diff options
| author | spv420 <unomilliono@gmail.com> | 2022-04-24 03:24:23 -0400 |
|---|---|---|
| committer | spv420 <unomilliono@gmail.com> | 2022-04-24 03:24:23 -0400 |
| commit | 099f735dfb75b1e96272c5e56bb963a736aeabdc (patch) | |
| tree | 7c0d56c3e7c1844f67285df774433e5468c13bed /tools/thread_shit.c | |
| parent | 8dfaa6ca5090dcebe4d0d0ffc0e26bf02140ac08 (diff) | |
backup shit in case i bootloop
Diffstat (limited to 'tools/thread_shit.c')
| -rw-r--r-- | tools/thread_shit.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/tools/thread_shit.c b/tools/thread_shit.c index c5650eb..74ef0c5 100644 --- a/tools/thread_shit.c +++ b/tools/thread_shit.c @@ -1,5 +1,12 @@ #include <mach/mach.h> +#include <sys/mman.h> #include <stdio.h> +#include <dlfcn.h> + +void lol(void) { + puts("hello?"); +// *(uint32_t*)0x41424344 = 0; +} int main(int argc, char* argv[]) { kern_return_t kr; @@ -9,23 +16,49 @@ int main(int argc, char* argv[]) { mytask = mach_task_self(); mythread = mach_thread_self(); + mmap(0x2000000, 0x100000, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); + + char* test = malloc(0x100); + strcpy(test, "Hello, world! %x %x %x %x %x %x %x\n"); + + puts("test"); + thread_create(mytask, &th); + printf("%x\n", mytask); arm_thread_state_t state; mach_msg_type_number_t count; - kr = thread_get_state(th, ARM_THREAD_STATE, (thread_state_t)&state, &count); - printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); + kr = thread_get_state(mythread, ARM_THREAD_STATE, (thread_state_t)&state, &count); + + uint32_t* stack_above = 0x2001000; + stack_above[0] = 0x42069; + stack_above[1] = 0x69420; + stack_above[3] = 0x13371337; + stack_above[4] = 0x6969; + +// fprintf(stderr, "%p %p\n", test, dlsym(RTLD_DEFAULT, "puts")); + +// exit(42); + +// *(uint32_t*)0x41414141 = 0; + +// memset(&state, 0, ARM_THREAD_STATE_COUNT * sizeof(uint32_t)); + for (int i = 0; i < 13; i++) { - state.__r[i] = 0x41414140 + i; + fprintf(stderr, "r%d=%x\n", i, state.__r[i]); } - state.__sp = 0x4141414c; - state.__lr = 0x4141414d; - state.__pc = 0x4141414e; + + state.__r[0] = test; +// state.__r[9] = pthread_keys; + state.__sp = (uint32_t)stack_above; + state.__pc = ((uint32_t)lol) | 1; + state.__cpsr = 0x40000010; kr = thread_set_state(th, ARM_THREAD_STATE, (thread_state_t)&state, ARM_THREAD_STATE_COUNT); - printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); kr = thread_resume(th); - printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); +// thread_call_enter((thread_call_func_t)&lol); - printf("still alive?\n"); + while (1) { + ;; + } return 0; }
\ No newline at end of file |