SYMBOL INDEX (442 symbols across 36 files) FILE: AMFI Utilities/amfi_utils.h type trust_chain (line 9) | struct trust_chain { type cs_hash (line 27) | struct cs_hash FILE: AMFI Utilities/amfid.h type exception_raise_request (line 26) | typedef struct { type exception_raise_reply (line 34) | typedef struct { FILE: AMFI Utilities/cs_blob.h type CodeDirectory (line 5) | typedef struct __attribute__((packed)) { type CS_BlobIndex (line 43) | typedef struct __attribute__((packed)) { type CS_SuperBlob (line 48) | typedef struct __attribute__((packed)) { type SC_Scatter (line 56) | typedef struct __SC_Scatter { type CS_GenericBlob (line 128) | typedef struct __SC_GenericBlob { type CS_CodeDirectory (line 137) | typedef struct __CodeDirectory { type cs_blob (line 182) | struct cs_blob { type cs_hash (line 220) | struct cs_hash { FILE: AMFI Utilities/osobject.c function OSDictionary_SetItem (line 19) | int OSDictionary_SetItem(uint64_t dict, const char *key, uint64_t val) { function _OSDictionary_GetItem (line 30) | uint64_t _OSDictionary_GetItem(uint64_t dict, const char *key) { function OSDictionary_GetItem (line 41) | uint64_t OSDictionary_GetItem(uint64_t dict, const char *key) { function OSDictionary_Merge (line 49) | int OSDictionary_Merge(uint64_t dict, uint64_t aDict) { function OSArray_Merge (line 55) | int OSArray_Merge(uint64_t array, uint64_t aArray) { function _OSArray_GetObject (line 61) | uint64_t _OSArray_GetObject(uint64_t array, unsigned int idx){ function OSArray_GetObject (line 67) | uint64_t OSArray_GetObject(uint64_t array, unsigned int idx){ function OSArray_RemoveObject (line 75) | void OSArray_RemoveObject(uint64_t array, unsigned int idx){ function _OSUnserializeXML (line 80) | uint64_t _OSUnserializeXML(const char* buffer) { function OSUnserializeXML (line 90) | uint64_t OSUnserializeXML(const char* buffer) { function OSObject_Release (line 98) | void OSObject_Release(uint64_t osobject) { function OSObject_Retain (line 104) | void OSObject_Retain(uint64_t osobject) { function OSObject_GetRetainCount (line 110) | uint32_t OSObject_GetRetainCount(uint64_t osobject) { function OSString_GetLength (line 116) | unsigned int OSString_GetLength(uint64_t osstring){ FILE: APFS Utilities/IOKit.h type mach_port_t (line 14) | typedef mach_port_t io_service_t; type mach_port_t (line 15) | typedef mach_port_t io_connect_t; type mach_port_t (line 16) | typedef mach_port_t io_object_t; type io_object_t (line 17) | typedef io_object_t io_registry_entry_t; FILE: APFS Utilities/liboffsetfinder64.hpp type tihmstar (line 22) | namespace tihmstar { class exception (line 23) | class exception : public std::exception{ method exception (line 27) | exception(int code, std::string err) : _err(err), _code(code) {} method exception (line 28) | exception(std::string err) : _err(err), _code(0) {} method exception (line 29) | exception(int code) : _code(code) {} method code (line 31) | int code(){return _code;} type patchfinder64 (line 33) | namespace patchfinder64{ class patch (line 36) | class patch{ class patch (line 38) | class patch method patch (line 43) | patch(loc_t location, const void *patch, size_t patchSize, void(*s... method patch (line 48) | patch(const patch& cpy) : _location(cpy._location), _patchSize(cpy... method slide (line 54) | void slide(uint64_t slide){ class offsetfinder64 (line 67) | class offsetfinder64 { type text_t (line 69) | struct text_t{ type symtab_command (line 84) | struct symtab_command type symtab_command (line 86) | struct symtab_command type patchfinder64 (line 158) | namespace patchfinder64{ class patch (line 36) | class patch{ class patch (line 38) | class patch method patch (line 43) | patch(loc_t location, const void *patch, size_t patchSize, void(*s... method patch (line 48) | patch(const patch& cpy) : _location(cpy._location), _patchSize(cpy... method slide (line 54) | void slide(uint64_t slide){ FILE: APFS Utilities/offsetfinder.cpp function offsetizeRN (line 17) | bool offsetizeRN(uint64_t slide){ FILE: APFS Utilities/snapshot_tools.c type val_attrs_t (line 14) | typedef struct val_attrs { function list_snapshots (line 20) | int list_snapshots(const char *vol){ function createNewAPFSSnapshot (line 99) | int createNewAPFSSnapshot(const char *volume, const char *snapshot) { function renameAPFSSnapshot (line 118) | int renameAPFSSnapshot(const char *volume, const char *snapshot, const