马麟 f0rm2l1n

## gadget.c
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <asm/ioctl.h>
#include <linux/types.h>
#include <linux/compiler.h>
#include <linux/ctype.h>
#include <linux/debugfs.h>
#include <linux/delay.h>

## appium_log
[info] [35m[HTTP][39m Waiting until the server is closed
[info] [35m[HTTP][39m Received server close event
[info] [35m[Appium][39m Welcome to Appium v1.20.0
[info] [35m[Appium][39m Non-default server args:
[info] [35m[Appium][39m   relaxedSecurityEnabled: true
[info] [35m[Appium][39m   allowInsecure: {
[info] [35m[Appium][39m   }
[info] [35m[Appium][39m   denyInsecure: {
[info] [35m[Appium][39m   }
[info] [35m[Appium][39m Appium REST http interface listener started on 0.0.0.0:4723[info] [35m[HTTP][39m [37m-->[39m [37mGET[39m [37m/wd/hub/sessions[39m

## c
#define _GNU_SOURCE
#include <errno.h>
#include <err.h>
#include <unistd.h>
#include <fcntl.h>
#include <sched.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/syscall.h>

## c
#define _GNU_SOURCE
#include <errno.h>
#include <err.h>
#include <unistd.h>
#include <fcntl.h>
#include <sched.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/syscall.h>

## exp2.c
#include "exp2.h"

#define PAGE_SIZE			  		(0x1000)
#define MAX_NULLMAP_SIZE            (PAGE_SIZE * 4)
#define LIST_POSIION				(0x200200)
#define PROTECT_BASE				(LIST_POSIION&~(PAGE_SIZE-1))
#define MAX_VULTRIG_SOCKS_COUNT     (4000)
#define MAX_PHYSMAP_SIZE            (128 * 1024 * 1024)	// 128 MB, cannot be too bigger...
														// 128*6 in total, we only assigned with 1GB
#define MAX_PHYSMAP_SPRAY_PROCESS   (6)	// 6 times

## exp1.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <limits.h>
#include <signal.h>
#include <string.h>
#include <time.h>

## trigger.c
int main() {
	struct sockaddr_in6 sa1;
	sa1.sin6_family = AF_INET6;
	sa1.sin6_port = htons(20002);
	inet_pton(AF_INET6, "::1", &sa1.sin6_addr);
	sa1.sin6_flowinfo = 0;
	sa1.sin6_scope_id = 0;

	int optval = 8;
	#include <linux/module.h>
	#include <linux/moduleparam.h>
	#include <linux/kernel.h>
	#include <linux/init.h>
	#include <asm/ioctl.h>
	#include <linux/types.h>
	#include <linux/compiler.h>
	#include <linux/ctype.h>
	#include <linux/debugfs.h>
	#include <linux/delay.h>
	[info] [35m[HTTP][39m Waiting until the server is closed
	[info] [35m[HTTP][39m Received server close event
	[info] [35m[Appium][39m Welcome to Appium v1.20.0
	[info] [35m[Appium][39m Non-default server args:
	[info] [35m[Appium][39m relaxedSecurityEnabled: true
	[info] [35m[Appium][39m allowInsecure: {
	[info] [35m[Appium][39m }
	[info] [35m[Appium][39m denyInsecure: {
	[info] [35m[Appium][39m }
	[info] [35m[Appium][39m Appium REST http interface listener started on 0.0.0.0:4723[info] [35m[HTTP][39m [37m-->[39m [37mGET[39m [37m/wd/hub/sessions[39m
	#define _GNU_SOURCE
	#include <errno.h>
	#include <err.h>
	#include <unistd.h>
	#include <fcntl.h>
	#include <sched.h>
	#include <signal.h>
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <sys/syscall.h>
	#include "exp2.h"

	#define PAGE_SIZE (0x1000)
	#define MAX_NULLMAP_SIZE (PAGE_SIZE * 4)
	#define LIST_POSIION (0x200200)
	#define PROTECT_BASE (LIST_POSIION&~(PAGE_SIZE-1))
	#define MAX_VULTRIG_SOCKS_COUNT (4000)
	#define MAX_PHYSMAP_SIZE (128 * 1024 * 1024) // 128 MB, cannot be too bigger...
	// 128*6 in total, we only assigned with 1GB
	#define MAX_PHYSMAP_SPRAY_PROCESS (6) // 6 times
	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#include <unistd.h>
	#include <fcntl.h>
	#include <errno.h>
	#include <limits.h>
	#include <signal.h>
	#include <string.h>
	#include <time.h>
	int main() {
	struct sockaddr_in6 sa1;
	sa1.sin6_family = AF_INET6;
	sa1.sin6_port = htons(20002);
	inet_pton(AF_INET6, "::1", &sa1.sin6_addr);
	sa1.sin6_flowinfo = 0;
	sa1.sin6_scope_id = 0;

	int optval = 8;