Chameleon Commit Details - 647 - Chameleon open source boot loader project.

Date:

2010-11-22 07:51:11 (13 years 4 months ago)

Author:

Evan Lojewski

Commit:

647

Parents:

646

Message:

Kext patcher update. Fixed bug with HDA patches, untested on 10.6.2 pre kexts. Fixed bug with gma 3150 kext, patch now works on all 10.6.x installs. I need to clean up the patcher / make an api still

Changes:

M	/branches/meklort/i386/modules/KextPatcher/hex_editor.c
M	/branches/meklort/i386/modules/KextPatcher/kext_patcher.c

File differences

-47
48 48
49 49
50 
51 
52 50
51
52
53
53 54
54 55
55 56
... ...
137 138
138 139
139 140
140 
141 141
142 142
143
143 144
144 
145
145 146
146 147
147 148
148 
149 149
150 150
151 151
... ...
372 372
373 373
374 374
375 
375
376 376
377 377
378 378
... ...
383 383
384 384
385 385
386 
386
387 387
388 388
389 
389
390 390
391 391
392 392
393 393
394 394
395 
395
396 396
397 397
398 398
... ...
451 451
452 452
453 453
454 
454
455 455
456 456
457 457
458 
458
459 459
460 460
461 461
... ...
472 472
473 473
474 474
475 
475
476 476
477 477
478 478
... ...
486 486
487 487
488 488
489 
490 489
491 
492 490
493 491
494 492
... ...
527 525
528 526
529 527
530 
531 
528
532 529
533 530
534 531
... ...
536 533
537 534
538 535
539 
536
540 537
541 538
542 539
... ...
558 555
559 556
560 557
561 
558
562 559
563 560
564 561
565 562
566 563
567 
564
565
568 566
569 567
570 568
... ...
575 573
576 574
577 575
576
577
578
578 579
579 580
580 581
... ...
667 668
668 669
669 670
671
672
673
670 674
671 
672 675
673 676
677
678
679
674 680
675 681
682
683
684
685
686
676 687
677 
688
678 689
690
691
692
679 693
680 694
681 695
... ...
684 698
685 699
686 700
701
702
703
704
687 705
688 
689 
690 
706
691 707
708
709
710
692 711
693 712
694 
695 
696 
697 
698 
699 
700 
701 
702 
703 
704 
705 
706 
713
714
715
707 716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
708 746
709 
710 747
711 748
712 749
... ...
736 773
737 774
738 775
739 
776
740 777
741 778
742 779
... ...
752 789
753 790
754 791
755 
792
756 793
757 794
758 795
+␊
uint16_t patch_gma_deviceid = 0;␊
uint16_t patch_bcm_deviceid = 0;␊
// TODO: add detection code /  a method for users to enter the id␊
uint16_t patch_hda_codec = 0;␊
␊
// TODO: add detection code␊
uint16_t patch_hda_codec = 0x00;␊
␊
#define NEEDS_PATCHING␉␉(patch_bcm_deviceid || patch_gma_deviceid || patch_hda_codec)␊
␊
typedef struct z_mem {␊

{␊
␉const char* hda_codec;␊
␉int len = 0;␊
␉␊
␉if (getValueForKey(kHDACodec, &hda_codec, &len, &bootInfo->bootConfig))␊
␉{␊
␉␉patch_hda_codec = 0;␊
␉␉int index = 0;␊
␉␉while(len)␊
␉␉while(len--)␊
␉␉{␊
␉␉␉patch_hda_codec <<= 4;␊
␉␉␉patch_hda_codec |= chartohex(hda_codec[index]);␊
␉␉␉len--;␊
␉␉␉index++;␊
␉␉}␊
␉}␊

␉␉}␊
␉␉else␊
␉␉{␊
␉␉␉␊
␉␉␉//return patch_gma_kexts(plist, plistbuffer, start);␊
␉␉}␊
␊
␉}␊

␉}␊
␉else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDA") == 0)␊
␉{␊
␉␉//return patch_hda_kext(plist, plistbuffer, start);␊
␉␉return patch_hda_kext(plist, plistbuffer, start);␊
␊
␉}␊
␉/*␊
␉␊
␉else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDAController") == 0)␊
␉{␊
␉␉return patch_hda_controller(plist, plistbuffer, start);␊
␊
␉}␊
␉*/␊
␉␊
␉return false;␊
}␊
␊

