Index: branches/azimutz/Chazi/doc-azi/CHANGES.txt
===================================================================
--- branches/azimutz/Chazi/doc-azi/CHANGES.txt (revision 496)
+++ branches/azimutz/Chazi/doc-azi/CHANGES.txt (revision 497)
@@ -288,7 +288,7 @@
AutoResolution=y enables the patch.
- Note: Obviously, it only works in Graphics Mode (Gui). Disabled by default.
+ Note: Obviously, it only works in Graphics Mode (Gui).
Note: resolution set on theme.plist is overriding the native one set by AutoResolution. For now the
possible solutions are, remove the boot resolution (boot_width, boot_height) from theme.plist
@@ -300,17 +300,13 @@
---------------//---------------//---------------
- (starting at rev 480)
-Change: Added Meklort's Modules support, plus Kernel Patcher (Kptchr) module.
- Check Modules.txt for more info.
- Some talk here: http://forum.voodooprojects.org/index.php/topic,1556.0.html
- here: http://forum.voodooprojects.org/index.php/topic,1153.0.html
- and here: http://forum.voodooprojects.org/index.php/topic,1565.0.html
+Change: added Meklort's Modules support, plus Kernel Patcher (Kpatcher) module.
- PatchKernel=n disables Kernel Patcher. "Temporarily" enabled by default!!
+ PatchKernel=y enables Kernel Patcher.
- Note: Only i386 arch is supported at the moment; x86_64 support being added...
+ Note: Check Modules.txt for more info.
-Motif: ... as if, booting vanilla kernel, is not reason enough!?
+Motif: Testing Modules support.
---------------//---------------//---------------
Index: branches/azimutz/Chazi/doc-azi/Modules.txt
===================================================================
--- branches/azimutz/Chazi/doc-azi/Modules.txt (revision 496)
+++ branches/azimutz/Chazi/doc-azi/Modules.txt (revision 497)
@@ -21,8 +21,8 @@
- good question! Well, can't add much on the "geek" side... need to study the stuff so
i don't start dumping bs. The easy answer is they are like plugins, adding/replacing
- booter functionality. For instance: the Kernel Patcher (Kptchr) is around for some time,
- integrated on boot file like any other Chameleon function; with Modules support Kptchr
+ booter functionality. For instance: the Kernel Patcher (Kpatcher) is around for some time,
+ integrated on boot file like any other Chameleon function; with Modules support Kpatcher
can now live as a module, freeing the space it occupied on boot file
(one of module's advantages).
@@ -30,28 +30,38 @@
Featured modules:
- Symbols.dylib: always needed to load other modules! It's the first one to load and no
- other module will work if this one fails to load. The booter will still perform as
- usual, if it fails to load.
+ other module will work if this one fails. The booter will still perform as usual,
+ if it fails to load.
- KernelPatcher.dylib:
- - "will" need PatchKernel=y to be enabled.
- Note:*** this is still under consideration/testing so, for now the patcher is enabled by default***
+ - needs key to be enabled:
- - features cpuid_set, commpage_stuff and lapic_init patches (atm).
+ PatchKernel=y at boot prompt or,
- - as it is, Kptchr allows my Pentium D 925 to boot vanilla kernel, with the help of
- -legacy flag; to enter x86_64 world i still need to patch the kernel, as the 925 has
- no Supplemental SSE3 instructions. I assume that, the great majority of the
- legacy/unsupported processors with at least SSE3 instructions,
- will benefit of the same treatment!
- Let's just say that the only patch needed by the 925 on Legacy Mode(*) is cpuid_set!
+ PatchKernel on Boot.plist.
+ Yes
- - HelloWorld.dylib: just a notifier (not needed).
+ - featured patches: cpuid_set - 32/64 bit
+ commpage_stuff - 32/64 bit
+ lapic_init - 32 bit only.
