mirror of
https://github.com/AsahiLinux/m1n1
synced 2024-11-26 08:20:18 +00:00
986c6730e9
heapblock is a simple `sbrk` style implementation, also useful as an "endless" decompression buffer. dlmalloc is used on top as a malloc implementation. This also changes how the Python side manages its heap. We still use a python-side malloc implementation (since this is faster), and we put the Python heap at the m1n1 heap + 128MB, without allocating it. Hopefully this should never step on anything m1n1 neads, and avoids having to manage freeing across Python script calls. Signed-off-by: Hector Martin <marcan@marcan.st>
29 lines
804 B
Python
29 lines
804 B
Python
#!/usr/bin/python
|
|
|
|
from setup import *
|
|
|
|
payload = open(sys.argv[1], "rb").read()
|
|
|
|
try:
|
|
# Try to use the m1n1 heap to avoid wasting 128MB RAM on every load
|
|
new_base = p.memalign(0x10000, len(payload))
|
|
except:
|
|
# Fall back to proxy heap, which will be at the right place in old versions
|
|
new_base = u.memalign(0x10000, len(payload))
|
|
|
|
# FIXME: this will currently still waste the whole m1n1 size including payload area (64+MB) on each
|
|
# chainload. The best way to fix this is to support in-place chainloading, which has other
|
|
# advantages.
|
|
|
|
print("Loading %d bytes to 0x%x" % (len(payload), new_base))
|
|
|
|
iface.writemem(new_base + 0x4000, payload[0x4000:], True)
|
|
|
|
entry = new_base + 0x4800
|
|
|
|
print("Jumping to 0x%x" % entry)
|
|
|
|
p.reboot(entry, u.ba_addr)
|
|
|
|
iface.nop()
|
|
print("Proxy is alive again")
|