backup shit in case i bootloop

3 files changed, 99 insertions, 14 deletions

diff --git a/launch.json b/launch.json
new file mode 100644
index 0000000..c2fecf3
--- /dev/null
+++ b/launch.json
@@ -0,0 +1,6 @@
+{
+    "name": "Launch",
+    "type": "lldb",
+    "request": "launch",
+    "program": "${workspaceFolder}/tools/bin/thread_shit"
+}
\ No newline at end of file
diff --git a/src/js/main.js b/src/js/main.js
index c7a8d57..d611329 100644
--- a/src/js/main.js
+++ b/src/js/main.js
@@ -8,6 +8,9 @@
 var MAX_SLIDE = 0x3;
 var MIN_SLIDE = 0x1;
 
+var ARM_THREAD_STATE = 0x1;
+var ARM_THREAD_STATE_COUNT = 0x11;
+
 try {
 	log("we out here in jsc");
 } catch (e) {
@@ -31,6 +34,26 @@ function main() {
 	slide = get_our_slide();
 	base = 0x4000 + (slide << 12);
 	slid = (slide << 12);
+	mytask = 0;
+	count = 0x130000;
+	th = 0x130100;
+//	thread_state_ptr = 0x130008;
+	thread_state = 0x130200;
+	countptr = 0x131000;
+	thptr = 0x131004;
+	thread_stateptr = 0x131008;
+
+	countptrptr = 0x132000;
+	thptrptr = 0x132004;
+	thread_stateptrptr = 0x132008;
+
+	write_u32(countptr, count);
+	write_u32(thptr, th);
+	write_u32(thread_stateptr, thread_state);
+
+	write_u32(countptrptr, countptr);
+	write_u32(thptrptr, thptr);
+	write_u32(thread_stateptrptr, thread_stateptr);
 
 	init_sptr_heap();
 
@@ -42,12 +65,35 @@ function main() {
 	printf("*(uint16_t*)base = 0x%x\n", read_u16(base));
 	printf("*(uint32_t*)base = 0x%x\n", read_u32(base));
 
-	var i = 0;
-	while (true) {
-		calls4arg("syslog", 0x28, sptr("get rekt from jsc %d (slide=%x)\n"), i, slide);
-		calls4arg("sleep", 1, 0, 0, 0);
-		i++;
+	puts("alive");
+	mytask = calls4arg("mach_task_self", 0, 0, 0, 0);
+
+	printf("%x %x %x\n", mytask, thptr, th);
+	printf("%x %x\n", thread_stateptr, countptr);
+
+	puts("alive");
+	calls4arg("thread_create", mytask, th, 0, 0);
+	printf("mytask=%x th=%x\n", mytask, read_u32(th));
+	puts("alive");
+	calls4arg("thread_get_state", thptr, ARM_THREAD_STATE, thread_stateptrptr, countptr);
+	printf("thread_state=%x\n", read_u32(thread_state));
+	puts("alive");
+	for (var i = 0; i < 16; i++) {
+		write_u32(thread_state + (i << 2), 0x41414140 + i);
 	}
+	printf("thread_state=%x\n", read_u32(thread_state));
+	puts("alive");
+	calls4arg("thread_set_state", thptr, ARM_THREAD_STATE, thread_stateptrptr, ARM_THREAD_STATE_COUNT);
+	puts("alive");
+	calls4arg("thread_resume", thptr, 0, 0, 0);
+	puts("alive");
+
+//	var i = 0;
+//	while (true) {
+//		calls4arg("syslog", 0x28, sptr("get rekt from jsc %d (slide=%x)\n"), i, slide);
+//		calls4arg("sleep", 1, 0, 0, 0);
+//		i++;
+//	}
 
 	log("still alive");
 };
diff --git a/tools/thread_shit.c b/tools/thread_shit.c
index c5650eb..74ef0c5 100644
--- a/tools/thread_shit.c
+++ b/tools/thread_shit.c
@@ -1,5 +1,12 @@
 #include <mach/mach.h>
+#include <sys/mman.h>
 #include <stdio.h>
+#include <dlfcn.h>
+
+void lol(void) {
+	puts("hello?");
+//	*(uint32_t*)0x41424344 = 0;
+}
 
 int main(int argc, char* argv[]) {
 	kern_return_t kr;
@@ -9,23 +16,49 @@ int main(int argc, char* argv[]) {
 	mytask = mach_task_self();
 	mythread = mach_thread_self();
 
+	mmap(0x2000000, 0x100000, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0);
+
+	char* test = malloc(0x100);
+	strcpy(test, "Hello, world! %x %x %x %x %x %x %x\n");
+
+	puts("test");
+
 	thread_create(mytask, &th);
+	printf("%x\n", mytask);
 	arm_thread_state_t state;
 	mach_msg_type_number_t count;
-	kr = thread_get_state(th, ARM_THREAD_STATE, (thread_state_t)&state, &count);
-	printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr));
+	kr = thread_get_state(mythread, ARM_THREAD_STATE, (thread_state_t)&state, &count);
+
+	uint32_t* stack_above = 0x2001000;
+	stack_above[0] = 0x42069;
+	stack_above[1] = 0x69420;
+	stack_above[3] = 0x13371337;
+	stack_above[4] = 0x6969;
+
+//	fprintf(stderr, "%p %p\n", test, dlsym(RTLD_DEFAULT, "puts"));
+
+//	exit(42);
+
+//	*(uint32_t*)0x41414141 = 0;
+
+//	memset(&state, 0, ARM_THREAD_STATE_COUNT * sizeof(uint32_t));
+
 	for (int i = 0; i < 13; i++) {
-		state.__r[i] = 0x41414140 + i;
+		fprintf(stderr, "r%d=%x\n", i, state.__r[i]);
 	}
-	state.__sp = 0x4141414c;
-	state.__lr = 0x4141414d;
-	state.__pc = 0x4141414e;
+
+	state.__r[0] = test;
+//	state.__r[9] = pthread_keys;
+	state.__sp = (uint32_t)stack_above;
+	state.__pc = ((uint32_t)lol) | 1;
+	state.__cpsr = 0x40000010;
 	kr = thread_set_state(th, ARM_THREAD_STATE, (thread_state_t)&state, ARM_THREAD_STATE_COUNT);
-	printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr));
 	kr = thread_resume(th);
-	printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr));
+//	thread_call_enter((thread_call_func_t)&lol);
 
-	printf("still alive?\n");
+	while (1) {
+		;;
+	}
 
 	return 0;
 }
\ No newline at end of file