Chameleon Commit Details - 440 - Chameleon open source boot loader project.

Date:

2010-08-28 23:37:23 (13 years 7 months ago)

Author:

Evan Lojewski

Commit:

440

Parents:

439

Message:

Updated kernel patcher module. Module now works correctly and is usable. I still need to add 64bit support though.

Changes:

M	/branches/meklort/i386/modules/KernelPatcher/kernel_patcher.c
M	/branches/meklort/i386/modules/KernelPatcher/kernel_patcher.h
M	/branches/meklort/i386/boot2/modules.c

File differences

-1007
1008 1008
1009 1009
1010
1010 1011
1011 1012
1012 1013
... ...
1019 1020
1020 1021
1021 1022
1023
1024
1025
1022 1026
1023 1027
1024 1028
+␉if(strcmp(name, SYMBOL_DYLD_STUB_BINDER) != 0)␊
␉{␊
␉␉printf("Unable to locate symbol %s\n", name);␊
␉␉getc();␊
␉}␊
␉return 0xFFFFFFFF;␊
}␊

 ␊
unsigned int handle_symtable(UInt32 base, struct symtab_command* symtabCommand, void*(*symbol_handler)(char*, void*))␊
{␊
␉// TODO: verify that the _TEXT,_text segment starts at the same locaiton in the file. If not␊
␉//␉␉␉subtract the vmaddress and add the actual file address back on. (NOTE: if compiled properly, not needed)␊
␉␊
␉unsigned int module_start = 0xFFFFFFFF;␊
␉␊
␉UInt32 symbolIndex = 0;␊
 ...
 ␉if(strcmp(name, SYMBOL_DYLD_STUB_BINDER) != 0)␊
 ␉{␊
 ␉␉printf("Unable to locate symbol %s\n", name);␊
+␉␉getc();␊
 ␉}␊
 ␉return 0xFFFFFFFF;␊
 }␊
  ␊
 unsigned int handle_symtable(UInt32 base, struct symtab_command* symtabCommand, void*(*symbol_handler)(char*, void*))␊
 {␊
+␉// TODO: verify that the _TEXT,_text segment starts at the same locaiton in the file. If not␊
+␉//␉␉␉subtract the vmaddress and add the actual file address back on. (NOTE: if compiled properly, not needed)␊
+␉␊
 ␉unsigned int module_start = 0xFFFFFFFF;␊
 ␉␊
 ␉UInt32 symbolIndex = 0;␊

-19
20 20
21 21
22 
23 
24 
22
23
24
25
25 26
26 27
27 28
... ...
136 137
137 138
138 139
139 
140 
141 
142 
143 140
144 141
145 
146 142
147 143
148 144
... ...
162 158
163 159
164 160
161
165 162
166 
163
164
167 165
168 
169 
170 166
171 
172 167
173 
174 
175 
176 168
177 169
178 
170
179 171
180 172
181 173
182 
174
183 175
184 176
185 177
... ...
283 275
284 276
285 277
286 
287 278
288 
289 279
290 280
291 281
... ...
296 286
297 287
298 288
299 
300 
301 289
302 290
303 291
... ...
308 296
309 297
310 298
311 
299
312 300
313 
314 
315 
316 
317 
301
302
303
304
305
306
307
308
309
310
311
312
313
314
318 315
319 316
320 317
321 
318
322 319
323 320
324 321
325 
326 
327 
322
323
328 324
329 325
330 326
331 327
332 328
333 
329
330
331
332
334 333
335 334
336 335
337 336
338 337
338
339
340
341
342
343
344
339 345
340 346
341 347
... ...
349 355
350 356
351 357
352 
353 358
354 359
355 360
... ...
491 496
492 497
493 498
494 
495 
496 499
497 500
498 501
499 
500 
501 
502
503
504
502 505
503 506
504 507
505 508
506 509
510
511
512
513
507 514
508 515
509 516
... ...
518 525
519 526
520 527
521 
522 
523 528
524 529
525 530
531
526 532
527 
528 
529 
530 
531 
532 
533 
534 
535 
533
534
536 535
537 536
538 537
539 538
540 539
541 
540
541
542
543
542 544
543 545
544 546
545 547
546 548
549
550
551
547 552
548 553
554
549 555
550 556
551 557
... ...
576 582
577 583
578 584
579 
580 
585
581 586
582 
583 587
584 
585 
586 
587 
588 
589 
590 
591 
592 
593 
588
594 589
595 
590
596 591
597 592
598 593
599 
594
595
596
597
598
599
600 600
601 
601
602 602
603 603
604
605
606
607
604 608
605 
606 609
607 610
608 611
... ...
615 618
616 619
617 620
618 
619 
621
620 622
621 623
622 624
+␊
void KernelPatcher_start()␊
{␊
␉register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);␉␉// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN␊
␉register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);␉// 0, 0 ␊
␉␊
␉//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);␉␉// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN␊
␉//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);␉// 0, 0 ␊
␉register_kernel_patch(patch_cpuid_set_info_all, KERNEL_32, CPUID_MODEL_UNKNOWN); ␊
␊
␉register_kernel_patch(patch_commpage_stuff_routine, KERNEL_32, CPUID_MODEL_ANY);␊
␉␊
␉register_kernel_patch(patch_lapic_init, KERNEL_32, CPUID_MODEL_ANY);␊