+ Note on functionality: as it is, Kpatcher allows my Pentium D 925 to load vanilla(*)
+ kernel, with the help of -legacy flag; to enter x86_64 world i still need to patch
+ the kernel sources, as the 925 has no Supplemental SSE3 instructions and there's
+ no patch to fix this on Kpatcher atm (don't even know if is possible?!).
+ I assume that, the great majority of the legacy/unsupported processors with at least
+ SSE3 instructions, will benefit of the same treatment!
+ Let's just say that the only patch needed by the 925 on Legacy Mode(**) is cpuid_set!
+
+ - HelloWorld.dylib: just a notifier (not mandatory).
-(*) For those who "missed" the lesson, Legacy Mode is the mode 32 bit only cpu's run on OS X.
+(*) In this context, "vanilla" means the use of a non pre-patched kernel; what we do here is
+ patch the kernel on the fly, in memory.
+
+(**) For those who "missed" the lesson, Legacy Mode is the mode 32 bit only cpu's run on OS X.
+
---------------//---------------//---------------
Issues:
@@ -62,12 +72,19 @@
- the Kernel Patcher can stop working due to changes on the kernel code, though that can be
"previewed" to some extent. Just so you know what to expect.
- - this is work in progress; i will add updates as Meklort commits and only if they are in
- functional state.
+ - this is work in progress; i will add updates as Meklort commits.
---------------//---------------//---------------
+
+ Some talk here: http://forum.voodooprojects.org/index.php/topic,1556.0.html
+ here: http://forum.voodooprojects.org/index.php/topic,1153.0.html
+ and here: http://forum.voodooprojects.org/index.php/topic,1565.0.html
+
+ ---------------//---------------//---------------
+
+
Smith@@'s news :D
« Sent to: Azimutz on: Fri 03/09/2010 at 05:55:08 »
Index: branches/azimutz/Chazi/i386/libsaio/saio_types.h
===================================================================
--- branches/azimutz/Chazi/i386/libsaio/saio_types.h (revision 496)
+++ branches/azimutz/Chazi/i386/libsaio/saio_types.h (revision 497)
@@ -242,7 +242,7 @@
enum {
kNetworkDeviceType = kBIOSDevTypeNetwork,
kBlockDeviceType = kBIOSDevTypeHardDrive
-};// gBootFileType_t; //Kptchr module, rev 307
+};// gBootFileType_t; - Kpatcher
enum {
kCursorTypeHidden = 0x0100,
Index: branches/azimutz/Chazi/i386/boot2/boot.c
===================================================================
--- branches/azimutz/Chazi/i386/boot2/boot.c (revision 496)
+++ branches/azimutz/Chazi/i386/boot2/boot.c (revision 497)
@@ -396,7 +396,7 @@
bool tryresume;
bool tryresumedefault;
bool forceresume;
- bool patchKernel = true; //Kptchr - temporarely set to true, ude to testing!
+ bool patchKernel = false; //Kpatcher - default value.
// additional variable for testing alternate kernel image locations on boot helper partitions.
char bootFileSpec[512];
Index: branches/azimutz/Chazi/i386/boot2/modules.c
===================================================================
--- branches/azimutz/Chazi/i386/boot2/modules.c (revision 496)
+++ branches/azimutz/Chazi/i386/boot2/modules.c (revision 497)
@@ -3,8 +3,10 @@
*
*/
-#include "libsa.h" // replaced boot.h
-#include "saio_internal.h" //---//
+//#include "boot.h"
+#include "libsa.h"
+#include "saio_internal.h"
+//---
#include "bootstruct.h"
#include "multiboot.h"
#include "modules.h"
@@ -19,6 +21,9 @@
#define DBG(x...)
