mirror of
https://github.com/ufrisk/pcileech.git
synced 2026-05-08 14:36:25 +08:00
70 lines
3.0 KiB
C
70 lines
3.0 KiB
C
// fbsdx64_common.h : declarations of commonly used shellcode functions
|
|
// Compatible with FreeBSD x64.
|
|
//
|
|
// Author: Ulf Frisk, pcileech@frizk.net
|
|
//
|
|
|
|
#ifndef __FBSDX64_COMMON_H__
|
|
#define __FBSDX64_COMMON_H__
|
|
|
|
#include "statuscodes.h"
|
|
|
|
typedef void VOID, *PVOID;
|
|
typedef int BOOL, *PBOOL;
|
|
typedef unsigned char BYTE, *PBYTE;
|
|
typedef char CHAR, *PCHAR;
|
|
typedef unsigned short WORD, *PWORD;
|
|
typedef unsigned long DWORD, *PDWORD;
|
|
typedef unsigned __int64 QWORD, *PQWORD;
|
|
typedef void *HANDLE;
|
|
typedef unsigned long STATUS;
|
|
#define NULL ((void *)0)
|
|
#define MAX_PATH 260
|
|
#define TRUE 1
|
|
#define FALSE 0
|
|
|
|
/*
|
|
* KMD DATA struct. This struct must be contained in a 4096 byte section (page).
|
|
* This page/struct is used to communicate between the inserted kernel code and
|
|
* the pcileech program.
|
|
* VNR: 003
|
|
*/
|
|
typedef struct tdKMDDATA {
|
|
QWORD MAGIC; // [0x000] magic number 0x0ff11337711333377.
|
|
QWORD AddrKernelBase; // [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
|
|
QWORD AddrKallsymsLookupName; // [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
|
|
QWORD DMASizeBuffer; // [0x018] size of DMA buffer.
|
|
QWORD DMAAddrPhysical; // [0x020] physical address of DMA buffer.
|
|
QWORD DMAAddrVirtual; // [0x028] virtual address of DMA buffer.
|
|
QWORD _status; // [0x030] status of operation
|
|
QWORD _result; // [0x038] result of operation TRUE|FALSE
|
|
QWORD _address; // [0x040] address to operate on.
|
|
QWORD _size; // [0x048] size of operation / data in DMA buffer.
|
|
QWORD OperatingSystem; // [0x050] operating system type
|
|
QWORD ReservedKMD[8]; // [0x058] reserved for specific kmd data (dependant on KMD version).
|
|
QWORD ReservedFutureUse1[13]; // [0x098] reserved for future use.
|
|
QWORD dataInExtraLength; // [0x100] length of extra in-data.
|
|
QWORD dataInExtraOffset; // [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
|
|
QWORD dataInExtraLengthMax; // [0x110] maximum length of extra in-data.
|
|
QWORD dataInConsoleBuffer; // [0x118] physical address of 1-page console buffer.
|
|
QWORD dataIn[28]; // [0x120]
|
|
QWORD dataOutExtraLength; // [0x200] length of extra out-data.
|
|
QWORD dataOutExtraOffset; // [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
|
|
QWORD dataOutExtraLengthMax; // [0x210] maximum length of extra out-data.
|
|
QWORD dataOutConsoleBuffer; // [0x218] physical address of 1-page console buffer.
|
|
QWORD dataOut[28]; // [0x220]
|
|
PVOID fn[32]; // [0x300] used by shellcode to store function pointers.
|
|
CHAR dataInStr[MAX_PATH]; // [0x400] string in-data
|
|
CHAR ReservedFutureUse2[252];
|
|
CHAR dataOutStr[MAX_PATH]; // [0x600] string out-data
|
|
CHAR ReservedFutureUse3[252];
|
|
QWORD ReservedFutureUse4[255]; // [0x800]
|
|
QWORD _op; // [0xFF8] (op is last 8 bytes in 4k-page)
|
|
} KMDDATA, *PKMDDATA;
|
|
|
|
extern QWORD SysVCall(QWORD fn, ...);
|
|
extern QWORD LookupFunctionFreeBSD(PKMDDATA pk, CHAR szFunctionName[]);
|
|
extern QWORD __curthread();
|
|
#define curthread (__curthread())
|
|
|
|
#endif /* __FBSDX64_COMMON_H__ */ |