␊
kernSymbols_t* lookup_kernel_symbol(const char* name)␊
{␊
␉if(kernelSymbols == NULL)␊
␉{␊
␉␉return NULL;␊
␉}␊
␉kernSymbols_t *symbol = kernelSymbols;␊
␊
␊
␉while(symbol && strcmp(symbol->symbol, name) !=0)␊
␉{␊
␉␉symbol = symbol->next;␊

void patch_kernel(void* kernelData, void* arg2, void* arg3, void *arg4)␊
{␊
␉patchRoutine_t* entry = patches;␊
␊
␉␊
␉printf("Patching kernel located at 0x%X\n", kernelData);␊
␉int arch = determineKernelArchitecture(kernelData);␊
␊
␉locate_symbols(kernelData);␊
␉printf("Symbols located\n", kernelData);␊
␉getc();␊
␉␊
␉int arch = determineKernelArchitecture(kernelData);␊
␉␊
␉// TODO:locate all symbols␊
␉␊
␉␊
␉if(patches != NULL)␊
␉{␊
␉␉while(entry->next)␊
␉␉while(entry)␊
␉␉{␊
␉␉␉if(entry->validArchs == KERNEL_ANY || arch == entry->validArchs)␊
␉␉␉{␊
␉␉␉␉entry->patchRoutine(kernelData);␊
␉␉␉␉if(entry->patchRoutine) entry->patchRoutine(kernelData);␊
␉␉␉}␊
␉␉␉entry = entry->next;␊
␉␉}␊

␉␉}␊
␉}␊
␉␊
␉printf("Parseing symtabl.\n");␊
␉handle_symtable((UInt32)kernelData, symtableData, &symbol_handler);␊
␉getc();␊
}␊
␊
void* symbol_handler(char* symbolName, void* addr)␊

␉␊
␉if(symbol)␊
␉{␊
␉␉printf("Located registered symbol %s at 0x%X\n", symbolName, addr);␊
␉␉getc();␊
␉␉symbol->addr = (UInt32)addr;␊
␉}␊
␉return (void*)0xFFFFFFFF;␊

 ** Locate the fisrt instance of _panic inside of _cpuid_set_info, and either remove it␊
 ** Or replace it so that the cpuid is set to a valid value.␊
 **/␊
void patch_cpuid_set_info(void* kernelData/*, UInt32 impersonateFamily, UInt8 impersonateModel*/)␊
void patch_cpuid_set_info_all(void* kernelData)␊
{␊
␉printf("patch_cpuid_set_info\n");␊
␉getc();␊
␉UInt32 impersonateFamily = 0;␊
␉UInt8 impersonateModel = 0;␊
␉␊
␉switch(Platform.CPU.Model)␊
␉{␊
␉␉case CPUID_MODEL_ATOM:␊
␉␉␉patch_cpuid_set_info(kernelData, CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN); ␊
␉␉␉break;␊
␉␉␉␊
␉␉default:␊
␉␉␉patch_cpuid_set_info(kernelData, 0, 0);␊
␉␉␉break;␊
␉}␊
}␊
␊
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel)␊
{␉␊
␉UInt8* bytes = (UInt8*)kernelData;␊
␉␊
␉kernSymbols_t *symbol = lookup_kernel_symbol("_cpuid_set_info");␊
␉UInt32 patchLocation = symbol ? symbol->addr : 0; //␉(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);␊
␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; //␉(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);␊
␉␊
␉UInt32 jumpLocation = 0;␊
␉␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉UInt32 panicAddr = symbol ? symbol->addr : 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
␉if(patchLocation == 0)␊
␉␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉printf("Unable to locate _cpuid_set_info\n");␊
␉␉return;␊
␉␉␊
␉}␊
␉if(panicAddr == 0)␊
␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉printf("Unable to locate _panic\n");␊
␉␉return;␊
␉}␊
␉␊
␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
␉panicAddr -= (UInt32)kernelData;␊
␊
␊
␉␊
␉␊
␉␊
␉//TODO: don't assume it'll always work (Look for *next* function address in symtab and fail once it's been reached)␊
␉while(  ␊
␉␉  (bytes[patchLocation -1] != 0xE8) ||␊