#endif
+// NOTE: Global so that modules can link with this
+unsigned long long textAddress = 0;
+unsigned long long textSection = 0;
moduleHook_t* moduleCallbacks = NULL;
moduleList_t* loadedModules = NULL;
@@ -26,8 +31,6 @@
unsigned int (*lookup_symbol)(const char*) = NULL;
-void rebase_macho(void* base, char* rebase_stream, UInt32 size);
-void bind_macho(void* base, char* bind_stream, UInt32 size);
@@ -80,17 +83,21 @@
char* name;
long flags;
long time;
-
- //Azi: this path is resolving to bt(0,0) instead of selected volume; a perfect
- // example of what made me gave up on /Extra path. Confirmed on MBR/boot0hfs only.
- // Looking further into this...
struct dirstuff* moduleDir = opendir("/Extra/modules/");
while(readdir(moduleDir, (const char**)&name, &flags, &time) >= 0)
{
if(strcmp(&name[strlen(name) - sizeof("dylib")], ".dylib") == 0)
{
- load_module(name);
+ char* tmp = malloc(strlen(name) + 1); // TODO: look into this
+ strcpy(tmp, name);
+ DBG("Attempting to load %s\n", tmp);
+ load_module(tmp);
}
+ else
+ {
+ DBG("Ignoring %s\n", name);
+ }
+
}
}
@@ -99,20 +106,19 @@
* Load a module file in /Extra/modules
* TODO: verify version number of module
*/
-int load_module(const char* module)
+int load_module(char* module)
{
// Check to see if the module has already been loaded
if(is_module_laoded(module))
{
// NOTE: Symbols.dylib tries to load twice, this catches it as well
// as when a module links with an already loaded module
+ DBG("Module %s already loaded\n", module);
return 1;
}
char modString[128];
int fh = -1;
-
- //Azi: same as #84
sprintf(modString, "/Extra/modules/%s", module);
fh = open(modString, 0);
if(fh < 0)
@@ -131,10 +137,12 @@
//printf("Module %s read in.\n", modString);
// Module loaded into memory, parse it
- module_start = parse_mach(module_base);
+ module_start = parse_mach(module_base, &load_module, &add_symbol);
if(module_start && module_start != (void*)0xFFFFFFFF)
{
+ // Notify the system that it was laoded
+ module_loaded(module/*moduleName, moduleVersion, moduleCompat*/);
(*module_start)(); // Start the module
DBG("Module %s Loaded.\n", module);
}
@@ -290,35 +298,40 @@
* symbols will still be available (TODO: fix this). This should not
* happen as all dependencies are verified before the sybols are read in.
*/
-void* parse_mach(void* binary) // TODO: add param to specify valid archs
+void* parse_mach(void* binary, int(*dylib_loader)(char*), long long(*symbol_handler)(char*, long long, char)) // TODO: add param to specify valid archs
{
char is64 = false;
void (*module_start)(void) = NULL;
// Module info
- char* moduleName = NULL;
+ /*char* moduleName = NULL;
UInt32 moduleVersion = 0;
UInt32 moduleCompat = 0;
-
+ */
// TODO convert all of the structs to a union
struct load_command *loadCommand = NULL;
struct dylib_command* dylibCommand = NULL;
struct dyld_info_command* dyldInfoCommand = NULL;
struct symtab_command* symtabCommand = NULL;
-
+ struct segment_command *segCommand = NULL;
+ struct segment_command_64 *segCommand64 = NULL;
+
//struct dysymtab_command* dysymtabCommand = NULL;
- UInt32 binaryIndex = sizeof(struct mach_header);
+ UInt32 binaryIndex = 0;
UInt16 cmd = 0;
// Parse through the load commands
if(((struct mach_header*)binary)->magic == MH_MAGIC)
{
is64 = 0;
+ binaryIndex += sizeof(struct mach_header);
}
- else if(((struct mach_header_64*)binary)->magic != MH_MAGIC_64)
+ else if(((struct mach_header_64*)binary)->magic == MH_MAGIC_64)
{
+ // NOTE: modules cannot be 64bit...
