|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Kernel memory write via ROP gadget"
(initial page) |
m (→See also: link fix) |
||
| Line 2: | Line 2: | ||
== See also == |
== See also == |
||
| − | * [[Jailbreak Patches]] (like <code>sb_evaluate()</code> and <code>task_for_pid()</code>) |
+ | * [[:Category:Kernel_Patches|Jailbreak Patches]] (like <code>sb_evaluate()</code> and <code>task_for_pid()</code>) |
== References == |
== References == |
||
Revision as of 19:39, 2 August 2013
Evasi0n cannot set the destination pointer in a memmove() operation to an arbitrary value because the vtable pointer is necessary to call the wanted function. This problem is solved by searching for a STR R1, [R2]; BX LR gadget in memory and that is being used to write four bytes at a time. With this all patches can be made.
See also
- Jailbreak Patches (like
sb_evaluate()andtask_for_pid())
