␊ |
bool patch_gma_kexts(TagPtr plist, char* plistbuffer, void* start)␊ |
{␊ |
␉// TODO: clean up this function / split into two / etc␊ |
␉int exeutable_offset, full_size, compressed_size;␊ |
␉TagPtr personality;␊ |
␉long offset;␊ |
|
␉compressed_data = MKEXT2_GET_ENTRY_DATA(kext);␊ |
␉␊ |
␉personality =␉␉XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities));␊ |
␉if(XMLGetProperty(personality, (const char*)"Intel915"))␊ |
␉{␊ |
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel915");␊ |
␉}␊ |
␉else␊ |
␉{␊ |
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");␉␊ |
␉}␊ |
#if DEBUG_KEXT_PATCHER␊ |
␉char* pcimatch =␉XMLCastString(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊ |
#endif␊ |
␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊ |
␉␊ |
␉char* newstring = malloc(strlen("0x27A28086") + 1);␊ |
␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊ |
␉␊ |
␉DBG("Replacing %s with %s\n", "0x27A28086", newstring); ␊ |
␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊ |
␉␊ |
␉char* executable = malloc(full_size);␊ |
␉␊ |
|
␉␊ |
␉zlib_result = inflate(&zstream, Z_FINISH);␊ |
␉␊ |
␉printf("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊ |
␉DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊ |
␉␊ |
␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊ |
␊ |
␉␊ |
␉if(patch_gma_deviceid & 0xFF00 == 0xA000)␉// GMA3150␊ |
␉␊ |
␉if(XMLGetProperty(personality, (const char*)"Intel915"))␊ |
␉{␊ |
␉␉// Cursor corruption fix.␊ |
␉␉// This patch changes the cursor address from␊ |
␉␉// a physical address (used in the gma950) to an offset (used in the gma3150).␊ |
␊ |
␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x32, 0xbb, 0xff, 0xff};␉// getPhysicalAddress() and more␊ |
␉␉char new_bytes[] = {0xb8, 0x00, 0x00, 0x00, 0x02, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xEB, 0x04, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊ |
␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊ |
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel915");␊ |
␉␉// IOAccelerator kext␊ |
␉}␊ |
␉else␊ |
␉{␊ |
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");␊ |
␉␉// Framebuffer Kext␊ |
␉␉␊ |
␉␉if((patch_gma_deviceid & 0xFF00) == 0xA000)␉// GMA3150␊ |
␉␉{␊ |
␉␉␉// Cursor corruption fix.␊ |
␉␉␉// This patch changes the cursor address from␊ |
␉␉␉// a physical address (used in the gma950) to an offset (used in the gma3150).␊ |
␉␉␉␊ |
␉␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x32, 0xbb, 0xff, 0xff};␉// getPhysicalAddress() and more␊ |
␉␉␉char new_bytes[] = {0xb8, 0x00, 0x00, 0x00, 0x02, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xEB, 0x04, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊ |
␉␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊ |
␉␉}␊ |
␉␉␊ |
␉}␊ |
␉␊ |
␉␊ |
#if DEBUG_KEXT_PATCHER␊ |
␉char* pcimatch =␉XMLCastString(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊ |
#endif␊ |
␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊ |
␉␊ |
␉char* newstring = malloc(strlen("0x00008086") + 1);␊ |
␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊ |
␉␊ |
␉DBG("Replacing %s with %s\n", "0x00008086", newstring); ␊ |
␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊ |
␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊ |
␊ |
␉␊ |
␉␊ |
␉if (zstream_inited) inflateEnd(&zstream);␊ |
␉␊ |
␉␊ |
|
␉␉/* deflate filled output buffer, meaning the data doesn't compress.␊ |
␉␉ */␊ |
␉␉printf("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊ |
␉␉prinff("ERROR: Unable to compress patched kext, not enough room.\n");␊ |
␉␉printf("ERROR: Unable to compress patched kext, not enough room.\n");␊ |
␉␉pause();␊ |
␉␉␊ |
␉} ␊ |