Chameleon

Chameleon Commit Details

Date:2011-02-09 07:22:21 (9 years 3 months ago)
Author:Evan Lojewski
Commit:738
Parents: 737
Message:Kext Patcher cleanup.
Changes:
M/branches/meklort/i386/modules/KextPatcher/kext_patcher.c
M/branches/meklort/i386/modules/KextPatcher/kext_patcher.h

File differences

branches/meklort/i386/modules/KextPatcher/kext_patcher.c
1
1
22
33
44
5
6
7
5
6
87
98
9
10
11
1012
13
14
15
16
17
18
19
1120
1221
1322
......
2029
2130
2231
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
5232
5333
5434
35
5536
56
57
5837
59
60
61
62
63
64
65
6638
6739
6840
......
9567
9668
9769
98
9970
10071
10172
......
11485
11586
11687
88
11789
118
90
11991
12092
12193
12294
12395
124
12596
12697
12798
......
131102
132103
133104
105
134106
135107
136108
137109
138110
139111
140
141112
142113
143
144
114
115
116
117
118
145119
146120
147121
......
156130
157131
158132
159
160
161
162133
134
163135
164136
165137
......
167139
168140
169141
170
171
142
172143
144
173145
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188146
189147
190148
......
196154
197155
198156
199
200157
201158
202159
......
204161
205162
206163
207
208
209
210
211
164
165
166
167
168
212169
213170
214171
......
240197
241198
242199
243
244
200
201
245202
246203
247204
248
205
249206
250207
251208
252
253
254
255
209
256210
257
258211
259
212
260213
261214
262215
263
216
264217
265218
266219
......
322275
323276
324277
325
326
327
278
279
328280
329281
330282
......
332284
333285
334286
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351287
352
353
354
355
356288
357289
358290
......
366298
367299
368300
369
370
371
372
373
301
302
374303
375
376
377
378
379
380
381
382
383
304
384305
385306
386307
387308
388
389309
390310
391311
392312
393
394313
395
396314
397315
398316
399
400317
401318
402319
......
478395
479396
480397
481
398
482399
483400
484401
......
502419
503420
504421
505
506
507
508
509
510
511
422
423
424
425
426
427
512428
513429
514430
......
595511
596512
597513
598
514
515
516
517
599518
600
601
602
603
519
520
521
522
604523
605
606
607
608
609
610
611
612524
613525
614
615
616
617
526
527
618528
619
620
621529
622
623
624
625
626
627
628
530
531
629532
630
631533
632534
633535
634
635536
636537
637
638
639
640
641
642
643
538
644539
540
541
645542
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
543
544
545
546
547
669548
670549
671550
672551
673
674
675
552
553
554
555
556
557
558
559
676560
677
678
679
680
681
561
682562
683
684
685
686
687
688
689
690
691
692
693
694
695
696563
697564
698565
......
711578
712579
713580
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
581
734582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
735605
606
607
608
609
610
611
612
613
614
615
616
736617
737618
619
738620
739
740
741
742
743
744
745
746
747
748
749
621
750622
751
752
753
754
755
756
757
623
624
625
758626
759
627
760628
761
762
763
629
630
631
632
633
634
635
636
637
638
639
640
641
764642
765
766
767
768
769
770
771643
772
644
773645
774
775
776
777
646
647
648
778649
779
780
781
782
783
784
785
786
787
788
650
651
652
653
654
789655
790
791
792
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
793688
794
795
796
797
798
799689
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852690
853691
854692
......
856694
857695
858696
859
860
861
862
863
864
865
866
867
868
869
870
697
698
699
700
871701
872702
/*
/*
* Copyright (c) 2010 Evan Lojewski. All rights reserved.
*
*KextPather
*This is an experimental module that I'm looking into implimenting.
*The main purpose is to replace the need for programs such as
* NetbookInstaller's kext patching routines. THis way, Apple's kexts can be
*The main purpose of this moduleis to replace the need for programs such as
* NetbookInstaller's kext patching routines. This way, Apple's kexts can be
* patched whe loaded instead. (eg: GMA950 kext, Bluetooth + Wifi kexts)
*/
#ifndef DEBUG_KEXT_PATCHER
#define DEBUG_KEXT_PATCHER 0
#endif
#if DEBUG_KEXT_PATCHER
#define DBG(x...)printf(x)
#else
#define DBG(x...)
