Chameleon

Chameleon Commit Details

Date:2010-11-01 04:48:11 (13 years 5 months ago)
Author:Evan Lojewski
Commit:628
Parents: 627
Message:Kext patcher update. Supports patching the GMA950 FB kext for use on the GMA3150, only tested on 10.6.5
Changes:
M/branches/meklort/i386/modules/KextPatcher/hex_editor.c
M/branches/meklort/i386/modules/KextPatcher/hex_editor.h
M/branches/meklort/i386/modules/KextPatcher/kext_patcher.c

File differences

branches/meklort/i386/modules/KextPatcher/hex_editor.h
1313
1414
1515
16
16
1717
int replace_patern(char* pattern, char* repalcement, char* buffer, long buffer_size);
int replace_word(uint32_t pattern, uint32_t repalcement, char* buffer, long buffer_size);
void replace_string(char* find, char* replace, char* string, int length);
void replace_bytes(char* find, int find_size, char* replace, int replace_size, char* exec, int length);
#endif /* H_HEX_EDITOR */
branches/meklort/i386/modules/KextPatcher/kext_patcher.c
2020
2121
2222
23
23
2424
2525
2626
......
3232
3333
3434
35
36
3537
3638
3739
......
364366
365367
366368
367
369
370
371
372
373
374
375
376
377
368378
369379
370380
......
373383
374384
375385
376
386
377387
378388
379389
......
396406
397407
398408
399
400
409
401410
402411
403412
404413
405
406
414
407415
408416
409417
......
672680
673681
674682
675
683
676684
677685
686
687
688
689
690
691
692
693
694
695
696
697
698
678699
679700
680701
681702
682
683703
684704
685705
......
711731
712732
713733
714
734
735
736
715737
716738
717739
......
719741
720742
721743
744
745
722746
747
748
723749
724750
725751
#include "hex_editor.h"
#define kHDACodec"HDACodec"/* acpi_patcher.c */
#define kHDACodec"HDACodec"
#ifndef DEBUG_KEXT_PATCHER
#else
#define DBG(x...)
#endif
bool patch_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_gma_kexts(TagPtr plist, char* plistbuffer, void* start);
bool patch_bcm_kext(TagPtr plist, char* plistbuffer, void* start);
)
)
{
return patch_gma_kexts(plist, plistbuffer, start);
if(strcmp(bundleID, "com.apple.driver.AppleIntelIntegratedFramebuffer") == 0 || patch_gma_deviceid == 0x27ae)
{
return patch_gma_kexts(plist, plistbuffer, start);
}
else
{
}
}
else if(patch_bcm_deviceid && (strcmp(bundleID, "com.apple.driver.AirPortBrcm43xx") == 0))
{
}
else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDA") == 0)
{
return patch_hda_kext(plist, plistbuffer, start);
//return patch_hda_kext(plist, plistbuffer, start);
}
/*
case PCI_CLASS_DISPLAY_VGA:
if(current->vendor_id == 0x8086 &&
(
current->device_id == 0x27AE /*||
current->device_id == 0x27AE ||
current->device_id == 0xA001 ||
current->device_id == 0xA002 ||
current->device_id == 0xA011 ||
current->device_id == 0xA012
*/
)
)
{
zlib_result = inflate(&zstream, Z_FINISH);
DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
printf("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
if(patch_gma_deviceid & 0xFF00 == 0xA000)// GMA3150
{
// Cursor corruption fix.
// This patch changes the cursor address from
// a physical address (used in the gma950) to an offset (used in the gma3150).
char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x32, 0xbb, 0xff, 0xff};// getPhysicalAddress() and more
char new_bytes[] = {0xb8, 0x00, 0x00, 0x00, 0x02, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xEB, 0x04, 0x00, 0x00, 0x00, 0x00};// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable
replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);
}
if (zstream_inited) inflateEnd(&zstream);
zstream.next_in = (UInt8*)executable;
//zstream.next_out = (UInt8*)((int)compressed_data<<1);
zstream.next_out = (UInt8*)compressed_data;
zstream.avail_in = full_size;
{
/* deflate filled output buffer, meaning the data doesn't compress.
*/
DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
printf("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
prinff("ERROR: Unable to compress patched kext, not enough room.\n");
pause();
}
else if (zlib_result != Z_STREAM_ERROR)
printf("ZLIB Deflate Error: %s\n", zstream.msg);
getc();
}
//kext->compressed_size = MKEXT_SWAP(zstream.total_out);
if (zstream_inited) deflateEnd(&zstream);
free(executable);
branches/meklort/i386/modules/KextPatcher/hex_editor.c
9191
9292
9393
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
}
strncpy(str, replace, strlen(replace));// don't copy the null char
}
void replace_bytes(char* find, int find_size, char* replace, int replace_size, char* exec, int length)
{
if(!find ||
!replace ||
!exec ||
!length ||
find_size != replace_size) return;
char* search = exec;
while(memcmp(search, find, find_size) != 0
&& ((search - exec) < length))
{
search++;
}
if((search - exec) < length)
{
// Mem found, replace it
memcpy(search, replace, replace_size);
}
}

Archive Download the corresponding diff file

Revision: 628