Copying this over from thriveforums...

Hey guys,

First a little intro. Feel free to skip this first paragraph if you don't care. I got my thrive a few days ago after being lucky enough to have bought a demo HP Touchpad (which "couldn't" be activated) and being allowed by the retailer to swap it out for a Thrive. So far, I like my Thrive much better (many more ports, already has android, etc.). I've been lurking these forums since I got it, and was able to root it by reading the instructions. I'm not an android developer by any means, but I do know a few programming languages. (This is more or less my first venture into C++, though.) I've been reading all the root and rom development threads to try to catch up, including the one that says not to update when the latest update comes out, because it will make the device unrootable. I haven't updated, and don't plan on it until we find a way to root the device on the new update, which brings me to the point of this thread...

I read a thread from a little while ago that got closed on the GingerBreak exploit. As you (probably) know, it's been successful on a couple of Honeycomb tablets already. I decided to pursue it a little to see what the hitch was, so I first modified it to accept our build id, as the other thread says. And, of course, it still hangs as we know. I added some debugging lines to the code to see exactly where it was hanging (yeah, it's on the find_index function, but that calls several other functions, and I think the problem lies before that). I also noticed that no matter how many times I ran it, the PID of the vold process always read 0. So I began to think that it wasn't finding the actual PID, which is correct. It parses the file /proc/net/netlink to find the vold process, which is the volume manager daemon, but it never shows up in there. So I created a second find_vold function based on the original that goes through all of the available process IDs (up to 100 right now, 'cause it worked) and checks to see if it's the correct PID for the vold process. Mine happened to be 84, though I'm sure that number varies greatly... So I got it to correctly identify the PID of the volume manager daemon (doesn't show "0000" anymore on the line that prints it out) but it is still hanging. The problem is that the do_fault function never creates a fault (when reviewing the crashlog file). I did (accidentally) get it to create a segmentation fault by printing something in the middle of the function, but I doubt that's helpful at all... Quite possibly it's already been patched to prevent this exploit.

Anyway, I'm hoping that this might spark some interest in delving further into this exploit. I think that it's possible that the code just doesn't work the way it is, but could possibly work with a few more modifications.

Also, if anyone with a version other than .0032 could do an "adb pull /system/bin/vold" and send me the file, I want to compare it to mine to see if it's been patched at all.