#endif
#include "libsaio.h"
#include "zlib.h"
#include "kext_patcher.h"
#include "hex_editor.h"
unsigned long Adler32( unsigned char * buffer, long length );
#define kHDACodec"HDACodec"
#ifndef DEBUG_KEXT_PATCHER
#define DEBUG_KEXT_PATCHER 0
#endif
#if DEBUG_KEXT_PATCHER
#define DBG(x...)printf(x)
#else
#define DBG(x...)
#endif
bool patch_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_gma_kexts(TagPtr plist, char* plistbuffer, void* start);
bool patch_bcm_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_atheros_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_hda_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_hda_controller(TagPtr plist, char* plistbuffer, void* start);
int chartohex(char c);
static void * z_alloc(void *, u_int items, u_int size);
static void z_free(void *, void *ptr);
uint16_t patch_gma_deviceid = 0;
uint16_t patch_bcm_deviceid = 0;
uint16_t patch_atheros_deviceid = 0;
uint16_t patch_hda_codec = 0x00;// TODO; detect proper codec
// TODO: add detection code
uint16_t patch_hda_codec = 0x00;
#define NEEDS_PATCHING(patch_bcm_deviceid || patch_gma_deviceid || patch_hda_codec || patch_atheros_deviceid)
typedef struct z_mem {
uint32_t alloc_size;
uint8_t data[0];
} z_mem;
/*
* Space allocation and freeing routines for use by zlib routines.
*/
void KextPatcher_hook(void* current, void* arg2, void* arg3, void* arg4);
/**
** KextPatcher_start -> module start
}
/**
** kext_loaded -> Called whenever a kext is in read into memory
** kext_loaded -> Called whenever a kext is read into memory
**This function will be used to patch kexts ( eg AppleInteIntegratedFramebuffer)
**and their plists when they are loaded into memmory
**/
void kext_loaded(void* moduletmp, void* lengthprt, void* executableAddr, void* arg3)
{
//ModulePtr module = moduletmp;
//long length = *(long*)lengthprt;
//long length2 = strlen(module->plistAddr);
//getc();
}
/**
** mkext_loaded -> Called whenever an mkext is in read into memory
**This function will be used to patch mkext. Matching kexts will be
**Extracted, modified, and then compressed again. Note: I need to determine
**what sort of slowdown this will cause and if it's worth implimenting.
**/
void mkext_loaded(void* filespec, void* packagetmp, void* lengthtmp, void* arg3)
{
const char* hda_codec;
int len = 0;
const char* hda_codec= 0;
int len= 0;
mkext_basic_header* package = packagetmp;
int version= MKEXT_GET_VERSION(package);
if (getValueForKey(kHDACodec, &hda_codec, &len, &bootInfo->bootConfig))
{
patch_hda_codec = 0;
if(!NEEDS_PATCHING) return;// No need to apply a patch, hardware doesn't need it
int version = 0;
//int length = *((int*)lengthtmp);
mkext_basic_header* package = packagetmp;
// Verify the MKext.
if (( MKEXT_GET_MAGIC(package)!= MKEXT_MAGIC ) ||
( MKEXT_GET_SIGNATURE(package)!= MKEXT_SIGN ) ||
( MKEXT_GET_CHECKSUM(package) !=
Adler32((unsigned char *)&package->version, MKEXT_GET_LENGTH(package) - 0x10) ) )
{
return;
// Don't try to patch a b
return; // Don't try to patch a bad mkext
}
/*
if(strcmp(filespec, "/System/Library/Caches/com.apple.kext.caches/Startup/Extensions.mkext") == 0)
{
printf("Invalidating mkext %s\n", filespec);
// 10.6 cache folder. Doesn't contain certain extensions we need, so invalidate it.
