void shell_main(){ dlopen_t dlopen_f = (dlopen_t)getProcAddr(NULL,"dlopen"); dlsym_t dlsym_f = (dlsym_t)getProcAddr(NULL,"dlsym"); const char *so_name = "/data/local/tmp/testso.so"; char *code = (char*)get_so_buffer(so_name); int ashmem_len = *(int*)code; int fd_memory = ashmem_create_region("shmem", ashmem_len); ashmem_pin_region(fd_memory, 0, 0); uint8_t *shm = (uint8_t*)mmap(NULL, ashmem_len, PROT_READ | PROT_WRITE, MAP_SHARED, fd_memory, 0); printf("first map address is %p\n",shm); memcpy(shm,code,ashmem_len); free(code); //ashmem_unpin_region(fd_memory, 0, 0); int pos[32]={12,2,12,fd_memory}; //shellcode(dlopen_f,pos); uint32_t libcbase = (uint32_t)getModuleBase("libc.so"); uint32_t mprotect_address = (uint32_t)getProcAddr("libc.so","mprotect"); uint32_t len = 0; void *buffer = get_shellcode(&len); uint32_t ropData[29]={libcbase+0x15056+1,1+libcbase+0x4c8ee,0xdeaddead,0xdeaddead,(uint32_t)buffer&0xfffff000,4096,0x7,(uint32_t)mprotect_address,(uint32_t)dlopen_f,(uint32_t)pos,2,(uint32_t)buffer+1}; //uint32_t ropData[29]={libcbase+0x15056+1,1+libcbase+0x4c8ee,0xdeaddead,0xdeaddead,(uint32_t)buffer&0xfffff000,4096,0x7,(uint32_t)mprotect_address,(uint32_t)dlopen_f,1,2,(uint32_t)shellcode}; asmm_test((uint32_t)ropData); free(buffer); exit(-1); }
static struct pipe_resource * st_vdpau_video_surface_gallium(struct gl_context *ctx, const void *vdpSurface, GLuint index) { int (*getProcAddr)(uint32_t device, uint32_t id, void **ptr); uint32_t device = (uintptr_t)ctx->vdpDevice; struct pipe_sampler_view *sv; VdpVideoSurfaceGallium *f; struct pipe_video_buffer *buffer; struct pipe_sampler_view **samplers; getProcAddr = (void *)ctx->vdpGetProcAddress; if (getProcAddr(device, VDP_FUNC_ID_VIDEO_SURFACE_GALLIUM, (void**)&f)) return NULL; buffer = f((uintptr_t)vdpSurface); if (!buffer) return NULL; samplers = buffer->get_sampler_view_planes(buffer); if (!samplers) return NULL; sv = samplers[index >> 1]; if (!sv) return NULL; return sv->texture; }
static struct pipe_resource * st_vdpau_output_surface_gallium(struct gl_context *ctx, const void *vdpSurface) { int (*getProcAddr)(uint32_t device, uint32_t id, void **ptr); uint32_t device = (uintptr_t)ctx->vdpDevice; VdpOutputSurfaceGallium *f; getProcAddr = (void *)ctx->vdpGetProcAddress; if (getProcAddr(device, VDP_FUNC_ID_OUTPUT_SURFACE_GALLIUM, (void**)&f)) return NULL; return f((uintptr_t)vdpSurface); }
cl_int OpenCLManager::clEnqueueNDRangeKernel(cl_command_queue command_queue, cl_kernel kernel, cl_uint work_dim, const size_t *global_work_offset, const size_t *global_work_size, const size_t *local_work_size, cl_uint num_events_in_wait_list, const cl_event *event_wait_list, cl_event *event) { if( enqueue_nd_range_kernel_func_ == NULL ){ enqueue_nd_range_kernel_func_ = (PF_CL_ENQUEUE_ND_RANGE_KERNEL) getProcAddr( "clEnqueueNDRangeKernel" ); } if( enqueue_nd_range_kernel_func_ != NULL){ return enqueue_nd_range_kernel_func_(command_queue,kernel,work_dim,global_work_offset,global_work_size,local_work_size,num_events_in_wait_list,event_wait_list,event); }else{ qWarning() << "Bind Error: enqueue_nd_range_kernel_func_"; bind_error_ = true; return 0; } }
