Skip to content

Instantly share code, notes, and snippets.

View antoniofrighetto's full-sized avatar

Antonio Frighetto antoniofrighetto

30 followers · 0 following
View GitHub Profile
@antoniofrighetto
antoniofrighetto / earlycse_unwanted_opt.md
Last active November 22, 2021 11:27

EarlyCSE performs unwanted optimization – Analysis

Recall that precall_hook and postcall_hook markers surround IR instructions containing calls to opaque functions (registers_clobbered) which are used to say which register variables were clobbered by the original callee. All calls have attribute readonly and nounwind. opaque_true function call is used to prevent DCE (we make all branch conditions opaque).

Before EarlyCSE

In the process of testing tac coreutil binary, for a specific functions we have the following BBs (only relevant parts are included):

; *** IR Dump After Simplify the CFG ***
@antoniofrighetto
antoniofrighetto / 6974.c
Created March 1, 2020 21:42
CVE-2015-6974 IOHIDFamily UAF PoC
// 2k20 antoniofrighetto & benjamin
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>
#include <pthread.h>
#include <mach/mach.h>
@antoniofrighetto
antoniofrighetto / build-xnu.sh
Last active August 6, 2020 12:59
Script to build any XNU kernel version.
# !/bin/bash
# 2k20 ~antoniofrighetto
# Build any XNU kernel version. Make sure you have the related MacOSX SDK version installed
#
# macOS 10.15.4 kernel compilation successfully tested on macOS 10.15.6 and Xcode 11.6
#
# MACOS_VERSION=10.15.4 BACKUP_SDK=1 OPTIONS=RELEASE,DEVELOPMENT ./build-xnu.sh
# XNU_VERSION=xnu-4570.41.2 ./build-xnu.sh
set_macos_version() {