//package->adler32++;
// NOTE: double check that this is needed
package->magic = 0x00;
return;
}*/
version = MKEXT_GET_VERSION(package);
if(version == 0x01008000) // mkext1
{
// mkext1 uses lzss
//mkext_kext* kext = MKEXT1_GET_KEXT(package, i);
// uses decompress_lzss
// TODO: handle kext
}
}
else if((version & 0xFFFF0000) == 0x02000000) // mkext2
DBG("Mkext2 package located at 0x%X\n", package);
// mkext2 uses zlib
mkext2_header* package = packagetmp;
z_stream zstream;
bool zstream_inited = false;
int zlib_result;
int plist_offset = MKEXT2_GET_PLIST(package);
mkext2_header*package = packagetmp;
z_streamzstream;
boolzstream_inited = false;
intzlib_result;
intplist_offset = MKEXT2_GET_PLIST(package);
char* plist = malloc(MKEXT2_GET_PLIST_FULLSIZE(package));
DBG("Inflated result is %d, in: %d bytes, out: %d bytes\n", zlib_result, zstream.total_in, zstream.total_out);
if (zlib_result == Z_STREAM_END || zlib_result == Z_OK)
{
config_file_t plistData;
config_file_t allDicts;
TagPtr plistData;
TagPtr allDicts;
bzero(&plistData, sizeof(plistData));
bzero(&allDicts, sizeof(allDicts));
XMLParseFile( plist, &plistData.dictionary );
XMLParseFile( plist, &plistData );
int count;
allDicts.dictionary = XMLGetProperty(plistData.dictionary, kMKEXTInfoDictionariesKey);
//count = XMLTagCount(allDicts.dictionary);
//DBG("Plist contains %d kexts\n", count);
allDicts = XMLGetProperty(plistData, kMKEXTInfoDictionariesKey);
bool patched = false;
for(count = XMLTagCount(allDicts.dictionary);
for(count = XMLTagCount(allDicts);
count > 0;
count--)
{
TagPtr kextEntry = XMLGetElement(allDicts.dictionary, count);
TagPtr kextEntry = XMLGetElement(allDicts, count);
patched |= patch_kext(kextEntry, plist, package);
}
// re adler32 the new mkext2 package
MKEXT_HDR_CAST(package)->adler32 =
MKEXT_SWAP(Adler32((unsigned char *)&package->version,
MKEXT_GET_LENGTH(package) - 0x10));
MKEXT_HDR_CAST(package)->adler32 = MKEXT_SWAP(Adler32((unsigned char *)&package->version,
MKEXT_GET_LENGTH(package) - 0x10));
}
}
else
printf("ZLIB Error: %s\n", zstream.msg);
getc();
}
//config_file_t mkextPlist;
//ParseXMLFile((char*) plist, &mkextPlist.dictionary);
/*int i;
for(i = 0; i < MKEXT_GET_COUNT(package); i++)
{
printf("Parsing kext %d\n", i);
}
*/
}
DBG("Loading %s, version 0x%x\n", filespec, version);
//getc();
}
// FIXME: only handles mkext2 entries
if(patch_gma_deviceid &&
(
(strcmp(bundleID, "com.apple.driver.AppleIntelGMA950") == 0) ||
(strcmp(bundleID, "com.apple.driver.AppleIntelIntegratedFramebuffer") == 0)
)
)
((strcmp(bundleID, "com.apple.driver.AppleIntelGMA950") == 0) ||
(strcmp(bundleID, "com.apple.driver.AppleIntelIntegratedFramebuffer") == 0)))
{
if(strcmp(bundleID, "com.apple.driver.AppleIntelIntegratedFramebuffer") == 0 || patch_gma_deviceid == 0x27ae)
{
return patch_gma_kexts(plist, plistbuffer, start);
}
else
{
return patch_gma_kexts(plist, plistbuffer, start);
}
return patch_gma_kexts(plist, plistbuffer, start);
}
else if(patch_bcm_deviceid && (strcmp(bundleID, "com.apple.driver.AirPortBrcm43xx") == 0))
{
return patch_bcm_kext(plist, plistbuffer, start);
}
else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDA") == 0)
{
return patch_hda_kext(plist, plistbuffer, start);
}
else if(patch_hda_codec && strcmp(bundleID, "com.apple.driver.AppleHDAController") == 0)
{
return patch_hda_controller(plist, plistbuffer, start);
}
else if(patch_atheros_deviceid && strcmp(bundleID, "com.apple.driver.AirPort.Atheros21") == 0)
{
bool patch_hda_kext(TagPtr plist, char* plistbuffer, void* start)
{
uint16_t find_codec = 0;
uint16_t find_codec= 0;
int full_size, compressed_size, executable_offset;
void* compressed_data;