c... function verifySnapshot (line 135) | int verifySnapshot(const char *vol, const char *name){ function mountSnapshot (line 165) | int mountSnapshot(const char *vol, const char *name, const char *dir) { FILE: Blizzard Jailbreak/BlizzardSpawnerTools.c function launchProcessFrozen (line 21) | int launchProcessFrozen(char *whom, char *arg1, char *arg2, char *arg3, ... FILE: Exploits/FreeTheSandbox/IOTypes.h type UInt (line 58) | typedef unsigned int UInt; type SInt (line 59) | typedef signed int SInt; type UInt32 (line 62) | typedef UInt32 IOOptionBits; type SInt32 (line 63) | typedef SInt32 IOFixed; type UInt32 (line 64) | typedef UInt32 IOVersion; type UInt32 (line 65) | typedef UInt32 IOItemCount; type UInt32 (line 66) | typedef UInt32 IOCacheMode; type UInt32 (line 68) | typedef UInt32 IOByteCount32; type UInt64 (line 69) | typedef UInt64 IOByteCount64; type UInt32 (line 71) | typedef UInt32 IOPhysicalAddress32; type UInt64 (line 72) | typedef UInt64 IOPhysicalAddress64; type UInt32 (line 73) | typedef UInt32 IOPhysicalLength32; type UInt64 (line 74) | typedef UInt64 IOPhysicalLength64; type mach_vm_address_t (line 77) | typedef mach_vm_address_t IOVirtualAddress; type vm_address_t (line 79) | typedef vm_address_t IOVirtualAddress; type IOByteCount64 (line 83) | typedef IOByteCount64 IOByteCount; type IOByteCount32 (line 85) | typedef IOByteCount32 IOByteCount; type IOVirtualAddress (line 88) | typedef IOVirtualAddress IOLogicalAddress; type IOPhysicalAddress64 (line 92) | typedef IOPhysicalAddress64 IOPhysicalAddress; type IOPhysicalLength64 (line 93) | typedef IOPhysicalLength64 IOPhysicalLength; type IOPhysicalAddress32 (line 99) | typedef IOPhysicalAddress32 IOPhysicalAddress; type IOPhysicalLength32 (line 100) | typedef IOPhysicalLength32 IOPhysicalLength; type IOPhysicalRange (line 107) | typedef struct type IOVirtualRange (line 113) | typedef struct type IOVirtualRange (line 120) | typedef IOVirtualRange IOAddressRange; type IOAddressRange (line 122) | typedef struct type IONamedValue (line 132) | typedef struct { type IOAlignment (line 141) | typedef unsigned int IOAlignment; type mach_port_t (line 156) | typedef mach_port_t io_object_t; type io_object_t (line 161) | typedef io_object_t io_connect_t; type io_object_t (line 162) | typedef io_object_t io_enumerator_t; type io_object_t (line 163) | typedef io_object_t io_iterator_t; type io_object_t (line 164) | typedef io_object_t io_registry_entry_t; type io_object_t (line 165) | typedef io_object_t io_service_t; type IODeviceNumber (line 234) | typedef unsigned int IODeviceNumber; FILE: Exploits/FreeTheSandbox/ios13_kernel_universal.c type ipc_port (line 101) | struct ipc_port { type task (line 143) | struct task function pth_commAttr_init (line 187) | void pth_commAttr_init(){ function check_num_stringlizability_4bytes (line 192) | bool check_num_stringlizability_4bytes(uint32_t input_num){ function IOSurfaceRootUserClient_remove_surface_map (line 201) | void IOSurfaceRootUserClient_remove_surface_map(io_connect_t ioconn, uin... function IOSurfaceRootUserClient_create_surface_map (line 207) | uint32_t IOSurfaceRootUserClient_create_surface_map(io_connect_t ioconn,... function KernelRead_1byte (line 250) | uint8_t KernelRead_1byte(uint64_t rAddr){ function KernelRead_2bytes (line 260) | uint16_t KernelRead_2bytes(uint64_t rAddr){ function KernelRead_4bytes (line 270) | uint32_t KernelRead_4bytes(uint64_t rAddr){ function KernelRead_8bytes (line 280) | uint64_t KernelRead_8bytes(uint64_t rAddr){ function KernelRead_anySize (line 292) | void KernelRead_anySize(uint64_t rAddr, char *outbuf, size_t outbuf_len){ function KernelWrite_1byte (line 307) | void KernelWrite_1byte(uint64_t wAddr, uint8_t wData){ function KernelWrite_2bytes (line 317) | void KernelWrite_2bytes(uint64_t wAddr, uint16_t wData){ function KernelWrite_4bytes (line 327) | void KernelWrite_4bytes(uint64_t wAddr, uint32_t wData){ function KernelWrite_8bytes (line 335) | void KernelWrite_8bytes(uint64_t wAddr, uint64_t wData){ function KernelWrite_anySize (line 344) | void KernelWrite_anySize(uint64_t wAddr, char *inputbuf, uint32_t inputb... function KernelAllocate (line 354) | uint64_t KernelAllocate(size_t len){ function KernelDeallocate (line 360) | void KernelDeallocate(uint64_t addr, size_t len){ function KernelUti_GenerateOffset (line 364) | uint32_t KernelUti_GenerateOffset(uint64_t