something

jakeajames · Jul 14, 2019 · 28fd77e · 28fd77e
1 parent 68a6da7
commit 28fd77e
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 0 deletions.
diff --git a/downloads/jelbrekLib.dylib b/downloads/jelbrekLib.dylib
diff --git a/downloads/jelbrekLib.h b/downloads/jelbrekLib.h
@@ -571,3 +571,14 @@ BOOL hidePath(char *path);
     false: Failure
  */
 BOOL fixMmap(char *path);
+
+/*
+ Purpose:
+    Get fg_data for a file descriptor (a struct vnode for files, struct socket for sockets, struct pipe for pipes etc...)
+ Parameters:
+    The file descriptor
+    The pid the file descriptor belongs to
+ Return value:
+    proc->p_fd->fd_ofiles[fd]->fproc->fg_data;
+ */
+uint64_t dataForFD(int fd, int pid);
diff --git a/jelbrek.m b/jelbrek.m
@@ -1336,6 +1336,7 @@ BOOL fixMmap(char *path) {
     return KernelRead_32bits(vnode + off_v_flags) & VSHARED_DYLD;
 }
 
+
 /*int addSandboxExtension() {
  
  }*/
diff --git a/offsetof.c b/offsetof.c
@@ -5,6 +5,7 @@ unsigned off_p_gid = 0x34;               // proc_t::p_uid
 unsigned off_p_ruid = 0x38;              // proc_t::p_uid
 unsigned off_p_rgid = 0x3c;              // proc_t::p_uid
 unsigned off_p_ucred = 0x100;            // proc_t::p_ucred
+unsigned off_p_fd = 0x108;               // proc_t::p_fd
 unsigned off_p_csflags = 0x2a8;          // proc_t::p_csflags
 unsigned off_p_comm = 0x268;             // proc_t::p_comm
 unsigned off_p_textvp = 0x248;           // proc_t::p_textvp

diff --git a/offsetof.h b/offsetof.h
@@ -6,6 +6,7 @@ extern unsigned off_p_gid;
 extern unsigned off_p_ruid;
 extern unsigned off_p_rgid;
 extern unsigned off_p_ucred;
+extern unsigned off_p_fd;
 extern unsigned off_p_csflags;
 extern unsigned off_p_comm;
 

diff --git a/offsets.m b/offsets.m
@@ -156,6 +156,7 @@ void _offsets_init() {
         off_p_ruid = 0x30;
         off_p_rgid = 0x34;
         off_p_ucred = 0xf8;
+        off_p_fd = 0x100;
         off_p_csflags = 0x290;
         off_p_comm = 0x250;
         off_p_textvp = 0x230;

diff --git a/utils.h b/utils.h
@@ -3,3 +3,4 @@
 
 uint64_t FindKernelBase(void);
 uint64_t binary_load_address(mach_port_t tp);
+uint64_t dataForFD(int fd, int pid);
diff --git a/utils.m b/utils.m
@@ -71,3 +71,15 @@ uint64_t binary_load_address(mach_port_t tp) {
     return target_first_addr;
 }
 
+uint64_t dataForFD(int fd, int pid) {
+    // proc->p_fd->fd_ofiles[fd]->fproc->fg_data;
+
+    uint64_t proc = proc_of_pid(pid);
+    uint64_t p_fd = KernelRead_64bits(proc + off_p_fd);
+    uint64_t fd_ofiles = KernelRead_64bits(p_fd);
+    uint64_t fproc = KernelRead_64bits(fd_ofiles + fd * 8);
+    uint64_t f_fglob = KernelRead_64bits(fproc + 8);
+    uint64_t fg_data = KernelRead_64bits(f_fglob + 56);
+
+    return fg_data;
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -1336,6 +1336,7 @@ BOOL fixMmap(char *path) { @@
         return KernelRead_32bits(vnode + off_v_flags) & VSHARED_DYLD;
     }
     /*int addSandboxExtension() {
      }*/
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,3 +3,4 @@

		uint64_t FindKernelBase(void);
		uint64_t binary_load_address(mach_port_t tp);
		uint64_t dataForFD(int fd, int pid);