mkext2_file_entry* kext;
}
if(!find_codec) return false;// notify caller that we aren't patching the kext
executable_offset = XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
kext = (void*)((char*)start + executable_offset);
full_size = MKEXT2_GET_ENTRY_FULLSIZE(kext);
compressed_size = MKEXT2_GET_ENTRY_COMPSIZE(kext);
compressed_data = MKEXT2_GET_ENTRY_DATA(kext);
executable_offset = XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
executable_offset= XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
kext= (void*)((char*)start + executable_offset);
full_size= MKEXT2_GET_ENTRY_FULLSIZE(kext);
compressed_size= MKEXT2_GET_ENTRY_COMPSIZE(kext);
compressed_data= MKEXT2_GET_ENTRY_DATA(kext);
executable_offset= XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
char* executable = malloc(full_size);
return true;
}
bool patch_atheros_kext(TagPtr plist, char* plistbuffer, void* start)
/** Patches an array element within a personality. NOTE: string sizes should match **/
bool patch_plist_entry(TagPtr plist, char* plistbuffer, const char* personalityName, const char* propertyName, const char* nameMatch)
{
TagPtr personality;
personality =XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities));
personality =XMLGetProperty(personality, (const char*)"Atheros Wireless LAN PCI");
TagPtr match_names =XMLCastArray(XMLGetProperty(personality, (const char*)"IONameMatch"));
TagPtr personality= XMLGetProperty(XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities)), personalityName);
TagPtr match_names= XMLCastArray(XMLGetProperty(personality, propertyName));
TagPtr replace= XMLGetElement(match_names, 0);// Modify the first entry
int count= XMLTagCount(match_names);
char* new_str = malloc(sizeof("pci168c,xxxx"));
sprintf(new_str, "pci168c,%02x", patch_atheros_deviceid);
// Check to see if we *really* need to modify the plist, if not, return false
// so that *if* this were going ot be the only modified kext, the repacking code
// won't need to be executed.
int count = XMLTagCount(match_names);
while(count)
{
count--;
TagPtr replace =XMLGetElement(match_names, count);// Modify the second entry
char* orig_string = XMLCastString(replace);
if(strcmp(orig_string, new_str) == 0) return false;
char* orig_string= XMLCastString(XMLGetElement(match_names, --count));
if(strcmp(orig_string, nameMatch) == 0) return false;// Entry already exists, no need tmo modify plist + recompress
}
TagPtr replace =XMLGetElement(match_names, 0);// Modify the second entry
char* orig_string = XMLCastString(replace);
verbose("Patching AirPortAtheros21.kext, replacing %s with %s\n", orig_string, new_str);
// TODO: verify string doesn't exist first.
char* orig_string= XMLCastString(replace);
verbose("Patching %s, replacing %s with %s\n", personalityName, orig_string, nameMatch);
replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(replace), 10240);
return true;
}
bool patch_bcm_kext(TagPtr plist, char* plistbuffer, void* start)
{
TagPtr personality;
personality =XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities));
personality =XMLGetProperty(personality, (const char*)"Broadcom 802.11 PCI");
TagPtr match_names =XMLCastArray(XMLGetProperty(personality, (const char*)"IONameMatch"));
char* new_str = malloc(sizeof("pci14e4,xxxx"));
char* new_str= malloc(sizeof("pci14e4,xxxx"));
sprintf(new_str, "pci14e4,%02x", patch_bcm_deviceid);
return patch_plist_entry(plist, plistbuffer, "Broadcom 802.11 PCI", "IONameMatch", new_str);
}
// Check to see if we *really* need to modify the plist, if not, return false
// so that *if* this were going ot be the only modified kext, the repacking code
// won't need to be executed.
