MCPcopy Create free account

hub / github.com/cloudfuzz/android-kernel-exploitation / functions

Functions49 in github.com/cloudfuzz/android-kernel-exploitation

↓ 12 callersFunctionwrite32
(address, value)
gdb/root-me.py:54
↓ 5 callersFunctionwrite64
(address, value)
gdb/root-me.py:58
↓ 2 callersMethod__init__
(self)
gdb/root-me.py:140
↓ 2 callersFunctioncontainer_of
(ptr, typeobj, member)
gdb/root-me.py:16
↓ 2 callersFunctionget_current_proc_comm
()
gdb/dynamic-analysis.py:27
↓ 2 callersFunctionget_task_by_pid
(pid)
gdb/root-me.py:39
↓ 2 callersFunctiontask_lists
()
gdb/root-me.py:20
↓ 1 callersMethod__init__
( self, proc_cmd, entry_symbol, exit_symbol, params={}, break_at_exit=False, exit_callback=Non
gdb/dynamic-analysis.py:120
↓ 1 callersMethodbindToCPU
* Bind to CPU */
exploit/exploit.cpp:30
↓ 1 callersMethodclobberAddrLimit
* Clobber addr_limit */
exploit/exploit.cpp:357
↓ 1 callersMethoddisableSELinuxEnforcing
* Disable selinux enforcing globally */
exploit/exploit.cpp:837
↓ 1 callersFunctiondisable_selinux_enforcing
Disable selinux_enforcing globally
gdb/root-me.py:127
↓ 1 callersFunctionget_current_task
()
gdb/dynamic-analysis.py:16
↓ 1 callersMethodinitKernelReadWritePipe
* Initialize kernel read write pipe */
exploit/exploit.cpp:595
↓ 1 callersMethodleakTaskStruct
* The dangling chunk is binder_thread structure * and it contains an interesting member task_struct */
exploit/exploit.cpp:147
↓ 1 callersFunctionoffset_of
(typeobj, field)
gdb/root-me.py:11
↓ 1 callersMethodpatchCred
* Patch cred data structure */
exploit/exploit.cpp:764
↓ 1 callersFunctionroot_me
Root the given task :param task: task_struct address
gdb/root-me.py:62
↓ 1 callersMethodspawnRootShell
* Spawn root shell */
exploit/exploit.cpp:917
↓ 1 callersMethodverifyArbitraryReadWrite
* Verify arbitrary read write primitive */
exploit/exploit.cpp:615
↓ 1 callersMethodverifyRoot
* Verify if rooting is successful */
exploit/exploit.cpp:893
MethodBinderUaF
exploit/exploit.h:61
Method__init__
(self)
gdb/root-me.py:157
Method__init__
(self)
gdb/root-me.py:182
Method__init__
( self, proc_cmd, entry_symbol, param_list=[], exit_symbol=None, break_at_entry=False, entry_c
gdb/dynamic-analysis.py:52
Functiondump_binder_thread
(parameters)
gdb/dynamic-analysis.py:42
MethodfreeBinderThread
* Free the binder thread structure */
exploit/exploit.cpp:73
Methodinvoke
(self, arg, from_tty)
gdb/root-me.py:143
Methodinvoke
(self, arg, from_tty)
gdb/root-me.py:160
Methodinvoke
(self, arg, from_tty)
gdb/root-me.py:185
MethodkRead
* Read from arbitrary address * * @param Address: address from where to read * @param Length: how much to read * @param uBuffer: output user buffe
exploit/exploit.cpp:655
MethodkReadDword
* Read dword from arbitrary address * * @param Address: address from where to read * @return: dword */
exploit/exploit.cpp:731
MethodkReadQword
* Read qword from arbitrary address * * @param Address: address from where to read * @return: qword */
exploit/exploit.cpp:717
MethodkWrite
* Write to arbitrary address * * @param Address: address where to write * @param Length: how much to write * @param uBuffer: input user buffer */
exploit/exploit.cpp:689
MethodkWriteDword
* Write dword to arbitrary address * * @param Address: address where to write * @param Value: value to write */
exploit/exploit.cpp:745
MethodkWriteQword
* Write qword to arbitrary address * * @param Address: address where to write * @param Value: value to write */
exploit/exploit.cpp:756
MethodlinkEventPollWaitQueueToBinderThreadWaitQueue
* Link eppoll_entry->wait.entry to binder_thread->wait.head */
exploit/exploit.cpp:126
Functionmain
* Program entry point * * @return: success or failure */
exploit/exploit.cpp:933
Functionmain
exploit/trigger.cpp:33
Methodmmap4gbAlignedPage
* Allocate 4GB aligned page */
exploit/exploit.cpp:100
Functionread32
(address)
gdb/root-me.py:46
Functionread64
(address)
gdb/root-me.py:50
Functionset_dump_binder_thread
(parameters)
gdb/dynamic-analysis.py:34
Functionset_selinux_task_context
Set selinux task context :param task: task_struct address
gdb/root-me.py:106
MethodsetupBinder
* Open the binder device */
exploit/exploit.cpp:56
MethodsetupEventPoll
* Create the event poll */
exploit/exploit.cpp:83
Methodstop
(self)
gdb/dynamic-analysis.py:72
Methodstop
(self)
gdb/dynamic-analysis.py:134
MethodunlinkEventPollWaitQueueFromBinderThreadWaitQueue
* Unlink eppoll_entry->wait.entry from binder_thread->wait.head */
exploit/exploit.cpp:136