{"body":"#include \n#include \n#include \n#include \n#include \n#include \n#include \n\nint foo(int a)\n{\n return a;\n}\n\n#define CHECK(kt, s) if (kt) { printf(s); abort(); }\n\nint x_main()\n{\n size_t page_size = 16384;\n vm_address_t page, x_page;\n vm_prot_t cur, max;\n kern_return_t kt;\n unsigned char *writable, *foo_dis;\n\n kt = vm_allocate(mach_task_self(), &page, page_size * 10, VM_FLAGS_ANYWHERE);\n CHECK(kt != KERN_SUCCESS, \"error calling vm_allocate\\n\")\n\n x_page = page;\n kt = vm_remap(mach_task_self(), &x_page, page_size * 10, 0x0, VM_FLAGS_OVERWRITE,\n mach_task_self(), page, FALSE, &cur, &max, VM_INHERIT_SHARE);\n CHECK(kt != KERN_SUCCESS, \"error calling remap\\n\")\n //CHECK(!(cur & VM_PROT_EXECUTE), \"not executable\\n\")\n\n writable = (unsigned char*)page;\n *writable = 192;\n *(writable + 1) = 3;\n *(writable + 2) = 95;\n *(writable + 3) = 214;\n\n kt = vm_protect(mach_task_self(), page, page_size * 10, FALSE, VM_PROT_READ | VM_PROT_EXECUTE);\n CHECK(kt != KERN_SUCCESS, \"error calling mprotect\\n\")\n\n foo_dis = writable;\n printf(\"%d %d %d %d\\n\", *foo_dis, *(foo_dis + 1), *(foo_dis + 2), *(foo_dis + 3));\n printf(\"%d\\n\", ((int (*)(int))(foo_dis))(3));\n /*void *writable, *code;\n \n printf(\"Page size: %ld\\n\", page_size);\n writable = mmap(0, page_size * 10, PROT_READ | PROT_WRITE,\n MAP_ANON | MAP_PRIVATE, -1, 0);\n printf(\"writable: %p\\n\", writable);\n code = mmap(writable, page_size * 10, PROT_READ | PROT_EXEC, MAP_ANON | MAP_PRIVATE, -1, 0);\n *(long*)(writable) = 1234;\n printf(\"%ld\\n\", *(long*)(code));*/\n /**(unsigned char*)(writable) = 192;\n *((unsigned char*)(writable) + 1) = 3;\n *((unsigned char*)(writable) + 2) = 95;\n *((unsigned char*)(writable) + 3) = 214;\n foo_dis = (unsigned char*)foo;\n //printf(\"code: %p\\n\", code);*/\n return 0;\n}\n\nint main()\n{\n size_t page_size = 16384;\n unsigned char *writable, *foo_dis;\n\n writable = (unsigned char*)mmap(0, page_size * 10, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_JIT | MAP_ANON | MAP_PRIVATE, -1, 0);\n CHECK(writable == NULL, \"error calling mmap\\n\")\n\n/* kt = vm_allocate(mach_task_self(), &page, page_size * 10, VM_FLAGS_ANYWHERE);\n CHECK(kt != KERN_SUCCESS, \"error calling vm_allocate\\n\")\n\n x_page = page;\n kt = vm_remap(mach_task_self(), &x_page, page_size * 10, 0x0, VM_FLAGS_OVERWRITE,\n mach_task_self(), page, FALSE, &cur, &max, VM_INHERIT_SHARE);\n CHECK(kt != KERN_SUCCESS, \"error calling remap\\n\")\n //CHECK(!(cur & VM_PROT_EXECUTE), \"not executable\\n\")*/\n\n //writable = (unsigned char*)page;\n pthread_jit_write_protect_np(0);\n *writable = 192;\n *(writable + 1) = 3;\n *(writable + 2) = 95;\n *(writable + 3) = 214;\n pthread_jit_write_protect_np(1);\n sys_icache_invalidate(writable, page_size * 10);\n printf(\"%d\\n\", ((int (*)(int))(writable))(3));\n\n /*kt = vm_protect(mach_task_self(), page, page_size * 10, FALSE, VM_PROT_READ | VM_PROT_EXECUTE);\n CHECK(kt != KERN_SUCCESS, \"error calling mprotect\\n\")\n\n foo_dis = writable;\n printf(\"%d %d %d %d\\n\", *foo_dis, *(foo_dis + 1), *(foo_dis + 2), *(foo_dis + 3));\n printf(\"%d\\n\", ((int (*)(int))(foo_dis))(3));*/\n /*void *writable, *code;\n \n printf(\"Page size: %ld\\n\", page_size);\n writable = mmap(0, page_size * 10, PROT_READ | PROT_WRITE,\n MAP_ANON | MAP_PRIVATE, -1, 0);\n printf(\"writable: %p\\n\", writable);\n code = mmap(writable, page_size * 10, PROT_READ | PROT_EXEC, MAP_ANON | MAP_PRIVATE, -1, 0);\n *(long*)(writable) = 1234;\n printf(\"%ld\\n\", *(long*)(code));*/\n /**(unsigned char*)(writable) = 192;\n *((unsigned char*)(writable) + 1) = 3;\n *((unsigned char*)(writable) + 2) = 95;\n *((unsigned char*)(writable) + 3) = 214;\n foo_dis = (unsigned char*)foo;\n //printf(\"code: %p\\n\", code);*/\n return 0;\n}","name":"","extension":"txt","url":"https://www.irccloud.com/pastebin/2IqhTzHR","modified":1653137638,"id":"2IqhTzHR","size":3969,"lines":112,"own_paste":false,"theme":"","date":1653137638}