Chameleon

Chameleon Commit Details

Date:2010-06-02 05:45:56 (13 years 9 months ago)
Author:Evan Lojewski
Commit:167
Parents: 166
Message:Added commpage panic removal patch
Changes:
M/branches/meklort/i386/boot2/kernel_patcher.c
M/branches/meklort/i386/boot2/kernel_patcher.h

File differences

branches/meklort/i386/boot2/kernel_patcher.c
1414
1515
1616
17
17
18
1819
1920
2021
2122
2223
24
2325
2426
2527
2628
2729
28
30
31
2932
3033
3134
3235
3336
3437
38
3539
3640
3741
......
7377
7478
7579
80
81
82
7683
7784
7885
......
301308
302309
303310
304
305311
306312
307313
308314
309315
310
311316
312317
313318
......
494499
495500
496501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
#define SYMBOL_PANIC1
#define SYMBOL_PMCPUEXITHALTTOOFF2
#define SYMBOL_LAPIC_INIT3
#define NUM_SYMBOLS4
#define SYMBOL_COMMPAGE_STUFF_ROUTINE4
#define NUM_SYMBOLS5
#define SYMBOL_CPUID_SET_INFO_STRING"_cpuid_set_info"
#define SYMBOL_PANIC_STRING"_panic"
#define SYMBOL_PMCPUEXITHALTTOOFF_STRING"_pmCPUExitHaltToOff"
#define SYMBOL_LAPIC_INIT_STRING"_lapic_init"
#define SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING"_commpage_stuff_routine"
char* kernelSymbols[NUM_SYMBOLS] = {
SYMBOL_CPUID_SET_INFO_STRING,
SYMBOL_PANIC_STRING,
SYMBOL_PMCPUEXITHALTTOOFF_STRING,
SYMBOL_LAPIC_INIT_STRING
SYMBOL_LAPIC_INIT_STRING,
SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING
};
UInt32 kernelSymbolAddresses[NUM_SYMBOLS] = {
0,
0,
0,
0,
0
};
**/
void patch_kernel_32(void* kernelData)
{
// Remove panic in commpage
patch_commpage_stuff_routine(kernelData);
//patch_pmCPUExitHaltToOff(kernelData);// Not working as intended, disabled for now
//if(vmware_detected)
jumpLocation--;
}
printf("Mode: %d Family %d P - JMP: 0x%X\n", impersonateModel, impersonateFamily, patchLocation - jumpLocation);
// If found... AND we want to impersonate a specific cpumodel / family...
if(impersonateFamily &&
impersonateModel &&
((patchLocation - jumpLocation) < 0xF0))
{
printf("Patching CPUID to %d.%d\n", impersonateFamily, impersonateModel);
bytes[jumpLocation] -= 10;// sizeof(movl$0x6b5a4cd2,0x00872eb4) = 10bytes
}
void patch_commpage_stuff_routine(void* kernelData)
{
UInt8* bytes = (UInt8*)kernelData;
UInt32 patchLocation = (kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] - textAddress + textSection);
UInt32 panicAddr = kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;
if(kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] == 0)
{
printf("Unable to locate %s\n", SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING);
return;
}
if(kernelSymbolAddresses[SYMBOL_PANIC] == 0)
{
printf("Unable to locate %s\n", SYMBOL_PANIC_STRING);
return;
}
while(
(bytes[patchLocation -1] != 0xE8) ||
( ( (UInt32)(panicAddr - patchLocation - 4) + textSection ) != (UInt32)((bytes[patchLocation + 0] << 0 |
bytes[patchLocation + 1] << 8 |
bytes[patchLocation + 2] << 16 |
bytes[patchLocation + 3] << 24)))
)
{
patchLocation++;
}
patchLocation--;
// Remove panic call, just in case the following patch routines fail
bytes[patchLocation + 0] = 0x90;
bytes[patchLocation + 1] = 0x90;
bytes[patchLocation + 2] = 0x90;
bytes[patchLocation + 3] = 0x90;
bytes[patchLocation + 4] = 0x90;
}
branches/meklort/i386/boot2/kernel_patcher.h
3535
3636
3737
38
38
3939
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 inpersonateModel);
void patch_pmCPUExitHaltToOff(void* kernelData);
void patch_lapic_init(void* kernelData);
void patch_commpage_stuff_routine(void* kernelData);
#endif /* !__BOOT2_KERNEL_PATCHER_H */

Archive Download the corresponding diff file

Revision: 167