src, uint64_t data_in_src){ function kernel_exp_start (line 395) | void kernel_exp_start(io_connect_t ave_ioconn, io_connect_t surface_ioco... function race_kmem2 (line 406) | void race_kmem2(){ function alloc_kernel_40_mem (line 413) | uint64_t alloc_kernel_40_mem(){ function empty_kernel_40_mem (line 444) | void empty_kernel_40_mem(uint64_t target_addr){ function alloc_kernel_40_mem_contains_iosurfacebuf (line 469) | uint64_t alloc_kernel_40_mem_contains_iosurfacebuf(){ function release_kernel_40_mem (line 501) | void release_kernel_40_mem(uint64_t user_iosurfaceinfo_buf){ function IOSurfaceRootUserClient_sRemoveValue (line 529) | void IOSurfaceRootUserClient_sRemoveValue(uint32_t spray_id, uint32_t key){ function _temp_kernel_reading_threadFunc (line 570) | void _temp_kernel_reading_threadFunc(){ function temp_kernel_reading (line 595) | uint64_t temp_kernel_reading(uint64_t target_addr){ function _temp_kernel_reading_categ3_threadFunc (line 649) | void _temp_kernel_reading_categ3_threadFunc(){ function temp_kernel_reading_categ3 (line 674) | uint32_t temp_kernel_reading_categ3(uint64_t target_addr){ function _temp_kernel_reading_bypass_kaslr_threadFunc (line 729) | void _temp_kernel_reading_bypass_kaslr_threadFunc(){ function temp_kernel_reading_categ5 (line 754) | uint32_t temp_kernel_reading_categ5(uint64_t target_addr){ function temp_kernel_reading_insert_valid_kaddr (line 806) | void temp_kernel_reading_insert_valid_kaddr(uint64_t target_addr){ function _temp_kernel_reading_release_mem_threadFunc (line 830) | void _temp_kernel_reading_release_mem_threadFunc(){ function temp_kernel_reading_release_mem (line 854) | uint32_t temp_kernel_reading_release_mem(uint64_t target_addr){ function prep_new_reading_primi (line 900) | void prep_new_reading_primi(){ function new_reading_primitive (line 926) | uint32_t new_reading_primitive(uint64_t target_addr){ function new_writing_primi (line 973) | void new_writing_primi(uint64_t target_addr, uint32_t write_data){ function build_fake_task_stru_forReadMem (line 996) | void build_fake_task_stru_forReadMem(char *faketask, uint64_t target_addr){ function build_fake_ipc_port_stru (line 1005) | void build_fake_ipc_port_stru(struct ipc_port *fakeport, uint64_t specif... function build_fake_task_stru_forTFP0 (line 1024) | void build_fake_task_stru_forTFP0(struct task *faketask){ function Init_spraydata_for_TT1 (line 1047) | void Init_spraydata_for_TT1(uint32_t spray_id){ function TT1_send_spray (line 1068) | void TT1_send_spray(){ function Init_spraydata_for_TT2 (line 1091) | void Init_spraydata_for_TT2(uint32_t spray_id){ function TT2_send_spray (line 1111) | void TT2_send_spray(){ function TT2_send_spray_smallspray (line 1128) | void TT2_send_spray_smallspray(){ function TT2_release_all (line 1145) | void TT2_release_all(){ function add_new_client (line 1155) | uint8_t add_new_client(){ function remove_client (line 1170) | void remove_client(){ function encode_client_normal (line 1179) | void encode_client_normal(uint8_t isFor_finalCleaning){ function encode_client_normal222 (line 1235) | void encode_client_normal222(){ function spray_client (line 1288) | void spray_client(){ function check_if_valid_kernel_ptr (line 1392) | uint8_t check_if_valid_kernel_ptr(uint64_t target_ptr){ function find_proc_byPID (line 1398) | uint64_t find_proc_byPID(pid_t target_pid) { function pid_t (line 1420) | pid_t look_for_proc(char *proc_name){ function pid_t (line 1450) | pid_t look_for_proc_basename(char *proc_name){ type paveway_sprayAddrs_pack (line 1476) | struct paveway_sprayAddrs_pack{ type paveway_sprayAddrs_pack (line 1480) | struct paveway_sprayAddrs_pack function hohoo (line 1483) | uint64_t hohoo(){ function hohoo222 (line 1624) | void hohoo222(){ function clean_up_everything (line 1746) | void clean_up_everything(){ function prep_redirect_prev_clientbuf (line 1753) | void prep_redirect_prev_clientbuf(uint64_t new_prev_clientbuf){ function prep_fake_clientbuf (line 1761) | void prep_fake_clientbuf(uint64_t genuine_UserClient_kobj){ function clean_fake_clientbuf (line 1788) | void clean_fake_clientbuf(){ function prep_fake_clientbuf_read (line 1798) | void prep_fake_clientbuf_read(uint64_t genuine_UserClient_kobj){ function run_post_exp (line 1815) | void run_post_exp(){ function KernelLeak_portAddr (line 1837) | uint64_t KernelLeak_portAddr(uint64_t target_task, uint32_t portname){ function