␉␊
␉char* orig_string = "0x04020000&amp;0xFFFE0000"; //XMLCastString(match_class);␊
␉␊
␉DBG("Attemting to replace '%s' with '%s'\n", orig_string, new_str);␊
␉printf("Attemting to replace '%s' with '%s'\n", orig_string, new_str);␊
␉␊
␉// TODO: verify string doesn't exist first.␊
␉␊
␉replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(match_class), 10240);␊
␉replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(match_class), 1024);␊
␉␊
␉return true;␊
␉␊

␉z_stream       zstream;␊
␉bool           zstream_inited = false;␊
␊
␉switch(0xFF00 & patch_hda_codec)␊
␉switch(patch_hda_codec & 0xFF00)␊
␉{␊
␉␉case 0x0200:␊
␉␉␉find_codec = 0x0262;␊

␉␉␉find_codec = 0x0885;␊
␉␉␉break;␊
␉}␊
␉␊
␉if(!find_codec) return false;␉// notify caller that we aren't patching the kext␊
␊
␉␉␊
␉executable_offset = XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));␊
␉kext = (void*)((char*)start + executable_offset);␊

␉␊
␉DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
␉␉␊
␉replace_word(0x10EC | (find_codec << 16), 0xE10EC | (patch_hda_codec << 16), executable, zstream.total_out);␊
␉␊
␉int times = replace_word(0x10EC0000 | (find_codec), 0x10EC0000 | (patch_hda_codec), executable, zstream.total_out);␊
␉if (zstream_inited) inflateEnd(&zstream);␊
␉␊
␉␊

␉zstream.next_out  = (UInt8*)compressed_data;␊
␉␊
␉zstream.avail_in  = full_size;␊
␉zstream.avail_out = compressed_size;␊
␉zstream.avail_out = compressed_size<<1;␊
␉zstream.zalloc    = Z_NULL;␊
␉zstream.zfree     = Z_NULL;␊
␉zstream.opaque    = Z_NULL;␊

␉␊
␉if (zlib_result == Z_STREAM_END)␊
␉{␊
␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
␉␉DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
␉} ␊
␉else if (zlib_result == Z_OK)␊
␉{␊
␉␉/* deflate filled output buffer, meaning the data doesn't compress.␊
␉␉ */␊
␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
␉␉DBG("Buffer FULL: deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
␉␉printf("Unable to patch AppleHDA\n"␊
␉␉␊
␉} ␊
␉else if (zlib_result != Z_STREAM_ERROR)␊

␉␊
␉if (zstream_inited) deflateEnd(&zstream);␊
␉␊
␉if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
␊
␉␊
␉free(executable);␊
␉␊
␉return true;␉␊

␉␊
␉DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
␉␊
␉char* newstring = malloc(strlen("0x00008086") + 1);␊
␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊
␊
␉␊
␉␊
␉if(XMLGetProperty(personality, (const char*)"Intel915"))␊
␉{␊
␉␉verbose("Patching AppleIntelGMA960.kext\n");␊
␉␉//getc();␊
␊
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel915");␊
␉␉// IOAccelerator kext␊
␉␉␊
␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
␉␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
␉␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
␊
␉}␊
␉else␊
␉else if(XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer"))␊
␉{␊
␉␉verbose("Patching AppleIntelIntegratedFramebuffer\n");␊
␉␉//getc();␊
␊
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");␊
␉␉// Framebuffer Kext␊
␉␉␊

