首頁 探索 說明
登入
NitoTV
/
merdian
關註 3
讚好 0
複刻 0
Files 問題管理 0 合併請求 1 Wiki
分支: master
分支列表 標籤列表
merdian
/
Meridian
/
jailbreakd
/
helpers
/
kmem.c

kmem.c 3.1 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. #import "../kern_utils.h"
    2. 

  2. #import "patchfinder64.h"
    3. 

  3. #import "kmem.h"
    4. 

  4. 

  5. #define MAX_CHUNK_SIZE 0xFFF
    6. 

  6. 

  7. size_t kread(uint64_t where, void *p, size_t size) {
    8. 

  8. 	int rv;
    9. 

  9. 	size_t offset = 0;
    10. 

  10. 	while (offset < size) {
    11. 

  11. 		mach_vm_size_t sz, chunk = MAX_CHUNK_SIZE;
    12. 

  12. 		if (chunk > size - offset) {
    13. 

  13. 			chunk = size - offset;
    14. 

  14. 		}
    15. 

  15. 		rv = mach_vm_read_overwrite(tfpzero, where + offset, chunk, (mach_vm_address_t)p + offset, &sz);
    16. 

  16. 		if (rv || sz == 0) {
    17. 

  17. 			fprintf(stderr, "[e] error reading kernel @%p\n", (void *)(offset + where));
    18. 

  18. 			break;
    19. 

  19. 		}
    20. 

  20. 		offset += sz;
    21. 

  21. 	}
    22. 

  22. 	return offset;
    23. 

  23. }
    24. 

  24. 

  25. size_t kwrite(uint64_t where, const void *p, size_t size) {
    26. 

  26. 	int rv;
    27. 

  27. 	size_t offset = 0;
    28. 

  28. 	while (offset < size) {
    29. 

  29. 		size_t chunk = MAX_CHUNK_SIZE;
    30. 

  30. 		if (chunk > size - offset) {
    31. 

  31. 			chunk = size - offset;
    32. 

  32. 		}
    33. 

  33. 		rv = mach_vm_write(tfpzero, where + offset, (mach_vm_offset_t)p + offset, chunk);
    34. 

  34. 		if (rv) {
    35. 

  35. 			fprintf(stderr, "[e] error writing kernel @%p\n", (void *)(offset + where));
    36. 

  36. 			break;
    37. 

  37. 		}
    38. 

  38. 		offset += chunk;
    39. 

  39. 	}
    40. 

  40. 	return offset;
    41. 

  41. }
    42. 

  42. 

  43. uint64_t kalloc(vm_size_t size){
    44. 

  44. 	mach_vm_address_t address = 0;
    45. 

  45. 	mach_vm_allocate(tfpzero, (mach_vm_address_t *)&address, size, VM_FLAGS_ANYWHERE);
    46. 

  46. 	return address;
    47. 

  47. }
    48. 

  48. 

  49. void kfree(mach_vm_address_t address, vm_size_t size){
    50. 

  50.   mach_vm_deallocate(tfpzero, address, size);
    51. 

  51. }
    52. 

  52. 

  53. uint32_t rk32(uint64_t kaddr) {
    54. 

  54.   uint32_t val = 0;
    55. 

  55.   kread(kaddr, &val, sizeof(val));
    56. 

  56.   return val;
    57. 

  57. }
    58. 

  58. 

  59. uint64_t rk64(uint64_t kaddr) {
    60. 

  60.   uint64_t val = 0;
    61. 

  61.   kread(kaddr, &val, sizeof(val));
    62. 

  62.   return val;
    63. 

  63. }
    64. 

  64. 

  65. void wk32(uint64_t kaddr, uint32_t val) {
    66. 

  66.   kwrite(kaddr, &val, sizeof(val));
    67. 

  67. }
    68. 

  68. 

  69. void wk64(uint64_t kaddr, uint64_t val) {
    70. 

  70.   kwrite(kaddr, &val, sizeof(val));
    71. 

  71. }
    72. 

  72. 

  73. // thx Siguza
    74. 

  74. typedef struct {
    75. 

  75.   uint64_t prev;
    76. 

  76.   uint64_t next;
    77. 

  77.   uint64_t start;
    78. 

  78.   uint64_t end;
    79. 

  79. } kmap_hdr_t;
    80. 

  80. 

  81. uint64_t zm_fix_addr(uint64_t addr) {
    82. 

  82.   static kmap_hdr_t zm_hdr = {0, 0, 0, 0};
    83. 

  83.   if (zm_hdr.start == 0) {
    84. 

  84.     // xxx rk64(0) ?!
    85. 

  85.       // uint64_t zone_map_ref = find_zone_map_ref();
    86. 

  86.       fprintf(stderr, "offset_zonemap = %llx \n", offset_zonemap);
    87. 

  87.       fprintf(stderr, "zone_map_ref: %llx \n", offset_zonemap + kernel_slide);
    88. 

  88.     uint64_t zone_map = rk64(offset_zonemap + kernel_slide);
    89. 

  89.       fprintf(stderr, "zone_map: %llx \n", zone_map);
    90. 

  90.     // hdr is at offset 0x10, mutexes at start
    91. 

  91.     size_t r = kread(zone_map + 0x10, &zm_hdr, sizeof(zm_hdr));
    92. 

  92.     fprintf(stderr, "zm_range: 0x%llx - 0x%llx (read 0x%zx, exp 0x%zx)\n", zm_hdr.start, zm_hdr.end, r, sizeof(zm_hdr));
    93. 

  93. 

  94.     if (r != sizeof(zm_hdr) || zm_hdr.start == 0 || zm_hdr.end == 0) {
    95. 

  95.       fprintf(stderr, "kread of zone_map failed!\n");
    96. 

  96.       exit(1);
    97. 

  97.     }
    98. 

  98. 

  99.     if (zm_hdr.end - zm_hdr.start > 0x100000000) {
    100. 

  100.         fprintf(stderr, "zone_map is too big, sorry.\n");
    101. 

  101.         exit(1);
    102. 

  102.     }
    103. 

  103.   }
    104. 

  104. 

  105.   uint64_t zm_tmp = (zm_hdr.start & 0xffffffff00000000) | ((addr) & 0xffffffff);
    106. 

  106. 

  107.   return zm_tmp < zm_hdr.start ? zm_tmp + 0x100000000 : zm_tmp;
    108. 

  108. }
    109. 

  109. 

  110. int kstrcmp(uint64_t kstr, const char* str) {
    111. 

  111. 	// XXX be safer, dont just assume you wont cause any
    112. 

  112. 	// page faults by this
    113. 

  113. 	size_t len = strlen(str) + 1;
    114. 

  114. 	char *local = malloc(len + 1);
    115. 

  115. 	local[len] = '\0';
    116. 

  116. 

  117. 	int ret = 1;
    118. 

  118.     
    119. 

  119. 	if (kread(kstr, local, len) == len) {
    120. 

  120. 		ret = strcmp(local, str);
    121. 

  121. 	}
    122. 

  122.     
    123. 

  123. 	free(local);
    124. 

  124. 

  125. 	return ret;
    126. 

  126. }
    127. 

  127.