Fix kexecute on iOS 13

kexecute.c

@@ -94,7 +94,7 @@ void init_Kernel_Execute(void) {
     // Now the userclient port we have will look into our fake user client rather than the old one
 
     // Replace IOUserClient::getExternalTrapForIndex with our ROP gadget (add x0, x0, #0x40; ret;)
-    KernelWrite_64bits(FakeVtable+8*0xB7, Find_add_x0_x0_0x40_ret());
+    KernelWrite_64bits(FakeVtable+8*off_getExternelTrapForIndex, Find_add_x0_x0_0x40_ret());
 
     //
     //printf("Wrote the `add x0, x0, #0x40; ret;` gadget over getExternalTrapForIndex");

offsetof.c

@@ -61,3 +61,4 @@ unsigned off_specflags = 0x10;
 unsigned off_mnt_flag = 0x70;            // mount::mnt_flag
 unsigned off_mnt_data = 0x8f8;           // mount::mnt_data
 
+unsigned off_getExternelTrapForIndex = 0xb7; // IOUserClient::getExternalTrapForIndex

offsetof.h

@@ -61,6 +61,8 @@ extern unsigned off_specflags;
 extern unsigned off_mnt_flag;
 extern unsigned off_mnt_data;
 
+extern unsigned off_getExternelTrapForIndex;
+
 #define	CS_VALID		0x0000001	/* dynamically valid */
 #define CS_ADHOC		0x0000002	/* ad hoc signed */
 #define CS_GET_TASK_ALLOW	0x0000004	/* has get-task-allow entitlement */

offsets.m

@@ -220,6 +220,8 @@ void _offsets_init() {
 #else
         off_t_flags = 0x3d0;
 #endif
+
+        off_getExternelTrapForIndex = 0xb8;
     }
     else if (SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(@"12.0")) {
         printf("[i] offsets selected for iOS 12.0 or above\n");