is64 = 1;
+ binaryIndex += sizeof(struct mach_header_64);
}
else
{
@@ -329,12 +342,12 @@
- if(((struct mach_header*)binary)->filetype != MH_DYLIB)
+ /*if(((struct mach_header*)binary)->filetype != MH_DYLIB)
{
printf("Module is not a dylib. Unable to load.\n");
getc();
return NULL; // Module is in the incorrect format
- }
+ }*/
while(cmd < ((struct mach_header*)binary)->ncmds) // TODO: for loop instead
{
@@ -349,9 +362,70 @@
case LC_SYMTAB:
symtabCommand = binary + binaryIndex;
break;
- case LC_SEGMENT:
+
+ case LC_SEGMENT: // 32bit macho
+ segCommand = binary + binaryIndex;
+
+ //printf("Segment name is %s\n", segCommand->segname);
+
+ if(strcmp("__TEXT", segCommand->segname) == 0)
+ {
+ UInt32 sectionIndex;
+
+ sectionIndex = sizeof(struct segment_command);
+
+ struct section *sect;
+
+ while(sectionIndex < segCommand->cmdsize)
+ {
+ sect = binary + binaryIndex + sectionIndex;
+
+ sectionIndex += sizeof(struct section);
+
+
+ if(strcmp("__text", sect->sectname) == 0)
+ {
+ // __TEXT,__text found, save the offset and address for when looking for the calls.
+ textSection = sect->offset;
+ textAddress = sect->addr;
+ break;
+ }
+ }
+ }
break;
+ case LC_SEGMENT_64: // 64bit macho's
+ segCommand64 = binary + binaryIndex;
+ //printf("Segment name is %s\n", segCommand->segname);
+
+ if(strcmp("__TEXT", segCommand64->segname) == 0)
+ {
+ UInt32 sectionIndex;
+
+ sectionIndex = sizeof(struct segment_command_64);
+
+ struct section_64 *sect;
+
+ while(sectionIndex < segCommand64->cmdsize)
+ {
+ sect = binary + binaryIndex + sectionIndex;
+
+ sectionIndex += sizeof(struct section_64);
+
+
+ if(strcmp("__text", sect->sectname) == 0)
+ {
+ // __TEXT,__text found, save the offset and address for when looking for the calls.
+ textSection = sect->offset;
+ textAddress = sect->addr;
+
+ break;
+ }
+ }
+ }
+
+ break;
+
case LC_DYSYMTAB:
break;
@@ -363,7 +437,7 @@
// = dylibCommand->dylib.current_version;
// = dylibCommand->dylib.compatibility_version;
- if(!load_module(module))
+ if(dylib_loader && !dylib_loader(module))
{
// Unable to load dependancy
return NULL;
@@ -372,9 +446,10 @@
case LC_ID_DYLIB:
dylibCommand = binary + binaryIndex;
- moduleName = binary + binaryIndex + ((UInt32)*((UInt32*)&dylibCommand->dylib.name));
+ /*moduleName = binary + binaryIndex + ((UInt32)*((UInt32*)&dylibCommand->dylib.name));
moduleVersion = dylibCommand->dylib.current_version;
moduleCompat = dylibCommand->dylib.compatibility_version;
+ */
break;
case LC_DYLD_INFO:
@@ -385,6 +460,9 @@
case LC_UUID:
break;
+ case LC_UNIXTHREAD:
+ break;
+
default:
DBG("Unhandled loadcommand 0x%X\n", loadCommand->cmd & 0x7FFFFFFF);
break;
@@ -393,11 +471,11 @@
binaryIndex += cmdSize;
}
- if(!moduleName) return NULL;
+ //if(!moduleName) return NULL;
// bind_macho uses the symbols.
