forked from Byte-Master-101/CVE-2019-2215
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommands.gdb
49 lines (41 loc) · 983 Bytes
/
commands.gdb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
echo Note: running the exploit while gdb is connected makes it very unreliable, so only connect gdb when needed\n
target remote :1234
macro define offsetof(_type, _memb) ((long)(&((_type *)0)->_memb))
macro define task_is(_taskname) $_streq(((struct task_struct*)(*(long*)(__per_cpu_offset[0]+(long)¤t_task)))->comm, _taskname)
define print_binder
set pagination off
x/51gx $bthread
set pagination on
end
set $targetproc = "cve-2019-2215-e"
c
b binder_free_thread if task_is($targetproc)
commands
set $bthread = thread
print_binder
dis $bpnum1
en $bpnum2
c
end
dis $bpnum
set $bpnum1 = $bpnum
b wait.c:50 if task_is($targetproc) && wq_head == &$bthread->wait
commands
print_binder
dis $bpnum2
en $bpnum3
c
end
dis $bpnum
set $bpnum2 = $bpnum
b wait.c:52 if task_is($targetproc) && wq_head == &$bthread->wait
commands
print_binder
dis $bpnum3
en $bpnum1
c
end
dis $bpnum
set $bpnum3 = $bpnum
en $bpnum1
c