␉}␊
␉patchLocation--;␊
␉␊
␉␊
␉// Remove panic call, just in case the following patch routines fail␊
␉bytes[patchLocation + 0] = 0x90;␊
␉bytes[patchLocation + 1] = 0x90;␊

 **/␊
void patch_pmCPUExitHaltToOff(void* kernelData)␊
{␊
␉printf("patch_pmCPUExitHaltToOff\n");␊
␉getc();␊
␉UInt8* bytes = (UInt8*)kernelData;␊
␊
␉kernSymbols_t *symbol = lookup_kernel_symbol("_PmCpuExitHaltToOff");␊
␉UInt32 patchLocation = symbol ? symbol->addr : 0; //(kernelSymbolAddresses[SYMBOL_PMCPUEXITHALTTOOFF] - textAddress + textSection);␊
␊
␉if(patchLocation == 0)␊
␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0;␊
␉␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉printf("Unable to locate _pmCPUExitHaltToOff\n");␊
␉␉return;␊
␉}␊
␉␊
␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
␉␊
␉␊
␉␊
␉while(bytes[patchLocation - 1]␉!= 0xB8 ||␊
␉␉  bytes[patchLocation]␉␉!= 0x04 ||␉// KERN_INVALID_ARGUMENT (0x00000004)␊
␉␉  bytes[patchLocation + 1]␉!= 0x00 ||␉// KERN_INVALID_ARGUMENT␊

␊
void patch_lapic_init(void* kernelData)␊
{␊
␉printf("patch_lapic_init\n");␊
␉getc();␊
␊
␉UInt8 panicIndex = 0;␊
␉UInt8* bytes = (UInt8*)kernelData;␊
␉␊
␉kernSymbols_t *symbol = lookup_kernel_symbol("_lapic_init");␊
␉UInt32 patchLocation = symbol ? symbol->addr : 0; ␊
␉␊
␉// (kernelSymbolAddresses[SYMBOL_LAPIC_INIT] - textAddress + textSection);␊
␉// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
␉␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉UInt32 panicAddr = symbol ? symbol->addr : 0; ␊
␊
␉if(patchLocation == 0)␊
␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; ␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉printf("Unable to locate %s\n", "_lapic_init");␊
␉␉return;␊
␉␉␊
␉}␊
␉if(panicAddr == 0)␊
␉␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0; ␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉printf("Unable to locate %s\n", "_panic");␊
␉␉return;␊
␉}␊
␉␊
␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
␉panicAddr -= (UInt32)kernelData;␉// Remove offset␊
␊
␉␊
␉␊
␉␊
␉// Locate the (panicIndex + 1) panic call␊
␉while(panicIndex < 3)␉// Find the third panic call␊
␉{␊

␊
void patch_commpage_stuff_routine(void* kernelData)␊
{␊
␉printf("patch_commpage_stuff_routine\n");␊
␉getc();␊
␉UInt8* bytes = (UInt8*)kernelData;␊
␊
␉UInt8* bytes = (UInt8*)kernelData;␊
␉kernSymbols_t *symbol = lookup_kernel_symbol("_commpage_stuff_routine");␊
␉UInt32 patchLocation = symbol ? symbol->addr : 0; ␊
␊
␉␊
␉// (kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] - textAddress + textSection);␊
␉// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
␉␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉UInt32 panicAddr = symbol ? symbol->addr : 0; ␊
␊
␉//if(kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] == 0)␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉//␉printf("Unable to locate %s\n", SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING);␊
␉␉printf("Unable to locate %s\n", "_commpage_stuff_routine");␊
␉␉return;␊
␉␉␊
␉}␊
␉//if(kernelSymbolAddresses[SYMBOL_PANIC] == 0)␊
␉␊
␉UInt32 patchLocation = symbol->addr - textAddress + textSection; ␊
␊
␉␊
␉symbol = lookup_kernel_symbol("_panic");␊
␉if(symbol == 0 || symbol->addr == 0)␊
␉{␊
␉␉//␉printf("Unable to locate %s\n", SYMBOL_PANIC_STRING);␊
␉␉printf("Unable to locate %s\n", "_panic");␊
␉␉return;␊
␉}␊
␉UInt32 panicAddr = symbol->addr - textAddress; ␊
␊
␉patchLocation -= (UInt32)kernelData;␊
␉panicAddr -= (UInt32)kernelData;␊
␉␊
␉␊
␉while(  ␊
␉␉  (bytes[patchLocation -1] != 0xE8) ||␊
␉␉  ( ( (UInt32)(panicAddr - patchLocation  - 4) + textSection ) != (UInt32)((bytes[patchLocation + 0] << 0  | ␊