␉␉␉// Cursor corruption fix.␊
␉␉␉// This patch changes the cursor address from␊
␉␉␉// a physical address (used in the gma950) to an offset (used in the gma3150).␊
␉␉␉//s␉␉␉␉␉{0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x6b, 0xbc, 0xff, 0xff};␊
␉␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8/*, 0x32, 0xbb, 0xff, 0xff*/};␉// getPhysicalAddress() and more␊
␉␉␉char new_bytes[]  = {0xb8, 0x00, 0x00, 0x00, 0x02, 0xEB, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊
␉␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊
␉␉␉␊
␉␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x32, 0xbb, 0xff, 0xff};␉// getPhysicalAddress() and more␊
␉␉␉char new_bytes[]  = {0xb8, 0x00, 0x00, 0x00, 0x02, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xEB, 0x04, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊
␉␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊
␊
␉␉}␊
␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
␉␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
␉␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
␉␉␊
␉}␊
␉␊
␉␊
#if DEBUG_KEXT_PATCHER␊
␉char* pcimatch =␉XMLCastString(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊
#endif␊
␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊
␉␊
␉char* newstring = malloc(strlen("0x00008086") + 1);␊
␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊
␉␊
␉DBG("Replacing %s with %s\n", "0x00008086", newstring); ␊
␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
␉else if(XMLGetProperty(personality, (const char*)"Intel965"))␊
␉{␊
␉␉verbose("Patching AppleIntelGMAX3100.kext\n");␊
␊
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel965");␊
␉␉␊
␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
␉␉␊
␉␉//printf("Intel965\n");␊
␉␉//printf("Replacing %c%c%c%c\n", (plistbuffer + offset)[0], (plistbuffer + offset)[1], (plistbuffer + offset)[2], (plistbuffer + offset)[3]);␊
␉␉//getc();␊
␊
␉␉␊
␉␉//return true;␊
␊
␉␉replace_string("0x2a028086", newstring, plistbuffer + offset, 10240);␊
␉␉//replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
␉}␊
␉else if(XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB"))␊
␉{␊
␉␉verbose("Patching AppleIntelGMAX3100FB.kext\n");␊
␉␉//getc();␊
␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB");␊
␉␉␊
␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
␉␉replace_string("0x2A028086", newstring, plistbuffer + offset, 10240);␊
␉␉replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
␉}␊
␉else␊
␉{␊
␉␉return false;␊
␉}␊
␊
␉␊
␉␊
␉if (zstream_inited) inflateEnd(&zstream);␊
␉␊
␉␊

␉␊
␉if (zlib_result == Z_STREAM_END)␊
␉{␊
␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
␉␉DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
␉} ␊
␉else if (zlib_result == Z_OK)␊
␉{␊