- module_start = (void*)handle_symtable((UInt32)binary, symtabCommand, &add_symbol, is64);
+ module_start = (void*)handle_symtable((UInt32)binary, symtabCommand, symbol_handler, is64);
// Rebase the module before binding it.
if(dyldInfoCommand && dyldInfoCommand->rebase_off)
@@ -422,13 +500,7 @@
// This should be changed to bind when a symbol is referened at runtime instead.
bind_macho(binary, (char*)dyldInfoCommand->lazy_bind_off, dyldInfoCommand->lazy_bind_size);
}
-
-
-
- // Notify the system that it was laoded
- module_loaded(moduleName, moduleVersion, moduleCompat);
-
return module_start;
}
@@ -939,7 +1011,7 @@
* print out the information about the loaded module
*/
-void module_loaded(char* name, UInt32 version, UInt32 compat)
+void module_loaded(const char* name/*, UInt32 version, UInt32 compat*/)
{
moduleList_t* entry;
/*
@@ -969,9 +1041,9 @@
}
entry->next = NULL;
- entry->module = name;
- entry->version = version;
- entry->compat = compat;
+ entry->module = (char*)name;
+ entry->version = 0; //version;
+ entry->compat = 0; //compat;
}
@@ -981,8 +1053,10 @@
moduleList_t* entry = loadedModules;
while(entry)
{
+ DBG("Comparing %s with %s\n", name, entry->module);
if(strcmp(entry->module, name) == 0)
{
+ DBG("Located module %s\n", name);
return 1;
}
else
@@ -991,6 +1065,8 @@
}
}
+ DBG("Module %s not found\n", name);
+
return 0;
}
@@ -1050,12 +1126,9 @@
//char* symbolTable = base + symtabCommand->symoff;
if(!is64)
{
-
+ struct nlist* symbolEntry = (void*)base + symtabCommand->symoff;
while(symbolIndex < symtabCommand->nsyms)
{
-
- struct nlist* symbolEntry = (void*)base + symtabCommand->symoff + (symbolIndex * sizeof(struct nlist));
-
// If the symbol is exported by this module
if(symbolEntry->n_value &&
symbol_handler(symbolString + symbolEntry->n_un.n_strx, (long long)base + symbolEntry->n_value, is64) != 0xFFFFFFFF)
@@ -1065,17 +1138,17 @@
module_start = base + symbolEntry->n_value;
}
- symbolEntry+= sizeof(struct nlist);
+ symbolEntry++;
symbolIndex++; // TODO remove
}
}
else
{
-
+ struct nlist_64* symbolEntry = (void*)base + symtabCommand->symoff;
+ // NOTE First entry is *not* correct, but we can ignore it (i'm getting radar:// right now)
while(symbolIndex < symtabCommand->nsyms)
{
- struct nlist_64* symbolEntry = (void*)base + symtabCommand->symoff + (symbolIndex * sizeof(struct nlist_64));
// If the symbol is exported by this module
if(symbolEntry->n_value &&
@@ -1086,7 +1159,7 @@
module_start = base + symbolEntry->n_value;
}
- symbolEntry+= sizeof(struct nlist);
+ symbolEntry++;
symbolIndex++; // TODO remove
}
}
Index: branches/azimutz/Chazi/i386/boot2/modules.h
===================================================================
--- branches/azimutz/Chazi/i386/boot2/modules.h (revision 496)
+++ branches/azimutz/Chazi/i386/boot2/modules.h (revision 497)
@@ -10,7 +10,10 @@
#ifndef __BOOT_MODULES_H
#define __BOOT_MODULES_H
+extern unsigned long long textAddress;
+extern unsigned long long textSection;
+
typedef struct symbolList_t
{
char* symbol;
@@ -67,14 +70,19 @@
void register_hook_callback(const char* name, void(*callback)(void*, void*, void*, void*));
inline void rebase_location(UInt32* location, char* base);
+void rebase_macho(void* base, char* rebase_stream, UInt32 size);
+void bind_macho(void* base, char* bind_stream, UInt32 size);
-int load_module(const char* module);
+int load_module(char* module);
int is_module_laoded(const char* name);
-void module_loaded(char* name, UInt32 version, UInt32 compat);
+void module_loaded(const char* name/*, UInt32 version, UInt32 compat*/);
long long add_symbol(char* symbol, long long addr, char is64);
-void* parse_mach(void* binary);
+void* parse_mach(void* binary,
+ int(*dylib_loader)(char*),
+ long long(*symbol_handler)(char*, long long, char)
+ );
unsigned int handle_symtable(UInt32 base,
struct symtab_command* symtabCommand,
Index: branches/azimutz/Chazi/i386/modules/KernelPatcher/kernel_patcher.c
===================================================================
--- branches/azimutz/Chazi/i386/modules/KernelPatcher/kernel_patcher.c (revision 496)
+++ branches/azimutz/Chazi/i386/modules/KernelPatcher/kernel_patcher.c (revision 497)
@@ -1,4 +1,4 @@
-/*
+ /*
* Copyright (c) 2009-2010 Evan Lojewski. All rights reserved.
