Chameleon

Chameleon Commit Details

Date:2010-08-28 23:37:23 (10 years 2 months ago)
Author:Evan Lojewski
Commit:440
Parents: 439
Message:Updated kernel patcher module. Module now works correctly and is usable. I still need to add 64bit support though.
Changes:
M/branches/meklort/i386/modules/KernelPatcher/kernel_patcher.c
M/branches/meklort/i386/modules/KernelPatcher/kernel_patcher.h
M/branches/meklort/i386/boot2/modules.c

File differences

branches/meklort/i386/boot2/modules.c
10071007
10081008
10091009
1010
10101011
10111012
10121013
......
10191020
10201021
10211022
1023
1024
1025
10221026
10231027
10241028
if(strcmp(name, SYMBOL_DYLD_STUB_BINDER) != 0)
{
printf("Unable to locate symbol %s\n", name);
getc();
}
return 0xFFFFFFFF;
}
unsigned int handle_symtable(UInt32 base, struct symtab_command* symtabCommand, void*(*symbol_handler)(char*, void*))
{
// TODO: verify that the _TEXT,_text segment starts at the same locaiton in the file. If not
//subtract the vmaddress and add the actual file address back on. (NOTE: if compiled properly, not needed)
unsigned int module_start = 0xFFFFFFFF;
UInt32 symbolIndex = 0;
branches/meklort/i386/modules/KernelPatcher/kernel_patcher.c
1919
2020
2121
22
23
24
22
23
24
25
2526
2627
2728
......
136137
137138
138139
139
140
141
142
143140
144141
145
146142
147143
148144
......
162158
163159
164160
161
165162
166
163
164
167165
168
169
170166
171
172167
173
174
175
176168
177169
178
170
179171
180172
181173
182
174
183175
184176
185177
......
283275
284276
285277
286
287278
288
289279
290280
291281
......
296286
297287
298288
299
300
301289
302290
303291
......
308296
309297
310298
311
299
312300
313
314
315
316
317
301
302
303
304
305
306
307
308
309
310
311
312
313
314
318315
319316
320317
321
318
322319
323320
324321
325
326
327
322
323
328324
329325
330326
331327
332328
333
329
330
331
332
334333
335334
336335
337336
338337
338
339
340
341
342
343
344
339345
340346
341347
......
349355
350356
351357
352
353358
354359
355360
......
491496
492497
493498
494
495
496499
497500
498501
499
500
501
502
503
504
502505
503506
504507
505508
506509
510
511
512
513
507514
508515
509516
......
518525
519526
520527
521
522
523528
524529
525530
531
526532
527
528
529
530
531
532
533
534
535
533
534
536535
537536
538537
539538
540539
541
540
541
542
543
542544
543545
544546
545547
546548
549
550
551
547552
548553
554
549555
550556
551557
......
576582
577583
578584
579
580
585
581586
582
583587
584
585
586
587
588
589
590
591
592
593
588
594589
595
590
596591
597592
598593
599
594
595
596
597
598
599
600600
601
601
602602
603603
604
605
606
607
604608
605
606609
607610
608611
......
615618
616619
617620
618
619
621
620622
621623
622624
void KernelPatcher_start()
{
register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN
register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);// 0, 0
//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM);// TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN
//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN);// 0, 0
register_kernel_patch(patch_cpuid_set_info_all, KERNEL_32, CPUID_MODEL_UNKNOWN);
register_kernel_patch(patch_commpage_stuff_routine, KERNEL_32, CPUID_MODEL_ANY);
register_kernel_patch(patch_lapic_init, KERNEL_32, CPUID_MODEL_ANY);
kernSymbols_t* lookup_kernel_symbol(const char* name)
{
if(kernelSymbols == NULL)
{
return NULL;
}