cl_command_queue OpenCLManager::clCreateCommandQueue(cl_context context, cl_device_id device, cl_command_queue_properties properties, cl_int *errcode_ret) { if( create_command_queue_func_ == NULL ){ create_command_queue_func_ = (PF_CL_CREATE_COMMAND_QUEUE) getProcAddr( "clCreateCommandQueue" ); } if( create_command_queue_func_ != NULL){ return create_command_queue_func_(context,device,properties,errcode_ret); }else{ qWarning() << "Bind Error: create_command_queue_func_"; bind_error_ = true; return NULL; } }
cl_context OpenCLManager::clCreateContext(const cl_context_properties *properties, cl_uint num_devices, const cl_device_id *devices, void (CL_CALLBACK*pfn_notify)(const char *, const void *, size_t, void *), void *user_data, cl_int *errcode_ret) { if( create_context_func_ == NULL ){ create_context_func_ = (PF_CL_CREATE_CONTEXT) getProcAddr( "clCreateContext" ); } if( create_context_func_ != NULL){ return create_context_func_(properties,num_devices,devices,pfn_notify,user_data,errcode_ret); }else{ qWarning() << "Bind Error: create_context_func_"; bind_error_ = true; return NULL; } }
cl_int OpenCLManager::clReleaseCommandQueue(cl_command_queue command_queue) { if( release_command_queue_func_ == NULL ){ release_command_queue_func_ = (PF_CL_RELEASE_COMMAND_QUEUE) getProcAddr( "clReleaseCommandQueue" ); } if( release_command_queue_func_ != NULL){ return release_command_queue_func_(command_queue); }else{ qWarning() << "Bind Error: release_command_queue_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clGetDeviceIDs(cl_platform_id platform, cl_device_type device_type, cl_uint num_entries, cl_device_id *devices, cl_uint *num_devices) { if( get_device_ids_func_ == NULL ){ get_device_ids_func_ = (PF_CL_GET_DEVICE_IDS) getProcAddr( "clGetDeviceIDs" ); } if( get_device_ids_func_ != NULL){ return get_device_ids_func_(platform,device_type,num_entries,devices,num_devices); }else{ qWarning() << "Bind Error: get_device_ids_func_"; bind_error_ = true; return 0; } }
cl_program OpenCLManager::clCreateProgramWithSource(cl_context context, cl_uint count, const char **strings, const size_t *lengths, cl_int *errcode_ret) { if( create_program_with_source_func_ == NULL ){ create_program_with_source_func_ = (PF_CL_CREATE_PROGRAM_WITH_SOURCE) getProcAddr( "clCreateProgramWithSource" ); } if( create_program_with_source_func_ != NULL){ return create_program_with_source_func_(context,count,strings,lengths,errcode_ret); }else{ qWarning() << "Bind Error: create_program_with_source_func_"; bind_error_ = true; return NULL; } }
cl_mem OpenCLManager::clCreateBuffer(cl_context context, cl_mem_flags flags, size_t size, void *host_ptr, cl_int *errcode_ret) { if( create_buffer_func_ == NULL ){ create_buffer_func_ = (PF_CL_CREATE_BUFFER) getProcAddr( "clCreateBuffer" ); } if( create_buffer_func_ != NULL){ return create_buffer_func_(context,flags,size,host_ptr,errcode_ret); }else{ qWarning() << "Bind Error: create_buffer_func_"; bind_error_ = true; return NULL; } }
cl_int OpenCLManager::clEnqueueWriteBuffer(cl_command_queue command_queue, cl_mem buffer, cl_bool blocking_write, size_t offset, size_t cb, const void *ptr, cl_uint num_events_in_wait_list, const cl_event *event_wait_list, cl_event *event) { if( enqueue_write_buffer_func_ == NULL ){ enqueue_write_buffer_func_ = (PF_CL_ENQUEUE_WRITE_BUFFER) getProcAddr( "clEnqueueWriteBuffer" ); } if( enqueue_write_buffer_func_ != NULL){ return enqueue_write_buffer_func_(command_queue,buffer,blocking_write,offset,cb,ptr,num_events_in_wait_list,event_wait_list,event); }else{ qWarning() << "Bind Error: enqueue_write_buffer_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clReleaseKernel(cl_kernel kernel) { if( release_kernel_func_ == NULL ){ release_kernel_func_ = (PF_CL_RELEASE_KERNEL) getProcAddr( "clReleaseKernel" ); } if( release_kernel_func_ != NULL){ return release_kernel_func_(kernel); }else{ qWarning() << "Bind Error: release_kernel_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clSetKernelArg(cl_kernel kernel, cl_uint arg_index, size_t arg_size, const void *arg_value) { if( set_kerne_arg_func_ == NULL ){ set_kerne_arg_func_ = (PF_CL_SET_KERNEL_ARG) getProcAddr( "clSetKernelArg" ); } if( set_kerne_arg_func_ != NULL){ return set_kerne_arg_func_(kernel,arg_index,arg_size,arg_value); }else{ qWarning() << "Bind Error: set_kerne_arg_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clGetProgramBuildInfo(cl_program program, cl_device_id device, cl_program_build_info param_name, size_t param_value_size, void *param_value, size_t *param_value_size_ret) { if( get_program_build_info_func_ == NULL ){ get_program_build_info_func_ = (PF_CL_GET_PROGRAM_BUILD_INFO) getProcAddr( "clGetProgramBuildInfo" ); } if( get_program_build_info_func_ != NULL){ return get_program_build_info_func_(program,device,param_name,param_value_size,param_value,param_value_size_ret); }else{ qWarning() << "Bind Error: get_program_build_info_func_"; bind_error_ = true; return 0; } }
cl_kernel OpenCLManager::clCreateKernel(cl_program program, const char *kernel_name, cl_int *errcode_ret) { if( create_kernel_func_ == NULL ){ create_kernel_func_ = (PF_CL_CREATE_KERNEL) getProcAddr( "clCreateKernel" ); } if( create_kernel_func_ != NULL){ return create_kernel_func_(program,kernel_name,errcode_ret); }else{ qWarning() << "Bind Error: create_kernel_func_"; bind_error_ = true; return NULL; } }
cl_int OpenCLManager::clBuildProgram(cl_program program, cl_uint num_devices, const cl_device_id *device_list, const char *options, void (CL_CALLBACK*pfn_notify)(cl_program, void *), void *user_data) { if( build_program_func_ == NULL ){ build_program_func_ = (PF_CL_BUILD_PROGRAM) getProcAddr( "clBuildProgram" ); } if( build_program_func_ != NULL){ return build_program_func_(program,num_devices,device_list,options,pfn_notify,user_data); }else{ qWarning() << "Bind Error: enqueue_write_buffer_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clReleaseProgram(cl_program program) { if( release_program_func_ == NULL ){ release_program_func_ = (PF_CL_RELEASE_PROGRAM) getProcAddr( "clReleaseProgram" ); } if( release_program_func_ != NULL){ return release_program_func_(program); }else{ qWarning() << "Bind Error: release_program_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clGetPlatformIDs( cl_uint num_entries, cl_platform_id * platforms, cl_uint * num_platforms ) { if( platform_id_func_ == NULL ){ platform_id_func_ = (PF_CL_GET_PLATFORM_IDS) getProcAddr( "clGetPlatformIDs" ); } if( platform_id_func_ != NULL){ return platform_id_func_(num_entries, platforms, num_platforms ); }else{ qWarning() << "Bind Error: platform_id_func_"; bind_error_ = true; return 0; } }
cl_int OpenCLManager::clReleaseMemObject(cl_mem memobj) { if( release_mem_object_func_ == NULL ){ release_mem_object_func_ = (PF_CL_RELEASE_MEMOBJECT) getProcAddr( "clReleaseMemObject" ); } if( release_mem_object_func_ != NULL){ return release_mem_object_func_(memobj); }else{ qWarning() << "Bind Error: release_mem_object_func_"; bind_error_ = true; return 0; } }