␉}␊
␉patchLocation--;␊
␉␊
␉␊
␉// Remove panic call, just in case the following patch routines fail␊
␉// Replace panic with nops␊
␉bytes[patchLocation + 0] = 0x90;␊
␉bytes[patchLocation + 1] = 0x90;␊
␉bytes[patchLocation + 2] = 0x90;␊
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ␊
 void KernelPatcher_start()␊
 {␊
-␉register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);␉␉// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN␊
-␉register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);␉// 0, 0 ␊
-␉␊
+␉//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);␉␉// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN␊
+␉//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);␉// 0, 0 ␊
+␉register_kernel_patch(patch_cpuid_set_info_all, KERNEL_32, CPUID_MODEL_UNKNOWN); ␊
+␊
 ␉register_kernel_patch(patch_commpage_stuff_routine, KERNEL_32, CPUID_MODEL_ANY);␊
 ␉␊
 ␉register_kernel_patch(patch_lapic_init, KERNEL_32, CPUID_MODEL_ANY);␊
 ␊
 kernSymbols_t* lookup_kernel_symbol(const char* name)␊
 {␊
-␉if(kernelSymbols == NULL)␊
-␉{␊
-␉␉return NULL;␊
-␉}␊
 ␉kernSymbols_t *symbol = kernelSymbols;␊
 ␊
-␊
 ␉while(symbol && strcmp(symbol->symbol, name) !=0)␊
 ␉{␊
 ␉␉symbol = symbol->next;␊
 void patch_kernel(void* kernelData, void* arg2, void* arg3, void *arg4)␊
 {␊
 ␉patchRoutine_t* entry = patches;␊
+␊
 ␉␊
-␉printf("Patching kernel located at 0x%X\n", kernelData);␊
+␉int arch = determineKernelArchitecture(kernelData);␊
+␊
 ␉locate_symbols(kernelData);␊
-␉printf("Symbols located\n", kernelData);␊
-␉getc();␊
 ␉␊
-␉int arch = determineKernelArchitecture(kernelData);␊
 ␉␊
-␉// TODO:locate all symbols␊
-␉␊
-␉␊
 ␉if(patches != NULL)␊
 ␉{␊
-␉␉while(entry->next)␊
+␉␉while(entry)␊
 ␉␉{␊
 ␉␉␉if(entry->validArchs == KERNEL_ANY || arch == entry->validArchs)␊
 ␉␉␉{␊
-␉␉␉␉entry->patchRoutine(kernelData);␊
+␉␉␉␉if(entry->patchRoutine) entry->patchRoutine(kernelData);␊
 ␉␉␉}␊
 ␉␉␉entry = entry->next;␊
 ␉␉}␊
 ␉␉}␊
 ␉}␊
 ␉␊
-␉printf("Parseing symtabl.\n");␊
 ␉handle_symtable((UInt32)kernelData, symtableData, &symbol_handler);␊
-␉getc();␊
 }␊
 ␊
 void* symbol_handler(char* symbolName, void* addr)␊
 ␉␊
 ␉if(symbol)␊
 ␉{␊
-␉␉printf("Located registered symbol %s at 0x%X\n", symbolName, addr);␊
-␉␉getc();␊
 ␉␉symbol->addr = (UInt32)addr;␊
 ␉}␊
 ␉return (void*)0xFFFFFFFF;␊
  ** Locate the fisrt instance of _panic inside of _cpuid_set_info, and either remove it␊
  ** Or replace it so that the cpuid is set to a valid value.␊
  **/␊
-void patch_cpuid_set_info(void* kernelData/*, UInt32 impersonateFamily, UInt8 impersonateModel*/)␊
+void patch_cpuid_set_info_all(void* kernelData)␊
 {␊
-␉printf("patch_cpuid_set_info\n");␊
-␉getc();␊
-␉UInt32 impersonateFamily = 0;␊
-␉UInt8 impersonateModel = 0;␊
-␉␊
+␉switch(Platform.CPU.Model)␊
+␉{␊
+␉␉case CPUID_MODEL_ATOM:␊
+␉␉␉patch_cpuid_set_info(kernelData, CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN); ␊
+␉␉␉break;␊
+␉␉␉␊
+␉␉default:␊
+␉␉␉patch_cpuid_set_info(kernelData, 0, 0);␊
+␉␉␉break;␊
+␉}␊
+}␊
+␊
