diff options
| -rw-r--r-- | tools/build.sh | 1 | ||||
| -rw-r--r-- | tools/build_native.sh | 4 | ||||
| -rw-r--r-- | tools/thread_shit.c | 31 |
3 files changed, 36 insertions, 0 deletions
diff --git a/tools/build.sh b/tools/build.sh index 5baab83..37f29b3 100644 --- a/tools/build.sh +++ b/tools/build.sh @@ -4,5 +4,6 @@ xcrun -sdk iphoneos clang -arch armv7 fuck_aslr2.c -o bin/fuck_aslr2; ldid -Sent xcrun -sdk iphoneos clang -arch armv7 fuck_ptr.c -o bin/fuck_ptr; ldid -S bin/fuck_ptr; cat bin/fuck_ptr | ssh root@localhost -p 2222 "rm fuck_ptr; cat > fuck_ptr; chmod +x fuck_ptr" xcrun -sdk iphoneos clang -arch armv7 jit_all_the_things.c -o bin/jit_all_the_things; ldid -S bin/jit_all_the_things; cat bin/jit_all_the_things | ssh root@localhost -p 2222 "rm jit_all_the_things; cat > jit_all_the_things; chmod +x jit_all_the_things" xcrun -sdk iphoneos clang -arch armv7 jsc_fun.c -framework JavaScriptCore -o bin/jsc_fun; ldid -S bin/jsc_fun; cat bin/jsc_fun | ssh root@localhost -p 2222 "rm jsc_fun; cat > jsc_fun; chmod +x jsc_fun" +xcrun -sdk iphoneos clang -arch armv7 thread_shit.c -o bin/thread_shit; ldid -S bin/thread_shit; cat bin/thread_shit | ssh root@localhost -p 2222 "rm thread_shit; cat > thread_shit; chmod +x thread_shit" scp -P 2222 lol.js root@localhost:/var/root/lol.js
\ No newline at end of file diff --git a/tools/build_native.sh b/tools/build_native.sh new file mode 100644 index 0000000..20fb329 --- /dev/null +++ b/tools/build_native.sh @@ -0,0 +1,4 @@ +mkdir bin +rm bin/thread_shit +gcc thread_shit.c -o bin/thread_shit --std=c99 +ldid -S bin/thread_shit
\ No newline at end of file diff --git a/tools/thread_shit.c b/tools/thread_shit.c new file mode 100644 index 0000000..c5650eb --- /dev/null +++ b/tools/thread_shit.c @@ -0,0 +1,31 @@ +#include <mach/mach.h> +#include <stdio.h> + +int main(int argc, char* argv[]) { + kern_return_t kr; + thread_t th; + mach_port_name_t mytask, mythread; + printf("Hello, world!\n"); + mytask = mach_task_self(); + mythread = mach_thread_self(); + + thread_create(mytask, &th); + arm_thread_state_t state; + mach_msg_type_number_t count; + kr = thread_get_state(th, ARM_THREAD_STATE, (thread_state_t)&state, &count); + printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); + for (int i = 0; i < 13; i++) { + state.__r[i] = 0x41414140 + i; + } + state.__sp = 0x4141414c; + state.__lr = 0x4141414d; + state.__pc = 0x4141414e; + kr = thread_set_state(th, ARM_THREAD_STATE, (thread_state_t)&state, ARM_THREAD_STATE_COUNT); + printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); + kr = thread_resume(th); + printf("%d %d %s\n", kr, KERN_SUCCESS, mach_error_string(kr)); + + printf("still alive?\n"); + + return 0; +}
\ No newline at end of file |