GithubHelp home page GithubHelp logo

b-2-r / commpage-routine Goto Github PK

View Code? Open in Web Editor NEW
0.0 0.0 0.0 7 KB

Add a new routine to XNU's comm page area and call it from a user space program (macOS).

C 85.68% Assembly 14.32%
xnu kernel macos osx shared-memory commpage c assembly

commpage-routine's Introduction

commpage-routine

This PoC does three things:

  1. Add a new routine (32-bit and 64-bit compatible) to the comm page text section.
  2. Add a new string to the comm page data section.
  3. Call (after mapped into the process's address space) the newly added routine from a user space program.

Preparations

The following files needs to be patched/added in order to work:

  • osfmk/i386/cpu_capabilities.h (address definitions (text and data))
  • osfmk/i386/commpage/hello_commpage.s (contains 32-bit and 64-bit versions of the new routine)
  • osfmk/i386/commpage/commpage_asm.s (to populate the new routine)
  • osfmk/i386/commpage/commpage/commpage.c (to populate the new string)
  • osfmk/conf/files.x86_64 (to build hello_commpage.s)

Sample Session

$ uname -a
Darwin NOPs-Mac.local 16.5.0 Darwin Kernel Version 16.5.0: Do 13 Jul 2017 19:29:54 CEST; adfontes:xnu-3789.51.2/BUILD/obj/DEBUG_X86_64 x86_64

Get the beginning of the comm page text area:

$ vmmap $$ | grep "shared memory.*r-x"
shared memory          00007fffffe14000-00007fffffe15000 [    4K     4K     4K     0K] r-x/r-x SM=SHM

Run user space program:

./commpage-routine 0x7fffffe14000
[*] Found hello commpage routine at address 0x00007fffffe14580
[*] Routine returns 'Hello, Commpage!'

commpage-routine's People

Contributors

forensix avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.