Closed xsscx closed 6 months ago
// Reduced Fix
// Adjust this base address for x86_64 architectures as necessary
...
const char *cpu_cap_strings[] = { "MMX", // Bit 0 ... "SGX", // Bit 37 };
char signature(void) { // Allocate memory using calloc; +1 for null terminator, initializing all bits to zero char signature = calloc(1, 0x10 + 1); // Replaces malloc(0x10 + 1) and initializes memory if (!signature) { fprintf(stderr, "Error: Failed to allocate memory for signature.\n"); return NULL; } memcpy(signature, (const char *)COMM_PAGE64_BASE_ADDRESS, 0x10); // No need to explicitly set the null terminator since calloc initializes the memory to zero return signature; }
uint8_t read_uint8(uint64_t address) { uint8_t value = ((uint8_t )address); return value; }
uint16_t read_uint16(uint64_t address) { uint16_t value = ((uint16_t )address); return value; }
uint32_t read_uint32(uint64_t address) { uint32_t value = ((uint32_t )address); return value; }
uint64_t read_uint64(uint64_t address) { uint64_t value = ((uint64_t )address); return value; }
void dump_comm_page(void) { printf("[] COMM_PAGE_SIGNATURE: %s\n", signature()); ... printf("[] COMM_PAGE_CPU_CAPABILITIES64:\n");
uint64_t cpu_caps = read_uint64(COMM_PAGE_CPU_CAPABILITIES64);
for (int i = 0, shift = 0; i < sizeof(cpu_cap_strings) / sizeof(void *); i++) {
printf("\t%s: ", cpu_cap_strings[i]);
if (shift == 16) {
// Number of CPUs
printf("%d\n", (int)(cpu_caps & 0x00FF0000) >> 16);
// Jump to next relevant bits
shift = 24;
continue;
}
if (cpu_caps & (1ULL << shift)) {
printf("true\n");
} else {
printf("false\n");
}
shift++;
}
printf("[*] Done dumping comm page.\n");
}
int main(int argc, const char * argv[]) {
printf("Unsupported architecture.\n");
return -1;
dump_comm_page();
return 0;
}
Closing Note: The Issue has been resolved by creating Dead Code by adding Comments:
// dump_comm_page(); // dumpDeviceInfo(); // dumpMacDeviceInfo();
The Commit: https://github.com/xsscx/xnuimagefuzzer/commit/511f99b3a3ecaf392d86588b4d3d5fb26361b4c5
This Code is more appropriate for the iOS On Mac Interposing Code at URL https://github.com/xsscx/macos-research/tree/main/code/iOSOnMac
X86_64 Crash in signature() function
Why
This function directly accesses memory and should be used with caution, ensuring that COMM_PAGE64_BASE_ADDRESS points to a valid, accessible memory address to prevent undefined behavior.
pragma mark - Signature
LLDB Output - X86_64 2020 Mac Mini i7