*
*/
@@ -16,37 +16,37 @@
kernSymbols_t* kernelSymbols = NULL;
-UInt32 textSection = 0;
-UInt32 textAddress = 0;
-
-
void KernelPatcher_start()
{
//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_ATOM); // TODO: CPUFAMILY_INTEL_PENRYN, CPUID_MODEL_PENRYN
//register_kernel_patch(patch_cpuid_set_info, KERNEL_32, CPUID_MODEL_UNKNOWN); // 0, 0
- register_kernel_patch(patch_cpuid_set_info_all, KERNEL_32, CPUID_MODEL_UNKNOWN);
+ register_kernel_patch(patch_cpuid_set_info_all, KERNEL_ANY, CPUID_MODEL_UNKNOWN);
- register_kernel_patch(patch_commpage_stuff_routine, KERNEL_32, CPUID_MODEL_ANY);
+ register_kernel_patch(patch_commpage_stuff_routine, KERNEL_ANY, CPUID_MODEL_ANY);
- register_kernel_patch(patch_lapic_init, KERNEL_32, CPUID_MODEL_ANY);
+ register_kernel_patch(patch_lapic_init, KERNEL_ANY, CPUID_MODEL_ANY);
+ // NOTE: following is currently 32bit only
register_kernel_patch(patch_lapic_configure, KERNEL_32, CPUID_MODEL_ANY);
- //register_kernel_patch(patch_lapic_interrupt, KERNEL_32, CPUID_MODEL_ANY);
- register_kernel_symbol(KERNEL_32, "_panic");
- register_kernel_symbol(KERNEL_32, "_cpuid_set_info");
- register_kernel_symbol(KERNEL_32, "_pmCPUExitHaltToOff");
- register_kernel_symbol(KERNEL_32, "_lapic_init");
- register_kernel_symbol(KERNEL_32, "_commpage_stuff_routine");
+ register_kernel_symbol(KERNEL_ANY, "_panic");
+ register_kernel_symbol(KERNEL_ANY, "_cpuid_set_info");
+ register_kernel_symbol(KERNEL_ANY, "_pmCPUExitHaltToOff");
+ register_kernel_symbol(KERNEL_ANY, "_lapic_init");
+ register_kernel_symbol(KERNEL_ANY, "_commpage_stuff_routine");
// LAPIC configure symbols
- register_kernel_symbol(KERNEL_32, "_lapic_configure");
- register_kernel_symbol(KERNEL_32, "_lapic_interrupt");
+ register_kernel_symbol(KERNEL_ANY, "_lapic_configure");
- register_kernel_symbol(KERNEL_32, "_lapic_start");
- register_kernel_symbol(KERNEL_32, "_lapic_interrupt_base");
+ register_kernel_symbol(KERNEL_ANY, "_lapic_start");
+ register_kernel_symbol(KERNEL_ANY, "_lapic_interrupt_base");
+
+
+ //register_kernel_patch(patch_lapic_interrupt, KERNEL_ANY, CPUID_MODEL_ANY);
+ //register_kernel_symbol(KERNEL_ANY, "_lapic_interrupt");
+
// TODO: register needed symbols
@@ -178,7 +178,6 @@
locate_symbols(kernelData);
-
if(patches != NULL)
{
while(entry)
@@ -216,81 +215,10 @@
**/
int locate_symbols(void* kernelData)
{
-
- struct load_command *loadCommand;
- struct symtab_command *symtableData = 0; //Azi:warning
- // struct nlist *symbolEntry;
-
- char* symbolString;
-
- UInt32 kernelIndex = 0;
- kernelIndex += sizeof(struct mach_header);
-
- if(((struct mach_header*)kernelData)->magic != MH_MAGIC) return KERNEL_64;
-
-
- int cmd = 0;
- while(cmd < ((struct mach_header*)kernelData)->ncmds) // TODO: for loop instead
- {
- cmd++;
-
- loadCommand = kernelData + kernelIndex;
-
- UInt cmdSize = loadCommand->cmdsize;
-
-
- if((loadCommand->cmd & 0x7FFFFFFF) == LC_SYMTAB) // We only care about the symtab segment
- {
- //printf("Located symtable, length is 0x%X, 0x%X\n", (unsigned int)loadCommand->cmdsize, (unsigned int)sizeof(symtableData));
-
- symtableData = kernelData + kernelIndex;