static struct pipe_resource * st_vdpau_output_surface_dma_buf(struct gl_context *ctx, const void *vdpSurface) { int (*getProcAddr)(uint32_t device, uint32_t id, void **ptr); uint32_t device = (uintptr_t)ctx->vdpDevice; struct VdpSurfaceDMABufDesc desc; VdpOutputSurfaceDMABuf *f; getProcAddr = (void *)ctx->vdpGetProcAddress; if (getProcAddr(device, VDP_FUNC_ID_OUTPUT_SURFACE_DMA_BUF, (void**)&f)) return NULL; if (f((uintptr_t)vdpSurface, &desc) != VDP_STATUS_OK) return NULL; return st_vdpau_resource_from_description(ctx, &desc); }
static void st_vdpau_map_surface(struct gl_context *ctx, GLenum target, GLenum access, GLboolean output, struct gl_texture_object *texObj, struct gl_texture_image *texImage, const GLvoid *vdpSurface, GLuint index) { int (*getProcAddr)(uint32_t device, uint32_t id, void **ptr); uint32_t device = (uintptr_t)ctx->vdpDevice; struct st_context *st = st_context(ctx); struct st_texture_object *stObj = st_texture_object(texObj); struct st_texture_image *stImage = st_texture_image(texImage); struct pipe_resource *res; struct pipe_sampler_view *sv, templ; gl_format texFormat; getProcAddr = ctx->vdpGetProcAddress; if (output) { VdpOutputSurfaceGallium *f; if (getProcAddr(device, VDP_FUNC_ID_OUTPUT_SURFACE_GALLIUM, (void**)&f)) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } res = f((uintptr_t)vdpSurface); if (!res) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } } else { VdpVideoSurfaceGallium *f; struct pipe_video_buffer *buffer; struct pipe_sampler_view **samplers; if (getProcAddr(device, VDP_FUNC_ID_VIDEO_SURFACE_GALLIUM, (void**)&f)) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } buffer = f((uintptr_t)vdpSurface); if (!buffer) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } samplers = buffer->get_sampler_view_planes(buffer); if (!samplers) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } sv = samplers[index >> 1]; if (!sv) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } res = sv->texture; } if (!res) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } /* do we have different screen objects ? */ if (res->screen != st->pipe->screen) { _mesa_error(ctx, GL_INVALID_OPERATION, "VDPAUMapSurfacesNV"); return; } /* switch to surface based */ if (!stObj->surface_based) { _mesa_clear_texture_object(ctx, texObj); stObj->surface_based = GL_TRUE; } texFormat = st_pipe_format_to_mesa_format(res->format); _mesa_init_teximage_fields(ctx, texImage, res->width0, res->height0, 1, 0, GL_RGBA, texFormat); pipe_resource_reference(&stObj->pt, res); pipe_sampler_view_reference(&stObj->sampler_view, NULL); pipe_resource_reference(&stImage->pt, res); u_sampler_view_default_template(&templ, res, res->format); templ.u.tex.first_layer = index & 1; templ.u.tex.last_layer = index & 1; templ.swizzle_r = GET_SWZ(stObj->base._Swizzle, 0); templ.swizzle_g = GET_SWZ(stObj->base._Swizzle, 1); templ.swizzle_b = GET_SWZ(stObj->base._Swizzle, 2); templ.swizzle_a = GET_SWZ(stObj->base._Swizzle, 3); stObj->sampler_view = st->pipe->create_sampler_view(st->pipe, res, &templ); stObj->width0 = res->width0; stObj->height0 = res->height0; stObj->depth0 = 1; stObj->surface_format = res->format; _mesa_dirty_texobj(ctx, texObj); }