Artoria2e5 (talk | contribs) |
Artoria2e5 (talk | contribs) |
||
| Line 36: | Line 36: | ||
* [https://gist.github.com/alyssarosenzweig/7d8099cdb227d2de0a9e83b7de34c7f8 demo.m] from Alyssa Rosenzweig uses the memleak struct definition to decode an image on M1. | * [https://gist.github.com/alyssarosenzweig/7d8099cdb227d2de0a9e83b7de34c7f8 demo.m] from Alyssa Rosenzweig uses the memleak struct definition to decode an image on M1. | ||
It is unknown why the struct definitions appear to differ from the above in the two examples. As with other IOKit classes, you use <code>IOConnectCallStructMethod</code> to call the methods. | It is unknown why the struct definitions appear to differ from the above in the two examples (padding? change in size_t?). As with other IOKit classes, you use <code>IOConnectCallStructMethod</code> to call the methods. | ||
{{occlass|library=IOKit.framework|navbox=1}} | {{occlass|library=IOKit.framework|navbox=1}} | ||
Revision as of 07:53, 25 September 2021
AppleJPEGDriver is a kernel-extension providing the acceleration of encoding and decoding JPEG images via IOSurfaces, especially for ones with YUV color space. It powers the AppleJPEG for decoding, Camera for encoding, and Celestial for both.
Methods
| Selector | Action | Input | Output |
|---|---|---|---|
| 0 | initializeDecoder | - | - |
| 1 | startDecoder | struct JPEGDriverArgs (40 bytes) | 40 bytes of stuff |
| 2 | initializeEncoder | - | - |
| 3 | startEncoder | struct JPEGDriverArgs (40 bytes) | 40 bytes of stuff. |
where
struct JPEGDriverArgs {
int must_be_zero_1;
IOSurfaceID src_surface /*in*/;
size_t src_size /*in*/;
int must_be_zero_2;
IOSurfaceID dest_surface /*in*/;
size_t dest_size /*in*/;
size_t result_size /*out*/;
size_t dest_width /*in*/;
size_t dest_height /*in*/;
int quality /*in: 4 gives decent quality */;
};
For best results, use an IOSurface that has the kIOSurfaceCacheMode property set to kIOMapInhibitCache.
Code making use of this interface
- AppleJPEGDriver-memleak calls AppleJPEGDriver to perform an exploit on iOS 10.1.1.
- demo.m from Alyssa Rosenzweig uses the memleak struct definition to decode an image on M1.
It is unknown why the struct definitions appear to differ from the above in the two examples (padding? change in size_t?). As with other IOKit classes, you use IOConnectCallStructMethod to call the methods.
| ||||||||