␉␉printf("ZLIB Deflate Error: %s\n", zstream.msg);␊
␉␉getc();␊
␉}␊
␉//kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
␉if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
␊
␉␊
␉␊
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ...
 ␊
 uint16_t patch_gma_deviceid = 0;␊
 uint16_t patch_bcm_deviceid = 0;␊
-// TODO: add detection code /  a method for users to enter the id␊
-uint16_t patch_hda_codec = 0;␊
 ␊
+// TODO: add detection code␊
+uint16_t patch_hda_codec = 0x00;␊
+␊
 #define NEEDS_PATCHING␉␉(patch_bcm_deviceid || patch_gma_deviceid || patch_hda_codec)␊
 ␊
 typedef struct z_mem {␊
 {␊
 ␉const char* hda_codec;␊
 ␉int len = 0;␊
-␉␊
 ␉if (getValueForKey(kHDACodec, &hda_codec, &len, &bootInfo->bootConfig))␊
 ␉{␊
+␉␉patch_hda_codec = 0;␊
 ␉␉int index = 0;␊
-␉␉while(len)␊
+␉␉while(len--)␊
 ␉␉{␊
 ␉␉␉patch_hda_codec <<= 4;␊
 ␉␉␉patch_hda_codec |= chartohex(hda_codec[index]);␊
-␉␉␉len--;␊
 ␉␉␉index++;␊
 ␉␉}␊
 ␉}␊
 ␉␉}␊
 ␉␉else␊
 ␉␉{␊
-␉␉␉␊
+␉␉␉//return patch_gma_kexts(plist, plistbuffer, start);␊
 ␉␉}␊
 ␊
 ␉}␊
 ␉}␊
 ␉else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDA") == 0)␊
 ␉{␊
-␉␉//return patch_hda_kext(plist, plistbuffer, start);␊
+␉␉return patch_hda_kext(plist, plistbuffer, start);␊
 ␊
 ␉}␊
-␉/*␊
+␉␊
 ␉else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDAController") == 0)␊
 ␉{␊
 ␉␉return patch_hda_controller(plist, plistbuffer, start);␊
 ␊
 ␉}␊
-␉*/␊
+␉␊
 ␉return false;␊
 }␊
 ␊
 ␉␊
 ␉char* orig_string = "0x04020000&amp;0xFFFE0000"; //XMLCastString(match_class);␊
 ␉␊
-␉DBG("Attemting to replace '%s' with '%s'\n", orig_string, new_str);␊
+␉printf("Attemting to replace '%s' with '%s'\n", orig_string, new_str);␊
 ␉␊
 ␉// TODO: verify string doesn't exist first.␊
 ␉␊
-␉replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(match_class), 10240);␊
+␉replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(match_class), 1024);␊
 ␉␊
 ␉return true;␊
 ␉␊
 ␉z_stream       zstream;␊
 ␉bool           zstream_inited = false;␊
 ␊
-␉switch(0xFF00 & patch_hda_codec)␊
+␉switch(patch_hda_codec & 0xFF00)␊
 ␉{␊
 ␉␉case 0x0200:␊
 ␉␉␉find_codec = 0x0262;␊
 ␉␉␉find_codec = 0x0885;␊
 ␉␉␉break;␊
 ␉}␊
-␉␊
 ␉if(!find_codec) return false;␉// notify caller that we aren't patching the kext␊
-␊
 ␉␉␊
 ␉executable_offset = XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));␊
 ␉kext = (void*)((char*)start + executable_offset);␊
 ␉␊
 ␉DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
 ␉␉␊
-␉replace_word(0x10EC | (find_codec << 16), 0xE10EC | (patch_hda_codec << 16), executable, zstream.total_out);␊
-␉␊
+␉int times = replace_word(0x10EC0000 | (find_codec), 0x10EC0000 | (patch_hda_codec), executable, zstream.total_out);␊
 ␉if (zstream_inited) inflateEnd(&zstream);␊
 ␉␊
 ␉␊
 ␉zstream.next_out  = (UInt8*)compressed_data;␊
 ␉␊
 ␉zstream.avail_in  = full_size;␊
-␉zstream.avail_out = compressed_size;␊
+␉zstream.avail_out = compressed_size<<1;␊
 ␉zstream.zalloc    = Z_NULL;␊
 ␉zstream.zfree     = Z_NULL;␊
 ␉zstream.opaque    = Z_NULL;␊
 ␉␊
 ␉if (zlib_result == Z_STREAM_END)␊
 ␉{␊
-␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
+␉␉DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
 ␉} ␊
 ␉else if (zlib_result == Z_OK)␊
 ␉{␊
 ␉␉/* deflate filled output buffer, meaning the data doesn't compress.␊
 ␉␉ */␊
-␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
+␉␉DBG("Buffer FULL: deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
+␉␉printf("Unable to patch AppleHDA\n"␊
 ␉␉␊
 ␉} ␊
 ␉else if (zlib_result != Z_STREAM_ERROR)␊
 ␉␊
 ␉if (zstream_inited) deflateEnd(&zstream);␊
 ␉␊
+␉if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
+␊
+␉␊
 ␉free(executable);␊
 ␉␊
 ␉return true;␉␊
 ␉␊
 ␉DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
 ␉␊
+␉char* newstring = malloc(strlen("0x00008086") + 1);␊
+␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊
+␊
 ␉␊
-␉␊
 ␉if(XMLGetProperty(personality, (const char*)"Intel915"))␊
 ␉{␊
+␉␉verbose("Patching AppleIntelGMA960.kext\n");␊
+␉␉//getc();␊
+␊
 ␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel915");␊
 ␉␉// IOAccelerator kext␊
+␉␉␊
+␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
+␉␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
