count, const uint64_t arguments[]); + +/* + * kernel_forge_pacia + * + * Description: + * Forge a PACIA pointer using the kernel forging gadget. + */ +uint64_t kernel_forge_pacia(uint64_t pointer, uint64_t context); + +/* + * kernel_forge_pacia_with_type + * + * Description: + * Forge a PACIA pointer using the specified address, with the upper 16 bits replaced by the + * type code, as context. + */ +uint64_t kernel_forge_pacia_with_type(uint64_t pointer, uint64_t address, uint16_t type); + +/* + * kernel_forge_pacda + * + * Description: + * Forge a PACDA pointer using the kernel forging gadget. + */ +uint64_t kernel_forge_pacda(uint64_t pointer, uint64_t context); + +/* + * kernel_xpaci + * + * Description: + * Strip a PACIx code from a kernel pointer. + */ +uint64_t kernel_xpaci(uint64_t pointer); + +/* + * kernel_xpacd + * + * Description: + * Strip a PACDx code from a kernel pointer. + */ +uint64_t kernel_xpacd(uint64_t pointer); + +#endif |