KernelLeak_portAddr2 (line 1855) | uint32_t KernelLeak_portAddr2(uint64_t target_task, uint64_t portStru){ function patch_install_tfp0 (line 1869) | void patch_install_tfp0(uint64_t target_task, uint64_t safe_tfp0){ function patch_remove_tfp0 (line 1873) | void patch_remove_tfp0(uint64_t target_task){ function mach_port_t (line 1877) | mach_port_t patch_retrieve_tfp0(){ function patch_TF_PLATFORM (line 1883) | void patch_TF_PLATFORM(uint64_t target_task){ function ubc_cs_blob_get (line 1891) | uint64_t ubc_cs_blob_get(uint64_t vp, int cputype, uint64_t offset){ function patch_CS_PLATFORM_BINARY (line 1911) | void patch_CS_PLATFORM_BINARY(uint64_t target_proc){ function patch_unsandbox_and_root (line 1922) | void patch_unsandbox_and_root(uint64_t target_proc, bool patch_root){ function safepatch_swap_unsandbox_and_root (line 1949) | void safepatch_swap_unsandbox_and_root(uint64_t target_proc){ function safepatch_unswap_unsandbox_and_root (line 1974) | void safepatch_unswap_unsandbox_and_root(uint64_t target_proc){ function safepatch_swap_kernel_cred (line 1988) | void safepatch_swap_kernel_cred(uint64_t target_proc){ function safepatch_unswap_kernel_cred (line 1997) | void safepatch_unswap_kernel_cred(uint64_t target_proc){ function safepatch_swap_spindump_cred (line 2005) | void safepatch_swap_spindump_cred(uint64_t target_proc){ function safepatch_unswap_spindump_cred (line 2034) | void safepatch_unswap_spindump_cred(uint64_t target_proc){ function safepatch_swap_containermanagerd_cred (line 2050) | void safepatch_swap_containermanagerd_cred(uint64_t target_proc){ function safepatch_unswap_containermanagerd_cred (line 2069) | void safepatch_unswap_containermanagerd_cred(uint64_t target_proc){ function patch_root (line 2073) | void patch_root(uint64_t target_proc){ function seek_out_proc_who_request_tfp0 (line 2093) | uint64_t seek_out_proc_who_request_tfp0() { function build_tfp0_persistence_for_research_purpose (line 2127) | void build_tfp0_persistence_for_research_purpose(){ function ios13_kernel_pwn (line 2171) | void ios13_kernel_pwn(io_connect_t ioconn, io_connect_t surface_ioconn){ function binary_load_addr (line 2507) | uint64_t binary_load_addr(mach_port_t tp) { function TaskRead_4bytes (line 2542) | uint32_t TaskRead_4bytes(mach_port_t task, uint64_t rAddr){ function TaskRead_8bytes (line 2549) | uint64_t TaskRead_8bytes(mach_port_t task, uint64_t rAddr){ function TaskWrite_1byte (line 2556) | void TaskWrite_1byte(mach_port_t task, uint64_t wAddr, uint8_t wData){ function TaskWrite_4bytes (line 2560) | void TaskWrite_4bytes(mach_port_t task, uint64_t wAddr, uint32_t wData){ function TaskWrite_8bytes (line 2564) | void TaskWrite_8bytes(mach_port_t task, uint64_t wAddr, uint64_t wData){ function TaskWrite_anySize (line 2568) | void TaskWrite_anySize(mach_port_t task, uint64_t wAddr, char *inputbuf,... function TaskAllocate (line 2572) | uint64_t TaskAllocate(mach_port_t task, size_t len){ function TaskDeallocate (line 2578) | void TaskDeallocate(mach_port_t task, uint64_t addr, size_t len){ type exception_raise_request (line 2597) | typedef struct { type exception_raise_reply (line 2605) | typedef struct { type cdHashType (line 2626) | enum cdHashType { type cdHashType (line 2633) | enum cdHashType function set_exception_handler (line 2867) | void set_exception_handler(mach_port_t amfid_task_port){ function patch_amfid (line 2889) | void patch_amfid(pid_t amfid_pid){ function find_amfid_OFFSET_MISValidate_symbol (line 2909) | uint64_t find_amfid_OFFSET_MISValidate_symbol(uint8_t *amfid_macho){ function find_amfid_OFFSET_gadget (line 2969) | uint64_t find_amfid_OFFSET_gadget(uint8_t *amfid_macho){ type stat (line 3004) | struct stat function display_ip_address (line 3025) | void display_ip_address(){ function remove_crash_thats_caused_by_exp (line 3045) | void remove_crash_thats_caused_by_exp(const char *name) function run_post_exp_from_tfp0 (line 3065) | void run_post_exp_from_tfp0(){ FILE: Exploits/FreeTheSandbox/ios13_userspace.c type mach_msg_guard_flags_t (line 56) | typedef unsigned int mach_msg_guard_flags_t; function Prepare_our_Mach_server (line 72) | void Prepare_our_Mach_server(){ function isPartOf_dyldcache (line 86) | bool isPartOf_dyldcache(vm_address_t addr){ function Get_loaded_dylib_size (line 98) | size_t Get_loaded_dylib_size(void *dylib_address){ function Find_dylibcache (line 119) | void