int count = XMLTagCount(match_names);
while(count)
{
count--;
TagPtr replace =XMLGetElement(match_names, count);// Modify the second entry
char* orig_string = XMLCastString(replace);
if(strcmp(orig_string, new_str) == 0) return false;
}
verbose("Patching AppleAirPortBrcm4311.kext with %s\n", new_str);
TagPtr replace =XMLGetElement(match_names, 1);// Modify the second entry
char* orig_string = XMLCastString(replace);
// TODO: verify string doesn't exist first.
replace_string(orig_string, new_str, plistbuffer + XMLCastStringOffset(replace), 10240);
return true;
bool patch_atheros_kext(TagPtr plist, char* plistbuffer, void* start)
{
char* new_str= malloc(sizeof("pci14e4,xxxx"));
sprintf(new_str, "pci168c,%02x", patch_atheros_deviceid);
return patch_plist_entry(plist, plistbuffer, "Atheros Wireless LAN PCI", "IONameMatch", new_str);
}
bool patch_gma_kexts(TagPtr plist, char* plistbuffer, void* start)
{
// TODO: clean up this function / split into two / etc
int exeutable_offset, full_size, compressed_size;
TagPtr personality;
TagPtr personality= XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities));
int exeutable_offset= XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
mkext2_file_entry* kext= (void*)((char*)start + exeutable_offset);
int full_size= MKEXT2_GET_ENTRY_FULLSIZE(kext);
int compressed_size= MKEXT2_GET_ENTRY_COMPSIZE(kext);
void* compressed_data= MKEXT2_GET_ENTRY_DATA(kext);
char* executable= malloc(full_size);
int zlib_result= Z_OK;
long offset;
int zlib_result;
z_stream zstream;
bool zstream_inited = false;
mkext2_file_entry* kext;
void* compressed_data;
z_stream zstream;
exeutable_offset = XMLCastInteger(XMLGetProperty(plist, kMKEXTExecutableKey));
kext = (void*)((char*)start + exeutable_offset);
full_size = MKEXT2_GET_ENTRY_FULLSIZE(kext);
compressed_size = MKEXT2_GET_ENTRY_COMPSIZE(kext);
compressed_data = MKEXT2_GET_ENTRY_DATA(kext);
personality =XMLCastDict(XMLGetProperty(plist, kPropIOKitPersonalities));
char* executable = malloc(full_size);
bzero(&zstream, sizeof(zstream));
zstream.next_in = (UInt8*)compressed_data;
zstream.avail_in = compressed_size;
}
else
{
zstream_inited = true;
}
zlib_result = inflate(&zstream, Z_FINISH);
DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
char* newstring = malloc(sizeof("0x00008086"));
sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));
if(XMLGetProperty(personality, (const char*)"Intel915"))
{
if((patch_gma_deviceid & 0xFF00) != 0xA000)// GMA3150
{
verbose("Patching AppleIntelGMA950.kext\n");
//getc();
personality =XMLGetProperty(personality, (const char*)"Intel915"); // IOAccelerator kext
zlib_result = inflate(&zstream, Z_FINISH);
DBG("Inflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
char* newstring = malloc(sizeof("0x00008086"));
sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16));
if(XMLGetProperty(personality, (const char*)"Intel915"))
{
if((patch_gma_deviceid & 0xFF00) != 0xA000)// not GMA3150
{
verbose("Patching AppleIntelGMA950.kext\n");
personality =XMLGetProperty(personality, (const char*)"Intel915"); // IOAccelerator kext
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);
replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
}
}
else if(XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer"))
{
verbose("Patching AppleIntelIntegratedFramebuffer\n");
personality =XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
if((patch_gma_deviceid & 0xFF00) == 0xA000)// GMA3150
{
// Cursor corruption fix.
// This patch changes the cursor address from
// a physical address (used in the gma950) to an offset (used in the gma3150).
//{0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x6b, 0xbc, 0xff, 0xff};
char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8/*, 0x32, 0xbb, 0xff, 0xff*/};// getPhysicalAddress() and more
char new_bytes[] = {0xb8, 0x00, 0x00, 0x00, 0x02, 0xEB, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable, set to 0 for compression
replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);
}
replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);
replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
}
}
else if(XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer"))
{
verbose("Patching AppleIntelIntegratedFramebuffer\n");
//getc();
personality =XMLGetProperty(personality, (const char*)"AppleIntelIntegratedFramebuffer");
// Framebuffer Kext
if((patch_gma_deviceid & 0xFF00) == 0xA000)// GMA3150
else if(XMLGetProperty(personality, (const char*)"Intel965"))
{
// Cursor corruption fix.
