1 files changed, 32 insertions, 3 deletions

diff --git a/main.m b/main.m
index de107ff..b342996 100644
--- a/main.m
+++ b/main.m
@@ -6,6 +6,7 @@
  *
  */
 
+#include <Foundation/Foundation.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <mach/mach.h>
 #include <dlfcn.h>
@@ -13,7 +14,12 @@
 #include "CSCommon.h"
 #include "kern_funcs.h"
 #include "inject.h"
+#include "kernel_call.h"
+#include "parameters.h"
+#include "kc_parameters.h"
+#include "kernel_memory.h"
 
+#define PF(x) SETOFFSET(x, find_ ## x ())
 
 mach_port_t try_restore_port() {
     mach_port_t port = MACH_PORT_NULL;
@@ -39,28 +45,51 @@ int main(int argc, char* argv[]) {
     if (tfp0 == MACH_PORT_NULL)
         return -2;
     set_tfp0(tfp0);
-    uint64_t kernel_base = 0;
     struct task_dyld_info dyld_info = { 0 };
     mach_msg_type_number_t count = TASK_DYLD_INFO_COUNT;
     if (task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &count) != KERN_SUCCESS ||
-        (kernel_base = dyld_info.all_image_info_addr) == 0) {
+        (kernel_base = dyld_info.all_image_info_addr) == 0 ||
+        (kernel_slide = dyld_info.all_image_info_size) == 0) {
         return -3;
     }
     init_kernel(kread, kernel_base, NULL);
     uint64_t trust_chain = find_trustcache();
+    PF(trustcache);
+    PF(kernel_task);
+    PF(pmap_load_trust_cache);
+#if __arm64e__
+    PF(paciza_pointer__l2tp_domain_module_start);
+    PF(paciza_pointer__l2tp_domain_module_stop);
+    PF(l2tp_domain_inited);
+    PF(sysctl__net_ppp_l2tp);
+    PF(sysctl_unregister_oid);
+    PF(mov_x0_x4__br_x5);
+    PF(mov_x9_x0__br_x1);
+    PF(mov_x10_x3__br_x6);
+    PF(kernel_forge_pacia_gadget);
+    PF(kernel_forge_pacda_gadget);
+#endif
+    PF(IOUserClient__vtable);
+    PF(IORegistryEntry__getRegistryEntryID);
     term_kernel();
+    parameters_init();
+    kernel_task_port = tfp0;
+    current_task = rk64(task_self_addr() + OFFSET(ipc_port, ip_kobject));
+    kernel_task = rk64(GETOFFSET(kernel_task));
+    kernel_call_init();
     printf("Injecting to trust cache...\n");
   @autoreleasepool {
     NSMutableArray *files = [NSMutableArray new];
     for (int i=1; i<argc; i++) {
         [files addObject:@( argv[i] )];
     }
-    int errs = injectTrustCache(files, trust_chain);
+    int errs = injectTrustCache(files, trust_chain, pmap_load_trust_cache);
     if (errs < 0) {
         printf("Error %d injecting to trust cache.\n", errs);
     } else {
         printf("Successfully injected [%d/%d] to trust cache.\n", (int)files.count - errs, (int)files.count);
     }
+    kernel_call_deinit();
 
     return errs;
   }