+void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel)␊
+{␉␊
 ␉UInt8* bytes = (UInt8*)kernelData;␊
 ␉␊
 ␉kernSymbols_t *symbol = lookup_kernel_symbol("_cpuid_set_info");␊
-␉UInt32 patchLocation = symbol ? symbol->addr : 0; //␉(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);␊
+␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; //␉(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);␊
 ␉␊
 ␉UInt32 jumpLocation = 0;␊
 ␉␊
-␉symbol = lookup_kernel_symbol("_panic");␊
-␉UInt32 panicAddr = symbol ? symbol->addr : 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
-␉if(patchLocation == 0)␊
+␉␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
 ␉␉printf("Unable to locate _cpuid_set_info\n");␊
 ␉␉return;␊
 ␉␉␊
 ␉}␊
-␉if(panicAddr == 0)␊
+␊
+␉symbol = lookup_kernel_symbol("_panic");␊
+␉UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
 ␉␉printf("Unable to locate _panic\n");␊
 ␉␉return;␊
 ␉}␊
 ␉␊
+␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
+␉panicAddr -= (UInt32)kernelData;␊
+␊
+␊
+␉␊
+␉␊
+␉␊
 ␉//TODO: don't assume it'll always work (Look for *next* function address in symtab and fail once it's been reached)␊
 ␉while(  ␊
 ␉␉  (bytes[patchLocation -1] != 0xE8) ||␊
 ␉}␊
 ␉patchLocation--;␊
 ␉␊
-␉␊
 ␉// Remove panic call, just in case the following patch routines fail␊
 ␉bytes[patchLocation + 0] = 0x90;␊
 ␉bytes[patchLocation + 1] = 0x90;␊
  **/␊
 void patch_pmCPUExitHaltToOff(void* kernelData)␊
 {␊
-␉printf("patch_pmCPUExitHaltToOff\n");␊
-␉getc();␊
 ␉UInt8* bytes = (UInt8*)kernelData;␊
 ␊
 ␉kernSymbols_t *symbol = lookup_kernel_symbol("_PmCpuExitHaltToOff");␊
-␉UInt32 patchLocation = symbol ? symbol->addr : 0; //(kernelSymbolAddresses[SYMBOL_PMCPUEXITHALTTOOFF] - textAddress + textSection);␊
-␊
-␉if(patchLocation == 0)␊
+␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0;␊
+␉␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
 ␉␉printf("Unable to locate _pmCPUExitHaltToOff\n");␊
 ␉␉return;␊
 ␉}␊
 ␉␊
+␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
+␉␊
+␉␊
+␉␊
 ␉while(bytes[patchLocation - 1]␉!= 0xB8 ||␊
 ␉␉  bytes[patchLocation]␉␉!= 0x04 ||␉// KERN_INVALID_ARGUMENT (0x00000004)␊
 ␉␉  bytes[patchLocation + 1]␉!= 0x00 ||␉// KERN_INVALID_ARGUMENT␊
 ␊
 void patch_lapic_init(void* kernelData)␊
 {␊
-␉printf("patch_lapic_init\n");␊
-␉getc();␊
 ␊
 ␉UInt8 panicIndex = 0;␊
 ␉UInt8* bytes = (UInt8*)kernelData;␊
+␉␊
 ␉kernSymbols_t *symbol = lookup_kernel_symbol("_lapic_init");␊
-␉UInt32 patchLocation = symbol ? symbol->addr : 0; ␊
-␉␊
-␉// (kernelSymbolAddresses[SYMBOL_LAPIC_INIT] - textAddress + textSection);␊
-␉// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
-␉␊
-␉symbol = lookup_kernel_symbol("_panic");␊
-␉UInt32 panicAddr = symbol ? symbol->addr : 0; ␊
-␊
-␉if(patchLocation == 0)␊
+␉UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; ␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
 ␉␉printf("Unable to locate %s\n", "_lapic_init");␊
 ␉␉return;␊
 ␉␉␊
 ␉}␊
-␉if(panicAddr == 0)␊
+␉␊
+␉symbol = lookup_kernel_symbol("_panic");␊