kernSymbols_t *symbol = kernelSymbols;
while(symbol && strcmp(symbol->symbol, name) !=0)
{
symbol = symbol->next;
void patch_kernel(void* kernelData, void* arg2, void* arg3, void *arg4)
{
patchRoutine_t* entry = patches;
printf("Patching kernel located at 0x%X\n", kernelData);
int arch = determineKernelArchitecture(kernelData);
locate_symbols(kernelData);
printf("Symbols located\n", kernelData);
getc();
int arch = determineKernelArchitecture(kernelData);
// TODO:locate all symbols
if(patches != NULL)
{
while(entry->next)
while(entry)
{
if(entry->validArchs == KERNEL_ANY || arch == entry->validArchs)
{
entry->patchRoutine(kernelData);
if(entry->patchRoutine) entry->patchRoutine(kernelData);
}
entry = entry->next;
}
}
}
printf("Parseing symtabl.\n");
handle_symtable((UInt32)kernelData, symtableData, &symbol_handler);
getc();
}
void* symbol_handler(char* symbolName, void* addr)
if(symbol)
{
printf("Located registered symbol %s at 0x%X\n", symbolName, addr);
getc();
symbol->addr = (UInt32)addr;
}
return (void*)0xFFFFFFFF;
** Locate the fisrt instance of _panic inside of _cpuid_set_info, and either remove it
** Or replace it so that the cpuid is set to a valid value.
**/
void patch_cpuid_set_info(void* kernelData/*, UInt32 impersonateFamily, UInt8 impersonateModel*/)
void patch_cpuid_set_info_all(void* kernelData)
{
printf("patch_cpuid_set_info\n");
getc();
UInt32 impersonateFamily = 0;
UInt8 impersonateModel = 0;
switch(Platform.CPU.Model)
{
case CPUID_MODEL_ATOM:
patch_cpuid_set_info(kernelData, CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN);
break;
default:
patch_cpuid_set_info(kernelData, 0, 0);
break;
}
}
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel)
{
UInt8* bytes = (UInt8*)kernelData;
kernSymbols_t *symbol = lookup_kernel_symbol("_cpuid_set_info");
UInt32 patchLocation = symbol ? symbol->addr : 0; //(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);
UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; //(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);
UInt32 jumpLocation = 0;
symbol = lookup_kernel_symbol("_panic");
UInt32 panicAddr = symbol ? symbol->addr : 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;
if(patchLocation == 0)
if(symbol == 0 || symbol->addr == 0)
{
printf("Unable to locate _cpuid_set_info\n");
return;
}
if(panicAddr == 0)
symbol = lookup_kernel_symbol("_panic");
UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0; //kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;
if(symbol == 0 || symbol->addr == 0)
{
printf("Unable to locate _panic\n");
return;
}
patchLocation -= (UInt32)kernelData;// Remove offset
panicAddr -= (UInt32)kernelData;
//TODO: don't assume it'll always work (Look for *next* function address in symtab and fail once it's been reached)
while(
(bytes[patchLocation -1] != 0xE8) ||
}
patchLocation--;
// Remove panic call, just in case the following patch routines fail
bytes[patchLocation + 0] = 0x90;
bytes[patchLocation + 1] = 0x90;
**/
void patch_pmCPUExitHaltToOff(void* kernelData)
{
printf("patch_pmCPUExitHaltToOff\n");
getc();
UInt8* bytes = (UInt8*)kernelData;
kernSymbols_t *symbol = lookup_kernel_symbol("_PmCpuExitHaltToOff");
UInt32 patchLocation = symbol ? symbol->addr : 0; //(kernelSymbolAddresses[SYMBOL_PMCPUEXITHALTTOOFF] - textAddress + textSection);
if(patchLocation == 0)
UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0;
if(symbol == 0 || symbol->addr == 0)
