From 0038c26fbc61b00fb06dc807a0c322783fd7bf32 Mon Sep 17 00:00:00 2001
From: spv420 <unomilliono@gmail.com>
Date: Sun, 24 Apr 2022 04:01:12 -0400
Subject: w00t

---
 tools/thread_shit.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'tools')

diff --git a/tools/thread_shit.c b/tools/thread_shit.c
index 74ef0c5..3020ea8 100644
--- a/tools/thread_shit.c
+++ b/tools/thread_shit.c
@@ -1,5 +1,6 @@
 #include <mach/mach.h>
 #include <sys/mman.h>
+#include <pthread.h>
 #include <stdio.h>
 #include <dlfcn.h>
 
@@ -8,6 +9,10 @@ void lol(void) {
 //	*(uint32_t*)0x41424344 = 0;
 }
 
+void* lol2(void* arg) {
+	while (1) ;;
+}
+
 int main(int argc, char* argv[]) {
 	kern_return_t kr;
 	thread_t th;
@@ -21,9 +26,13 @@ int main(int argc, char* argv[]) {
 	char* test = malloc(0x100);
 	strcpy(test, "Hello, world! %x %x %x %x %x %x %x\n");
 
+	pthread_t thread;
+	pthread_create(&thread, NULL, lol2, NULL);
+
 	puts("test");
 
-	thread_create(mytask, &th);
+//	thread_create(mytask, &th);
+	th = pthread_mach_thread_np(thread);
 	printf("%x\n", mytask);
 	arm_thread_state_t state;
 	mach_msg_type_number_t count;
@@ -48,10 +57,12 @@ int main(int argc, char* argv[]) {
 	}
 
 	state.__r[0] = test;
-//	state.__r[9] = pthread_keys;
+	state.__r[1] = 0x1337;
+	state.__r[2] = 0x420;
+	state.__r[3] = 0x69;
 	state.__sp = (uint32_t)stack_above;
-	state.__pc = ((uint32_t)lol) | 1;
-	state.__cpsr = 0x40000010;
+	state.__pc = ((uint32_t)dlsym(RTLD_DEFAULT, "printf")) | 1;
+	state.__cpsr = 0x40000020;
 	kr = thread_set_state(th, ARM_THREAD_STATE, (thread_state_t)&state, ARM_THREAD_STATE_COUNT);
 	kr = thread_resume(th);
 //	thread_call_enter((thread_call_func_t)&lol);
-- 
cgit v1.2.3