// This patch changes the cursor address from
// a physical address (used in the gma950) to an offset (used in the gma3150).
//s{0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8, 0x6b, 0xbc, 0xff, 0xff};
char find_bytes[] = {0x8b, 0x55, 0x08, 0x83, 0xba, 0xb0, 0x00, 0x00, 0x00, 0x01, 0x7e, 0x36, 0x89, 0x04, 0x24, 0xe8/*, 0x32, 0xbb, 0xff, 0xff*/};// getPhysicalAddress() and more
char new_bytes[] = {0xb8, 0x00, 0x00, 0x00, 0x02, 0xEB, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};// jump past getPhysicalAddress binding. NOTE: last six bytes are unusable
replace_bytes(find_bytes, sizeof(find_bytes), new_bytes, sizeof(new_bytes), executable, zstream.total_out);
verbose("Patching AppleIntelGMAX3100.kext\n");
personality =XMLGetProperty(personality, (const char*)"Intel965");
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
replace_string("0x2a028086", newstring, plistbuffer + offset, 10240);
}
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
replace_string("0x27A28086", newstring, plistbuffer + offset, 10240);
replace_word(0x27A28086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
else if(XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB"))
{
verbose("Patching AppleIntelGMAX3100FB.kext\n");
personality =XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB");
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
replace_string("0x2A028086", newstring, plistbuffer + offset, 10240);
replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
}
else
{
return false;
}
}
else if(XMLGetProperty(personality, (const char*)"Intel965"))
{
verbose("Patching AppleIntelGMAX3100.kext\n");
personality =XMLGetProperty(personality, (const char*)"Intel965");
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
inflateEnd(&zstream);
//printf("Intel965\n");
//printf("Replacing %c%c%c%c\n", (plistbuffer + offset)[0], (plistbuffer + offset)[1], (plistbuffer + offset)[2], (plistbuffer + offset)[3]);
//getc();
// Recompress the executable
zstream.next_in = (UInt8*)executable;
zstream.next_out = (UInt8*)compressed_data;
//return true;
replace_string("0x2a028086", newstring, plistbuffer + offset, 10240);
//replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
}
else if(XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB"))
{
verbose("Patching AppleIntelGMAX3100FB.kext\n");
//getc();
personality =XMLGetProperty(personality, (const char*)"AppleIntelGMAX3100FB");
zstream.avail_in = full_size;
zstream.avail_out = compressed_size;
zstream.zalloc = Z_NULL;
zstream.zfree = Z_NULL;
zstream.opaque = Z_NULL;
offset =XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch"));
replace_string("0x2A028086", newstring, plistbuffer + offset, 10240);
replace_word(0x2A028086, 0x8086 | (patch_gma_deviceid << 16), executable, zstream.total_out);
zlib_result = deflateInit2(&zstream, Z_DEFAULT_COMPRESSION, Z_DEFLATED,15, 8 /* memLevel */, Z_DEFAULT_STRATEGY);
if (Z_OK != zlib_result) {
printf("ZLIB Deflate Error: %s\n", zstream.msg);
getc();
}
else
{
zlib_result = deflate(&zstream, Z_FINISH);
if (zlib_result == Z_STREAM_END)
{
DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);
}
else if (zlib_result == Z_OK)
{
/* deflate filled output buffer, meaning the data doesn't compress.