Find_dylibcache(){ function find_gadget (line 152) | uint64_t find_gadget(char *bytes, size_t len){ function find_gadget_speed (line 161) | uint64_t find_gadget_speed(char *bytes, size_t len, void *findingRange_s... function Find_Gadgets_speed (line 221) | void Find_Gadgets_speed(){ function get_server_port (line 249) | uint32_t get_server_port(char *servername){ function mach_msg_conn_test (line 261) | void mach_msg_conn_test(){ function click_test_main (line 313) | void click_test_main(){ function xpc_conn_test (line 317) | void xpc_conn_test(){ function xpc_conn_test_exp1 (line 346) | void xpc_conn_test_exp1(){ function xpc_conn_test_forTrigger (line 387) | void xpc_conn_test_forTrigger(){ function Assemble_part2_AOP (line 418) | void Assemble_part2_AOP(uint64_t *spraymem, uint64_t spray_start_address){ function Assemble_part1_ROP (line 617) | void Assemble_part1_ROP(uint64_t *rop2_stack, uint64_t rop2_start_address){ function xpc_conn_test_exp2 (line 634) | void xpc_conn_test_exp2(){ function Retrieve_symptomsd_bootstrap_port (line 703) | uint32_t Retrieve_symptomsd_bootstrap_port(){ function Send_our_serverport (line 714) | bool Send_our_serverport(){ function mach_port_t (line 761) | mach_port_t Retrieve_symptomsd_task_port(){ function Send_overwritting_iosurfaceMap (line 779) | void Send_overwritting_iosurfaceMap(uint64_t remote_map_addr, uint64_t *... function Reply_notify_completion (line 806) | void Reply_notify_completion(){ function Send_notify_msg (line 816) | void Send_notify_msg(){ function new_guard_thing_test (line 829) | void new_guard_thing_test(){ function io_test (line 848) | void io_test(){ function kern_return_t (line 883) | kern_return_t print_all_ports(){ function trit (line 961) | void trit (io_iterator_t it,int index){ function print_cbuf (line 980) | void print_cbuf(uint8_t *buf, size_t len){ function Send_overwritting_iosurfaceMap22 (line 991) | void Send_overwritting_iosurfaceMap22(uint64_t our_data_addr, uint64_t o... function print_char (line 1010) | void print_char(uint8_t *data_ptr, size_t data_size){ function iOS13_exploit_init (line 1021) | void iOS13_exploit_init(){ FILE: Exploits/FreeTheSandbox/ios13_userspace_pac.c function PACSupport_pacdza (line 49) | uint64_t PACSupport_pacdza(uint64_t data_ptr){ function PACSupport_paciza (line 62) | uint64_t PACSupport_paciza(uint64_t code_ptr){ function PACSupport_pacia (line 75) | uint64_t PACSupport_pacia(uint64_t code_ptr, uint64_t modifier){ function PACSupport_xpaci (line 85) | uint64_t PACSupport_xpaci(void *code_ptr){ function PACSupport_addMask (line 89) | uint64_t PACSupport_addMask(uint64_t data_ptr, uint32_t mask){ function isPartOf_dyldcache (line 109) | bool isPartOf_dyldcache(vm_address_t addr){ function Get_loaded_dylib_size (line 121) | size_t Get_loaded_dylib_size(void *dylib_address){ function Find_dylibcache (line 141) | void Find_dylibcache(){ function find_gadget (line 172) | uint64_t find_gadget(char *bytes, size_t len){ function find_gadget_speed (line 180) | uint64_t find_gadget_speed(char *bytes, size_t len, void *findingRange_s... function Find_aopGadgets (line 268) | void Find_aopGadgets(){ function Find_aopGadgets_speed (line 306) | void Find_aopGadgets_speed(){ function Assemble_AOP (line 342) | void Assemble_AOP(uint64_t *aop_stack, uint64_t rop_start_address){ function Assemble_AOP2 (line 348) | void Assemble_AOP2(uint64_t *spraymem, uint64_t spray_start_address){ function symptomsd_vuln_prepare1 (line 547) | void symptomsd_vuln_prepare1(){ function symptomsd_vuln_prepare2 (line 589) | void symptomsd_vuln_prepare2(int boo){ function symptomsd_vuln_trigger (line 618) | void symptomsd_vuln_trigger(int boo){ function Prepare_our_Mach_server (line 696) | void Prepare_our_Mach_server(){ function Retrieve_symptomsd_bootstrap_port (line 705) | uint32_t Retrieve_symptomsd_bootstrap_port(){ function Retrieve_midi_bootstrap_port (line 717) | uint32_t Retrieve_midi_bootstrap_port(){ function Send_our_serverport (line 727) | bool Send_our_serverport(){ function mach_port_t (line 774) | mach_port_t Retrieve_symptomsd_task_port(){ function Send_overwritting_iosurfaceMap (line 792) | void Send_overwritting_iosurfaceMap(uint64_t remote_map_addr, uint64_t *... function Reply_notify_completion (line 819) | void Reply_notify_completion(){ function Send_notify_msg (line 829) | void Send_notify_msg(){ function PACSupport_PACGA (line 840) | uint64_t PACSupport_PACGA(uint64_t code_ptr, uint64_t modifier){ function test_thread (line 850) | void test_thread(){ function exploit_start (line 865) | void exploit_start(){ FILE: Exploits/FreeTheSandbox/libsnappy.c type mach_port_t (line 22) | typedef mach_port_t io_object_t; type io_object_t (line 23) | typedef io_object_t io_registry_entry_t; type UInt32 (line 25) | typedef UInt32 IOOptionBits; function typedef (line 38) | __attribute__((aligned(4))) function snapshot_check (line 46) | bool snapshot_check(int dirfd, const char *name) type attrlist (line 67) | struct attrlist function sha1_to_str (line 118) | static int sha1_to_str(const unsigned char *hash, size_t hashlen, char *... FILE: Exploits/FreeTheSandbox/vnode.h type lck_mtx_t (line 4) | typedef struct { type vnode_resolve (line 21) | struct vnode_resolve type kauth_action_t (line 23) | typedef uint32_t kauth_action_t; type vnode (line 26) | struct vnode { FILE: Exploits/IOKit/IOKitLib.h type IONotificationPort (line 67) | struct IONotificationPort type IOObject (line 1431) | typedef struct IOObject IOObject; FILE: Exploits/IOKit/IOReturn.h type kern_return_t (line 45) | typedef kern_return_t IOReturn; FILE: Exploits/IOKit/IOTypes.h type UInt (line 58) | typedef unsigned int UInt; type SInt (line 59) | typedef signed int SInt; type UInt32 (line 62) | typedef UInt32 IOOptionBits; type SInt32 (line 63) | typedef SInt32 IOFixed; type UInt32 (line 64) | typedef UInt32 IOVersion; type UInt32 (line 65) | typedef UInt32 IOItemCount; type UInt32 (line 66) | typedef UInt32 IOCacheMode; type UInt32 (line 68) | typedef UInt32 IOByteCount32; type UInt64 (line 69) | typedef UInt64 IOByteCount64; type UInt32 (line 71) | typedef UInt32 IOPhysicalAddress32; type UInt64 (line 72) | typedef UInt64 IOPhysicalAddress64; type UInt32 (line 73) | typedef UInt32 IOPhysicalLength32; type UInt64 (line 74) | typedef UInt64 IOPhysicalLength64; type mach_vm_address_t (line 77) | typedef mach_vm_address_t IOVirtualAddress; type vm_address_t (line 79) | typedef vm_address_t IOVirtualAddress; type IOByteCount64 (line 83) | typedef IOByteCount64 IOByteCount; type IOByteCount32 (line 85) | typedef IOByteCount32 IOByteCount; type IOVirtualAddress (line 88) | typedef IOVirtualAddress IOLogicalAddress; type IOPhysicalAddress64 (line 92) | typedef IOPhysicalAddress64 IOPhysicalAddress; type IOPhysicalLength64 (line 93) | typedef IOPhysicalLength64 IOPhysicalLength; type IOPhysicalAddress32 (line 99) | typedef IOPhysicalAddress32 IOPhysicalAddress; type IOPhysicalLength32 (line 100) | typedef IOPhysicalLength32 IOPhysicalLength; type IOPhysicalRange (line 107) | typedef struct type IOVirtualRange (line 113) | typedef struct type IOVirtualRange (line 120) | typedef IOVirtualRange IOAddressRange; type IOAddressRange (line 122) | typedef struct type IONamedValue (line 132) | typedef struct { type IOAlignment (line 141) | typedef unsigned int IOAlignment; type mach_port_t (line 156) | typedef mach_port_t io_object_t; type io_object_t (line 161) | typedef io_object_t io_connect_t; type io_object_t (line 162) | typedef io_object_t io_enumerator_t; type io_object_t (line 163) | typedef io_object_t io_iterator_t; type io_object_t (line 164) | typedef io_object_t io_registry_entry_t; type io_object_t (line 165) | typedef io_object_t io_service_t; type IODeviceNumber (line 234) | typedef unsigned int IODeviceNumber; FILE: Exploits/sock_port/exploit.c function set_minmtu (line 13) | int set_minmtu(int sock, int *minmtu) { function get_minmtu (line 17) | int get_minmtu(int sock, int *minmtu) { function get_prefertempaddr (line 22) | int get_prefertempaddr(int sock, int *prefertempaddr) { function set_prefertempaddr (line 27) | int set_prefertempaddr(int sock, int *prefertempaddr) { function get_pktinfo (line 31) | int get_pktinfo(int sock, struct in6_pktinfo *pktinfo) { function set_pktinfo (line 36) | int set_pktinfo(int sock, struct in6_pktinfo *pktinfo) { function free_socket_options (line 41) | int free_socket_options(int sock) { function get_socket (line 46) | int get_socket() { function get_socket_with_dangling_options (line 65) | int get_socket_with_dangling_options() { function mach_port_t (line 76) | mach_port_t new_port() { function find_port_via_uaf (line 92) | uint64_t find_port_via_uaf(mach_port_t port, int disposition) { function task_self_addr (line 121) | uint64_t