more working

This commit is contained in:
comex 2011-01-20 14:44:49 -05:00
parent d785278c20
commit 3ef72e9188

View File

@ -65,10 +65,6 @@ void do_kernel(prange_t output, prange_t sandbox, struct binary *binary) {
find_data(b_macho_segrange(binary, "__TEXT"), is_armv7 ? "03 68 - c3 f8 20 24" : "84 23 db 00 - d5 50 22 68", 0, true), find_data(b_macho_segrange(binary, "__TEXT"), is_armv7 ? "03 68 - c3 f8 20 24" : "84 23 db 00 - d5 50 22 68", 0, true),
uint32_t, {is_armv7 ? 0xc420f8c3 : 0x682250d0}); uint32_t, {is_armv7 ? 0xc420f8c3 : 0x682250d0});
/*patch(PATCH_PROC_ENFORCE,
find_sysctl(binary, "proc_enforce"),
uint32_t, {0});*/
patch("-lunchd", patch("-lunchd",
find_string(b_macho_segrange(binary, "__DATA"), "/sbin/launchd", 0, true), find_string(b_macho_segrange(binary, "__DATA"), "/sbin/launchd", 0, true),
char, "/sbin/lunchd"); char, "/sbin/lunchd");
@ -122,6 +118,8 @@ void do_kernel(prange_t output, prange_t sandbox, struct binary *binary) {
scratch, scratch,
sandbox); sandbox);
// some "notes"
addr_t sysent = find_data(b_macho_segrange(binary, "__DATA"), "21 00 00 00 00 10 86 00 -", 0, true); addr_t sysent = find_data(b_macho_segrange(binary, "__DATA"), "21 00 00 00 00 10 86 00 -", 0, true);
addr_t sysent_patch_orig = b_read32(binary, sysent + 4); addr_t sysent_patch_orig = b_read32(binary, sysent + 4);
patch("sysent patch", 0, uint32_t, {sysent + 4}); patch("sysent patch", 0, uint32_t, {sysent + 4});