+␉UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0; ␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
 ␉␉printf("Unable to locate %s\n", "_panic");␊
 ␉␉return;␊
 ␉}␊
 ␉␊
+␉patchLocation -= (UInt32)kernelData;␉// Remove offset␊
+␉panicAddr -= (UInt32)kernelData;␉// Remove offset␊
+␊
 ␉␊
 ␉␊
+␉␊
 ␉// Locate the (panicIndex + 1) panic call␊
 ␉while(panicIndex < 3)␉// Find the third panic call␊
 ␉{␊
 ␊
 void patch_commpage_stuff_routine(void* kernelData)␊
 {␊
-␉printf("patch_commpage_stuff_routine\n");␊
-␉getc();␊
+␉UInt8* bytes = (UInt8*)kernelData;␊
 ␊
-␉UInt8* bytes = (UInt8*)kernelData;␊
 ␉kernSymbols_t *symbol = lookup_kernel_symbol("_commpage_stuff_routine");␊
-␉UInt32 patchLocation = symbol ? symbol->addr : 0; ␊
-␊
-␉␊
-␉// (kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] - textAddress + textSection);␊
-␉// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;␊
-␉␊
-␉symbol = lookup_kernel_symbol("_panic");␊
-␉UInt32 panicAddr = symbol ? symbol->addr : 0; ␊
-␊
-␉//if(kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] == 0)␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
-␉␉//␉printf("Unable to locate %s\n", SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING);␊
+␉␉printf("Unable to locate %s\n", "_commpage_stuff_routine");␊
 ␉␉return;␊
 ␉␉␊
 ␉}␊
-␉//if(kernelSymbolAddresses[SYMBOL_PANIC] == 0)␊
+␉␊
+␉UInt32 patchLocation = symbol->addr - textAddress + textSection; ␊
+␊
+␉␊
+␉symbol = lookup_kernel_symbol("_panic");␊
+␉if(symbol == 0 || symbol->addr == 0)␊
 ␉{␊
-␉␉//␉printf("Unable to locate %s\n", SYMBOL_PANIC_STRING);␊
+␉␉printf("Unable to locate %s\n", "_panic");␊
 ␉␉return;␊
 ␉}␊
+␉UInt32 panicAddr = symbol->addr - textAddress; ␊
+␊
+␉patchLocation -= (UInt32)kernelData;␊
+␉panicAddr -= (UInt32)kernelData;␊
 ␉␊
-␉␊
 ␉while(  ␊
 ␉␉  (bytes[patchLocation -1] != 0xE8) ||␊
 ␉␉  ( ( (UInt32)(panicAddr - patchLocation  - 4) + textSection ) != (UInt32)((bytes[patchLocation + 0] << 0  | ␊
 ␉}␊
 ␉patchLocation--;␊
 ␉␊
-␉␊
-␉// Remove panic call, just in case the following patch routines fail␊
+␉// Replace panic with nops␊
 ␉bytes[patchLocation + 0] = 0x90;␊
 ␉bytes[patchLocation + 1] = 0x90;␊
 ␉bytes[patchLocation + 2] = 0x90;␊

-56
57 57
58 58
59 
59
60
60 61
61 62
62 63
+/*␊
 * Internal patches provided by this module.␊
 */␊
void patch_cpuid_set_info(void* kernelData);␊
void patch_cpuid_set_info_all(void* kernelData);␊
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel);␊
void patch_pmCPUExitHaltToOff(void* kernelData);␊
void patch_lapic_init(void* kernelData);␊
void patch_commpage_stuff_routine(void* kernelData);␊
 /*␊
  * Internal patches provided by this module.␊
  */␊
-void patch_cpuid_set_info(void* kernelData);␊
+void patch_cpuid_set_info_all(void* kernelData);␊
+void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel);␊
 void patch_pmCPUExitHaltToOff(void* kernelData);␊
 void patch_lapic_init(void* kernelData);␊
 void patch_commpage_stuff_routine(void* kernelData);␊

Download the corresponding diff file