*/
printf("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
printf("ERROR: Unable to compress patched kext, not enough room.\n");
pause();
}
else if (zlib_result != Z_STREAM_ERROR)
{
printf("ZLIB Deflate Error: %s\n", zstream.msg);
getc();
}
if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);
deflateEnd(&zstream);
}
}
else
{
return false;
}
if (zstream_inited) inflateEnd(&zstream);
zstream.next_in = (UInt8*)executable;
zstream.next_out = (UInt8*)compressed_data;
zstream.avail_in = full_size;
zstream.avail_out = compressed_size;
zstream.zalloc = Z_NULL;
zstream.zfree = Z_NULL;
zstream.opaque = Z_NULL;
// Recompress the eecutable
zlib_result = deflateInit2(&zstream, Z_DEFAULT_COMPRESSION, Z_DEFLATED,15, 8 /* memLevel */, Z_DEFAULT_STRATEGY);
if (Z_OK != zlib_result) {
printf("ZLIB Deflate Error: %s\n", zstream.msg);
getc();
}
else
{
zstream_inited = true;
}
zlib_result = deflate(&zstream, Z_FINISH);
if (zlib_result == Z_STREAM_END)
{
DBG("Deflated result is %d, avail: %d bytes, out: %d bytes, full: %d\n", zlib_result, compressed_size, zstream.total_out, full_size);
}
else if (zlib_result == Z_OK)
{
/* deflate filled output buffer, meaning the data doesn't compress.
*/
printf("Deflated result is %d, in: %d bytes, out: %d bytes, full: %d\n", zlib_result, zstream.total_in, zstream.total_out, full_size);
printf("ERROR: Unable to compress patched kext, not enough room.\n");
pause();
}
else if (zlib_result != Z_STREAM_ERROR)
{
printf("ZLIB Deflate Error: %s\n", zstream.msg);
getc();
}
if(zstream.total_out < compressed_size) kext->compressed_size = MKEXT_SWAP(zstream.total_out);
if (zstream_inited) deflateEnd(&zstream);
free(executable);
return true;
int chartohex(char c)
{
if(c <= '9' && c >= '0')
{
return c - '0';// c is between 0 and 9
}
else if(c <= 'F' && c >= 'A')
{
return c - 'A' + 10; // c = 10 - 15;
}
else if(c <= 'f' && c >= 'a')
{
return c - 'a' + 10; // c = 10 - 15;
}
if(c <= '9' && c >= '0')return c - '0';// c is between 0 and 9
else if(c <= 'F' && c >= 'A')return c - 'A' + 10; // c = 10 - 15;
else if(c <= 'f' && c >= 'a')return c - 'a' + 10; // c = 10 - 15;
return 0;
}
branches/meklort/i386/modules/KextPatcher/kext_patcher.h
55
66
77
8
89
10
11
912
13
1014
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
1140
1241
1342
1443
44
45
46
47
48
49
50
51
52
53
1554
#ifndef __BOOT2_KERNEL_PATCHER_H
#define __BOOT2_KERNEL_PATCHER_H
#define kHDACodec"HDACodec"
unsigned long Adler32( unsigned char * buffer, long length );
void KextPatcher_start();
void KextPatcher_hook(void* current, void* arg2, void* arg3, void* arg4);
/** Patch Routines **/
bool patch_plist_entry(TagPtr plist, char* plistbuffer, const char* personalityName, const char* propertyName, const char* nameMatch);
bool patch_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_gma_kexts(TagPtr plist, char* plistbuffer, void* start);
bool patch_bcm_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_atheros_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_hda_kext(TagPtr plist, char* plistbuffer, void* start);
bool patch_hda_controller(TagPtr plist, char* plistbuffer, void* start);
/** zlib support **/
static void * z_alloc(void *, u_int items, u_int size);
static void z_free(void *, void *ptr);
typedef struct z_mem {
uint32_t alloc_size;
uint8_t data[0];
} z_mem;
int chartohex(char c);
void kext_loaded(void* module, void* length, void* executableAddr, void* arg3);
void mkext_loaded(void* filespec, void* package, void* lenght, void* arg3);
/** Global patch variables **/
extern uint16_t patch_gma_deviceid;
extern uint16_t patch_bcm_deviceid;
extern uint16_t patch_atheros_deviceid;
extern uint16_t patch_hda_codec;// TODO; detect proper codec
#define NEEDS_PATCHING(patch_bcm_deviceid || patch_gma_deviceid || patch_hda_codec || patch_atheros_deviceid)
#endif /* !__BOOT2_KERNEL_PATCHER_H */

Archive Download the corresponding diff file

Revision: 738