- kernelIndex += sizeof(struct symtab_command);
-
- symbolString = kernelData + symtableData->stroff;
- }
- else if((loadCommand->cmd & 0x7FFFFFFF) == LC_SEGMENT) // We only care about the __TEXT segment, any other load command can be ignored
- {
-
- struct segment_command *segCommand;
-
- segCommand = kernelData + kernelIndex;
-
- //printf("Segment name is %s\n", segCommand->segname);
-
- if(strcmp("__TEXT", segCommand->segname) == 0)
- {
- UInt32 sectionIndex;
-
- sectionIndex = sizeof(struct segment_command);
-
- struct section *sect;
-
- while(sectionIndex < segCommand->cmdsize)
- {
- sect = kernelData + kernelIndex + sectionIndex;
-
- sectionIndex += sizeof(struct section);
-
-
- if(strcmp("__text", sect->sectname) == 0)
- {
- // __TEXT,__text found, save the offset and address for when looking for the calls.
- textSection = sect->offset;
- textAddress = sect->addr;
- break;
- }
- }
- }
-
-
- kernelIndex += cmdSize;
- } else {
- kernelIndex += cmdSize;
- }
- }
-
- return handle_symtable((UInt32)kernelData, symtableData, &symbol_handler,
- determineKernelArchitecture(kernelData) == KERNEL_64);
+ char is64 = 1;
+ parse_mach(kernelData, NULL, symbol_handler);
+ //handle_symtable((UInt32)kernelData, symtableData, &symbol_handler, determineKernelArchitecture(kernelData) == KERNEL_64);
+ return 1 << is64;
}
long long symbol_handler(char* symbolName, long long addr, char is64)
@@ -299,8 +227,13 @@
kernSymbols_t *symbol = lookup_kernel_symbol(symbolName);
+
if(symbol)
{
+
+ //printf("Located %sbit symbol %s at 0x%lX\n", is64 ? "64" : "32", symbolName, addr);
+ //getc();
+
symbol->addr = addr;
}
return 0xFFFFFFFF; // fixme
@@ -326,12 +259,16 @@
}
void patch_cpuid_set_info(void* kernelData, UInt32 impersonateFamily, UInt8 impersonateModel)
-{
+{
UInt8* bytes = (UInt8*)kernelData;
kernSymbols_t *symbol = lookup_kernel_symbol("_cpuid_set_info");
+
UInt32 patchLocation = symbol ? symbol->addr - textAddress + textSection: 0; // (kernelSymbolAddresses[SYMBOL_CPUID_SET_INFO] - textAddress + textSection);
+ patchLocation -= (UInt32)kernelData; // Remove offset
+
+
UInt32 jumpLocation = 0;
@@ -349,14 +286,10 @@
printf("Unable to locate _panic\n");
return;
}
-
- patchLocation -= (UInt32)kernelData; // Remove offset
panicAddr -= (UInt32)kernelData;
-
-
//TODO: don't assume it'll always work (Look for *next* function address in symtab and fail once it's been reached)
while(
(bytes[patchLocation -1] != 0xE8) ||
@@ -370,16 +303,21 @@
}
patchLocation--;
+ printf("0x%X 0x%X 0x%X 0x%X 0x%X\n", bytes[patchLocation ], bytes[patchLocation +1], bytes[patchLocation +2], bytes[patchLocation +3], bytes[patchLocation +4]);
+
// Remove panic call, just in case the following patch routines fail
bytes[patchLocation + 0] = 0x90;
bytes[patchLocation + 1] = 0x90;
bytes[patchLocation + 2] = 0x90;
bytes[patchLocation + 3] = 0x90;
bytes[patchLocation + 4] = 0x90;
+ printf("0x%X 0x%X 0x%X 0x%X 0x%X\n", bytes[patchLocation ], bytes[patchLocation +1], bytes[patchLocation +2], bytes[patchLocation +3], bytes[patchLocation +4]);
+
+ getc();
-
// Locate the jump call, so that 10 bytes can be reclamed.
