Chameleon

Chameleon Commit Details

Date:2010-11-22 05:32:53 (8 years 6 months ago)
Author:Evan Lojewski
Commit:646
Parents: 645
Message:cpuid_set_info cpuid_model location is no read from binary. Fixes previously broken kernel patching on 10.6.2+
Changes:
M/branches/meklort/i386/modules/KernelPatcher/kernel_patcher.c

File differences

branches/meklort/i386/modules/KernelPatcher/kernel_patcher.c
401401
402402
403403
404
404405
405
406406
407407
408408
......
424424
425425
426426
427
427
428428
429429
430430
......
464464
465465
466466
467
467
468
468469
469470
470
471
472
473
471
472
473
474
474475
475
476
476
477
477478
478479
479480
......
491492
492493
493494
494
495
496
497
498495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
499519
500520
501521
502522
503523
504
505
524
506525
507526
508527
......
552571
553572
554573
555
574
556575
557
576
558577
559578
560579
UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; //(kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);
patchLocation -= (UInt32)kernelData;// Remove offset
UInt32 addrLocation = patchLocation;
UInt32 jumpLocation = 0;
panicAddr -= (UInt32)kernelData;
//TODO: don't assume it'll always work (Look for *next* function address in symtab and fail once it's been reached)
while(
(bytes[patchLocation -1] != 0xE8) ||
/*
* Inpersonate the specified CPU FAMILY and CPU Model
*/
//cpuid_cpufamily_addr, impersonateFamilycpuid_model_addr impersonateModel
//char new_bytes[] = {0xC7, 0x05, 0x__, 0x__, 0x__, 0x__, 0x__, 0x__, 0x__, 0x__, 0x90, 0x90, 0xC7, 0x05, 0x__, 0x__, 0x__, 0x__, 0x__, 0x01, 0x00, 0x02};
// bytes[patchLocation - 17] = 0xC7;// already here... not needed to be done
// bytes[patchLocation - 16] = 0x05;// see above
UInt32 cpuid_cpufamily_addr =bytes[patchLocation - 15] << 0 |
bytes[patchLocation - 14] << 8 |
bytes[patchLocation - 13] << 16 |
bytes[patchLocation - 12] << 24;
//UInt32 cpuid_cpufamily_addr =bytes[patchLocation - 15] << 0 |
//bytes[patchLocation - 14] << 8 |
//bytes[patchLocation - 13] << 16 |
//bytes[patchLocation - 12] << 24;
// NOTE: may change, determined based on cpuid_info struct
UInt32 cpuid_model_addr = cpuid_cpufamily_addr - 299;
// NOTE: may change, determined based on cpuid_info struct: TODO: read from binary
//UInt32 cpuid_model_addr = cpuid_cpufamily_addr - 295;
// cpufamily
bytes[patchLocation - 5] = 0xC7;
bytes[patchLocation - 4] = 0x05;
bytes[patchLocation - 3] = (cpuid_model_addr & 0x000000FF) >> 0;
bytes[patchLocation - 2] = (cpuid_model_addr & 0x0000FF00) >> 8;
bytes[patchLocation - 1] = (cpuid_model_addr & 0x00FF0000) >> 16;
bytes[patchLocation - 0] = (cpuid_model_addr & 0xFF000000) >> 24;
// Locate cpuid_addr_addr -> first four bytes after 8b 45 d8 25 f0 00 00 00 c1 e8 04 a2
while(bytes[addrLocation -12] != 0x8B ||
bytes[addrLocation -11] != 0x45 ||
bytes[addrLocation -10] != 0xD8 ||
bytes[addrLocation -9] != 0x25 ||
bytes[addrLocation -8] != 0xF0 ||
bytes[addrLocation -7] != 0x00 ||
bytes[addrLocation -6] != 0x00 ||
bytes[addrLocation -5] != 0x00 ||
bytes[addrLocation -4] != 0xC1 ||
bytes[addrLocation -3] != 0xE8 ||
bytes[addrLocation -2] != 0x04 ||
bytes[addrLocation -1] != 0xA2)
{
// TODO: break if location is too large
addrLocation++;
}
bytes[patchLocation - 3] = bytes[addrLocation];
bytes[patchLocation - 2] = bytes[addrLocation+1];
bytes[patchLocation - 1] = bytes[addrLocation+2];
bytes[patchLocation - 0] = bytes[addrLocation+3];
// Note: I could have just copied the 8bit cpuid_model in and saved about 4 bytes
// so if this function need a different patch it's still possible. Also, about ten bytes previous can be freed.
bytes[patchLocation + 1] = impersonateModel;// cpuid_model
bytes[patchLocation + 2] = 0x01;// cpuid_extmodel
bytes[patchLocation + 3] = 0x00;// cpuid_extfamily
bytes[patchLocation + 4] = 0x02;// cpuid_stepping
bytes[patchLocation + 4] = 0x02;// cpuid_stepping
}
else if(impersonateFamily && impersonateModel)
{
patchLocation = jumpLocation;
//patchLocation = jumpLocation;
// We now have 14 bytes available for a patch
}
else
{

Archive Download the corresponding diff file

Revision: 646