+␉␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
+␊
 ␉}␊
-␉else␊
+␉else if(XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer"))␊
 ␉{␊
+␉␉verbose("Patching AppleIntelIntegratedFramebuffer\n");␊
+␉␉//getc();␊
+␊
 ␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");␊
 ␉␉// Framebuffer Kext␊
 ␉␉␊
 ␉␉␉// Cursor corruption fix.␊
 ␉␉␉// This patch changes the cursor address from␊
 ␉␉␉// a physical address (used in the gma950) to an offset (used in the gma3150).␊
+␉␉␉//s␉␉␉␉␉{0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x6b, 0xbc, 0xff, 0xff};␊
+␉␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8/*, 0x32, 0xbb, 0xff, 0xff*/};␉// getPhysicalAddress() and more␊
+␉␉␉char new_bytes[]  = {0xb8, 0x00, 0x00, 0x00, 0x02, 0xEB, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊
+␉␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊
 ␉␉␉␊
-␉␉␉char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x32, 0xbb, 0xff, 0xff};␉// getPhysicalAddress() and more␊
-␉␉␉char new_bytes[]  = {0xb8, 0x00, 0x00, 0x00, 0x02, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xEB, 0x04, 0x00, 0x00, 0x00, 0x00};␉// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable␊
-␉␉␉replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);␊
+␊
 ␉␉}␊
+␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
+␉␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
+␉␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
 ␉␉␊
 ␉}␊
-␉␊
-␉␊
-#if DEBUG_KEXT_PATCHER␊
-␉char* pcimatch =␉XMLCastString(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊
-#endif␊
-␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␊
-␉␊
-␉char* newstring = malloc(strlen("0x00008086") + 1);␊
-␉sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));␊
-␉␊
-␉DBG("Replacing %s with %s\n", "0x00008086", newstring); ␊
-␉replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);␊
-␉replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
+␉else if(XMLGetProperty(personality, (const char*)"Intel965"))␊
+␉{␊
+␉␉verbose("Patching AppleIntelGMAX3100.kext\n");␊
 ␊
+␉␉personality =␉␉XMLGetProperty(personality, (const char*)"Intel965");␊
+␉␉␊
+␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
+␉␉␊
+␉␉//printf("Intel965\n");␊
+␉␉//printf("Replacing %c%c%c%c\n", (plistbuffer + offset)[0], (plistbuffer + offset)[1], (plistbuffer + offset)[2], (plistbuffer + offset)[3]);␊
+␉␉//getc();␊
+␊
+␉␉␊
+␉␉//return true;␊
+␊
+␉␉replace_string("0x2a028086", newstring, plistbuffer + offset, 10240);␊
+␉␉//replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
+␉}␊
+␉else if(XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB"))␊
+␉{␊
+␉␉verbose("Patching AppleIntelGMAX3100FB.kext\n");␊
+␉␉//getc();␊
+␉␉personality =␉␉XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB");␊
+␉␉␊
+␉␉offset =␉␉XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));␉␉␊
+␉␉replace_string("0x2A028086", newstring, plistbuffer + offset, 10240);␊
+␉␉replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);␊
+␉}␊
+␉else␊
+␉{␊
+␉␉return false;␊
+␉}␊
+␊
 ␉␊
-␉␊
 ␉if (zstream_inited) inflateEnd(&zstream);␊
 ␉␊
 ␉␊
 ␉␊
 ␉if (zlib_result == Z_STREAM_END)␊
 ␉{␊
-␉␉DBG("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);␊
+␉␉DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);␊
 ␉} ␊
 ␉else if (zlib_result == Z_OK)␊
 ␉{␊
 ␉␉printf("ZLIB Deflate Error: %s\n", zstream.msg);␊
 ␉␉getc();␊
 ␉}␊
-␉//kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
+␉if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);␊
 ␊
 ␉␊
 ␉␊

-98
99 99
100 100
101 
101
102
102 103
103 104
104 105
+␉   !replace ||␊
␉   !exec ||␊
␉   !length ||␊
␉   find_size != replace_size) return;␊
␉   find_size > replace_size)␉// Allow find_size to be less than replace_size. Will overwrite bytes including and *after* located pattern␊
␉␉return;␊
␉␊
␉char* search = exec;␉␊
␉␊
 ␉   !replace ||␊
 ␉   !exec ||␊
 ␉   !length ||␊
-␉   find_size != replace_size) return;␊
+␉   find_size > replace_size)␉// Allow find_size to be less than replace_size. Will overwrite bytes including and *after* located pattern␊
+␉␉return;␊
 ␉␊
 ␉char* search = exec;␉␊
 ␉␊

Download the corresponding diff file