CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/exploits/CVE-2017-13861/kmem.h
Views: 11780
1
#ifndef KernelMemory_h

2
#define KernelMemory_h

3


4
#include <mach/mach.h>

5
#include <stdbool.h>

6


7
/***** mach_vm.h *****/

8
kern_return_t mach_vm_read(

9
    vm_map_t target_task,

10
    mach_vm_address_t address,

11
    mach_vm_size_t size,

12
    vm_offset_t* data,

13
    mach_msg_type_number_t* dataCnt);

14


15
kern_return_t mach_vm_write(

16
    vm_map_t target_task,

17
    mach_vm_address_t address,

18
    vm_offset_t data,

19
    mach_msg_type_number_t dataCnt);

20


21
kern_return_t mach_vm_read_overwrite(

22
    vm_map_t target_task,

23
    mach_vm_address_t address,

24
    mach_vm_size_t size,

25
    mach_vm_address_t data,

26
    mach_vm_size_t* outsize);

27


28
kern_return_t mach_vm_allocate(

29
    vm_map_t target,

30
    mach_vm_address_t* address,

31
    mach_vm_size_t size,

32
    int flags);

33


34
kern_return_t mach_vm_deallocate(

35
    vm_map_t target,

36
    mach_vm_address_t address,

37
    mach_vm_size_t size);

38


39
kern_return_t mach_vm_protect(

40
    vm_map_t target_task,

41
    mach_vm_address_t address,

42
    mach_vm_size_t size,

43
    boolean_t set_maximum,

44
    vm_prot_t new_protection);

45


46
extern mach_port_t tfp0;

47


48
size_t kread(uint64_t where, void* p, size_t size);

49
size_t kwrite(uint64_t where, const void* p, size_t size);

50


51
#define rk32(kaddr) ReadKernel32(kaddr)

52
#define rk64(kaddr) ReadKernel64(kaddr)

53
uint32_t ReadKernel32(uint64_t kaddr);

54
uint64_t ReadKernel64(uint64_t kaddr);

55


56
#define wk32(kaddr, val) WriteKernel32(kaddr, val)

57
#define wk64(kaddr, val) WriteKernel64(kaddr, val)

58
void WriteKernel32(uint64_t kaddr, uint32_t val);

59
void WriteKernel64(uint64_t kaddr, uint64_t val);

60


61
bool wkbuffer(uint64_t kaddr, void* buffer, size_t length);

62
bool rkbuffer(uint64_t kaddr, void* buffer, size_t length);

63


64
void kmemcpy(uint64_t dest, uint64_t src, uint32_t length);

65


66
void kmem_protect(uint64_t kaddr, uint32_t size, int prot);

67


68
uint64_t kmem_alloc(uint64_t size);

69
uint64_t kmem_alloc_wired(uint64_t size);

70
void kmem_free(uint64_t kaddr, uint64_t size);

71


72
void prepare_rk_via_kmem_read_port(mach_port_t port);

73
void prepare_rwk_via_tfp0(mach_port_t port);

74
void prepare_for_rw_with_fake_tfp0(mach_port_t fake_tfp0);

75


76
// query whether kmem read or write is present

77
bool have_kmem_read(void);

78
bool have_kmem_write(void);

79


80
#endif

81


82