task_self_addr() { type ip6_pktopts (line 136) | struct ip6_pktopts type ip6_pktopts (line 136) | struct ip6_pktopts type in6_pktinfo (line 139) | struct in6_pktinfo type ip6_pktopts (line 145) | struct ip6_pktopts type in6_pktinfo (line 172) | struct in6_pktinfo type in6_pktinfo (line 173) | struct in6_pktinfo function rk64_via_uaf (line 179) | uint64_t rk64_via_uaf(uint64_t addr) { function free_via_uaf (line 190) | int free_via_uaf(uint64_t addr) { function mach_port_waitq_flags (line 242) | static inline uint32_t mach_port_waitq_flags() { function mach_port_t (line 254) | mach_port_t get_tfp0() { FILE: Exploits/sock_port/exploit.h type route_in6 (line 28) | struct route_in6 { type ip6po_rhinfo (line 36) | struct ip6po_rhinfo { type ip6po_nhinfo (line 41) | struct ip6po_nhinfo { type ip6_pktopts (line 46) | struct ip6_pktopts { type kport_t (line 67) | typedef volatile struct { type ktask_t (line 108) | typedef struct { FILE: Exploits/sock_port/exploit_utilities.c function mach_port_t (line 12) | mach_port_t fill_kalloc_with_port_pointer(mach_port_t target_port, int c... function message_size_for_kalloc_size (line 60) | size_t message_size_for_kalloc_size(size_t kalloc_size) { function mach_port_t (line 65) | mach_port_t send_kalloc_message(uint8_t *replacer_message_body, uint32_t... function trigger_gc (line 116) | void trigger_gc() { function init_IOSurface (line 154) | int init_IOSurface() { function deinit_IOSurface (line 166) | void deinit_IOSurface() { function spray_IOSurface (line 170) | int spray_IOSurface(void *data, size_t size) { FILE: Exploits/sock_port/exploit_utilities.h type ool_msg (line 23) | struct ool_msg { type simple_msg (line 29) | struct simple_msg { FILE: Exploits/sock_port/include/IOKit/IOKitLib.h type IONotificationPort (line 64) | struct IONotificationPort type IOObject (line 1258) | typedef struct IOObject IOObject; FILE: Exploits/sock_port/include/IOKit/IOReturn.h type kern_return_t (line 45) | typedef kern_return_t IOReturn; FILE: Exploits/sock_port/include/IOKit/IOTypes.h type UInt32 (line 72) | typedef UInt32 IOOptionBits; type SInt32 (line 73) | typedef SInt32 IOFixed; type UInt32 (line 74) | typedef UInt32 IOVersion; type UInt32 (line 75) | typedef UInt32 IOItemCount; type UInt32 (line 76) | typedef UInt32 IOCacheMode; type UInt32 (line 78) | typedef UInt32 IOByteCount32; type UInt64 (line 79) | typedef UInt64 IOByteCount64; type UInt32 (line 81) | typedef UInt32 IOPhysicalAddress32; type UInt64 (line 82) | typedef UInt64 IOPhysicalAddress64; type UInt32 (line 83) | typedef UInt32 IOPhysicalLength32; type UInt64 (line 84) | typedef UInt64 IOPhysicalLength64; type mach_vm_address_t (line 87) | typedef mach_vm_address_t IOVirtualAddress; type vm_address_t (line 89) | typedef vm_address_t IOVirtualAddress; type IOByteCount64 (line 93) | typedef IOByteCount64 IOByteCount; type IOByteCount32 (line 95) | typedef IOByteCount32 IOByteCount; type IOVirtualAddress (line 98) | typedef IOVirtualAddress IOLogicalAddress; type IOPhysicalAddress64 (line 102) | typedef IOPhysicalAddress64 IOPhysicalAddress; type IOPhysicalLength64 (line 103) | typedef IOPhysicalLength64 IOPhysicalLength; type IOPhysicalAddress32 (line 109) | typedef IOPhysicalAddress32 IOPhysicalAddress; type IOPhysicalLength32 (line 110) | typedef IOPhysicalLength32 IOPhysicalLength; type IOPhysicalRange (line 117) | typedef struct type IOVirtualRange (line 123) | typedef struct type IOVirtualRange (line 130) | typedef IOVirtualRange IOAddressRange; type IOAddressRange (line 132) | typedef struct type IONamedValue (line 142) | typedef struct { type IOAlignment (line 151) | typedef unsigned int IOAlignment; type OSObject (line 167) | struct OSObject type mach_port_t (line 169) | typedef mach_port_t io_object_t; type io_object_t (line 175) | typedef io_object_t io_connect_t; type io_object_t (line 176) | typedef io_object_t io_enumerator_t; type io_object_t (line 177) | typedef io_object_t io_iterator_t; type io_object_t (line 178) | typedef io_object_t io_registry_entry_t; type io_object_t (line 179) | typedef io_object_t io_service_t; type IODeviceNumber (line 242) | typedef unsigned int IODeviceNumber; FILE: Exploits/sock_port/include/IOKit/OSMessageNotification.h type natural_t (line 78) | typedef natural_t OSAsyncReference[kOSAsyncRefCount]; type OSNotificationHeader (line 80) | struct OSNotificationHeader { type IOServiceInterestContent (line 92) | struct IOServiceInterestContent { type IOAsyncCompletionContent (line 97) | struct IOAsyncCompletionContent { type OSNotificationHeader (line 107) | typedef struct OSNotificationHeader OSNotificationHeader; type IOServiceInterestContent (line 108) | typedef struct IOServiceInterestContent IOServiceInterestContent; type IOAsyncCompletionContent (line 109) | typedef struct IOAsyncCompletionContent IOAsyncCompletionContent; FILE: Exploits/sock_port/iosurface.c function IOSurface_init (line 16) | bool function IOSurface_deinit (line 61) | void function IOSurface_set_value (line 76) | bool function IOSurface_get_value (line 100) | static bool function IOSurface_remove_value (line 123) | static bool function base255_encode (line 147) | static uint32_t function xml_units_for_data_size (line 163) | static size_t function serialize_IOSurface_data_array (line 175) | static size_t function IOSurface_spray_with_gc_internal (line 202) | static bool function IOSurface_spray_with_gc (line 286) | bool function IOSurface_spray_size_with_gc (line 294) | bool function IOSurface_spray_read_array (line 308) | bool function IOSurface_spray_read_all_data (line 364) | bool function IOSurface_spray_remove_array (line 382) | bool function IOSurface_spray_clear (line 392) | bool FILE: Exploits/sock_port/iosurface.h type _IOSurfaceFastCreateArgs (line 110) | struct _IOSurfaceFastCreateArgs { type IOSurfaceLockResult (line 120) | struct IOSurfaceLockResult { type IOSurfaceValueArgs (line 128) | struct IOSurfaceValueArgs { type IOSurfaceValueArgs_string (line 137) | struct IOSurfaceValueArgs_string { type IOSurfaceValueResultArgs (line 144) | struct IOSurfaceValueResultArgs { type IOSurfaceValueArgs (line 149) | struct IOSurfaceValueArgs FILE: Exploits/sock_port/kernel_memory.c function init_kernel_memory (line 13) | void init_kernel_memory(mach_port_t tfp0) { function kalloc (line 17) | uint64_t kalloc(vm_size_t size) { function kfree (line 23) | void kfree(mach_vm_address_t address, vm_size_t size) { function kread (line 27) | size_t kread(uint64_t where, void *p, size_t size) { function rk32 (line 45) | uint32_t rk32(uint64_t where) { function rk64 (line 51) | uint64_t rk64(uint64_t where) { function kwrite (line 57) | size_t kwrite(uint64_t where, const void *p, size_t size) { function wk32 (line 75) | void wk32(uint64_t where, uint32_t what) { function wk64 (line 81) | void wk64(uint64_t where, uint64_t what) { function find_port (line 86) | uint64_t find_port(mach_port_name_t port, uint64_t task_self) { FILE: Exploits/sock_port/offsets.h type kstruct_offset (line 4) | enum kstruct_offset { type kstruct_offset (line 53) | enum kstruct_offset FILE: Kernel Utilities/kernSymbolication.c function find_symbol (line 23) | uint64_t find_symbol(const char *symbol, bool verbose) { function find_macho_header (line 128) | uint32_t find_macho_header() { function decompressKernelCache (line 138) | int decompressKernelCache(const char *kernelcache) { FILE: Kernel Utilities/kernSymbolication.h type symbol (line 22) | struct symbol { FILE: Kernel Utilities/kernel_utils.h type kmap_hdr_t (line 46) | typedef struct { FILE: Kernel Utilities/kexecute.c function mach_port_t (line 12) | mach_port_t PrepareUserClient(void){ function initializeKernelExecute (line 37) | void initializeKernelExecute(void) { function terminateKernelExecute (line 64) | void terminateKernelExecute(void){ function kexecute (line 71) | uint64_t kexecute(uint64_t addr, uint64_t x0, uint64_t x1, uint64_t x2, ... FILE: Kernel Utilities/lzssdec.cpp class lzssdecompress (line 25) | class lzssdecompress method lzssdecompress (line 49) | lzssdecompress() method reset (line 63) | void reset() method decompress (line 76) | void decompress(uint8_t *dst, uint32_t dstlen, uint32_t *pdstused, uin... method flush (line 125) | void flush(uint8_t *dst, uint32_t dstlen, uint32_t *pdstused) method copyfromdict (line 137) | void copyfromdict() method dumpcopydata (line 149) | void dumpcopydata() method addtodict (line 156) | void addtodict(uint8_t c) method nextflagbit (line 161) | void nextflagbit() method setcounter (line 167) | void setcounter(uint8_t first, uint8_t second) function usage (line 174) | void usage(int argc,char**argv) function lzssdec (line 180) | int lzssdec(int argc,char**argv) FILE: PatchFinder/patchfinder64.h type addr_t (line 7) | typedef unsigned long long addr_t;