{
printf("Unable to locate _pmCPUExitHaltToOff\n");
return;
}
patchLocation -= (UInt32)kernelData;// Remove offset
while(bytes[patchLocation - 1]!= 0xB8 ||
bytes[patchLocation]!= 0x04 ||// KERN_INVALID_ARGUMENT (0x00000004)
bytes[patchLocation + 1]!= 0x00 ||// KERN_INVALID_ARGUMENT
void patch_lapic_init(void* kernelData)
{
printf("patch_lapic_init\n");
getc();
UInt8 panicIndex = 0;
UInt8* bytes = (UInt8*)kernelData;
kernSymbols_t *symbol = lookup_kernel_symbol("_lapic_init");
UInt32 patchLocation = symbol ? symbol->addr : 0;
// (kernelSymbolAddresses[SYMBOL_LAPIC_INIT] - textAddress + textSection);
// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;
symbol = lookup_kernel_symbol("_panic");
UInt32 panicAddr = symbol ? symbol->addr : 0;
if(patchLocation == 0)
UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0;
if(symbol == 0 || symbol->addr == 0)
{
printf("Unable to locate %s\n", "_lapic_init");
return;
}
if(panicAddr == 0)
symbol = lookup_kernel_symbol("_panic");
UInt32 panicAddr = symbol ? symbol->addr - textAddress: 0;
if(symbol == 0 || symbol->addr == 0)
{
printf("Unable to locate %s\n", "_panic");
return;
}
patchLocation -= (UInt32)kernelData;// Remove offset
panicAddr -= (UInt32)kernelData;// Remove offset
// Locate the (panicIndex + 1) panic call
while(panicIndex < 3)// Find the third panic call
{
void patch_commpage_stuff_routine(void* kernelData)
{
printf("patch_commpage_stuff_routine\n");
getc();
UInt8* bytes = (UInt8*)kernelData;
UInt8* bytes = (UInt8*)kernelData;
kernSymbols_t *symbol = lookup_kernel_symbol("_commpage_stuff_routine");
UInt32 patchLocation = symbol ? symbol->addr : 0;
// (kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] - textAddress + textSection);
// kernelSymbolAddresses[SYMBOL_PANIC] - textAddress;
symbol = lookup_kernel_symbol("_panic");
UInt32 panicAddr = symbol ? symbol->addr : 0;
//if(kernelSymbolAddresses[SYMBOL_COMMPAGE_STUFF_ROUTINE] == 0)
if(symbol == 0 || symbol->addr == 0)
{
//printf("Unable to locate %s\n", SYMBOL_COMMPAGE_STUFF_ROUTINE_STRING);
printf("Unable to locate %s\n", "_commpage_stuff_routine");
return;
}
//if(kernelSymbolAddresses[SYMBOL_PANIC] == 0)
UInt32 patchLocation = symbol->addr - textAddress + textSection;
symbol = lookup_kernel_symbol("_panic");
if(symbol == 0 || symbol->addr == 0)
{
//printf("Unable to locate %s\n", SYMBOL_PANIC_STRING);
printf("Unable to locate %s\n", "_panic");
return;
}
UInt32 panicAddr = symbol->addr - textAddress;
patchLocation -= (UInt32)kernelData;
panicAddr -= (UInt32)kernelData;
while(
(bytes[patchLocation -1] != 0xE8) ||
( ( (UInt32)(panicAddr - patchLocation - 4) + textSection ) != (UInt32)((bytes[patchLocation + 0] << 0 |
}
patchLocation--;
// Remove panic call, just in case the following patch routines fail
// Replace panic with nops
bytes[patchLocation + 0] = 0x90;
bytes[patchLocation + 1] = 0x90;
bytes[patchLocation + 2] = 0x90;
branches/meklort/i386/modules/KernelPatcher/kernel_patcher.h
5656
5757
5858
59
59
60
6061
6162
6263
/*
* Internal patches provided by this module.
*/
void patch_cpuid_set_info(void* kernelData);
void patch_cpuid_set_info_all(void* kernelData);
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel);
void patch_pmCPUExitHaltToOff(void* kernelData);
void patch_lapic_init(void* kernelData);
void patch_commpage_stuff_routine(void* kernelData);

Archive Download the corresponding diff file

Revision: 440