// NOTE: This will *NOT* be located on pre 10.6.2 kernels
+ // NOTE: This will work on a *32* bit kernel and *not* on a 64 bit ont
jumpLocation = patchLocation - 15;
while((bytes[jumpLocation - 1] != 0x77 ||
bytes[jumpLocation] != (patchLocation - jumpLocation - -8)) &&
@@ -441,59 +379,81 @@
}
else if(impersonateFamily && impersonateModel)
{
- // pre 10.6.2 kernel
- // Locate the jump to directly *after* the panic call,
- jumpLocation = patchLocation - 4;
- while((bytes[jumpLocation - 1] != 0x77 ||
- bytes[jumpLocation] != (patchLocation - jumpLocation + 4)) &&
- (patchLocation - jumpLocation) < 0x20)
+ // Eitehr a 64bit kernel *or* a pre 10.6.2 kernel
+ // Look for
+ jumpLocation = patchLocation - 15;
+ while((bytes[jumpLocation - 2] != 0x0F ||
+ bytes[jumpLocation - 1] != 0x87 ||
+ bytes[jumpLocation] != (patchLocation - jumpLocation - -31)) &&
+ (patchLocation - jumpLocation) < 0x200)
{
jumpLocation--;
}
- // NOTE above isn't needed (I was going to use it, but I'm not, so instead,
- // I'll just leave it to verify the binary stucture.
- // NOTE: the cpumodel_familt data is not set in _cpuid_set_info
- // so we don't need to set it here, I'll get set later based on the model
- // we set now.
- if((patchLocation - jumpLocation) < 0x20)
+ if((patchLocation - jumpLocation) < 0x200)
{
- UInt32 cpuid_model_addr = (bytes[patchLocation - 14] << 0 |
- bytes[patchLocation - 13] << 8 |
- bytes[patchLocation - 12] << 16 |
- bytes[patchLocation - 11] << 24);
- // Remove jump
- bytes[patchLocation - 9] = 0x90; /// Was a jump if supported cpu
- bytes[patchLocation - 8] = 0x90; // jumped past the panic call, we want to override the panic
-
- bytes[patchLocation - 7] = 0x90;
- bytes[patchLocation - 6] = 0x90;
+ // 64 bit kernel, 10.6.2+
+ }
+ else
+ { // 32 bit kernel
+
+ // pre 10.6.2 kernel
+ // Locate the jump to directly *after* the panic call,
+ jumpLocation = patchLocation - 4;
+ while((bytes[jumpLocation - 1] != 0x77 ||
+ bytes[jumpLocation] != (patchLocation - jumpLocation + 4)) &&
+ (patchLocation - jumpLocation) < 0x20)
+ {
+ jumpLocation--;
+ }
+ // NOTE above isn't needed (I was going to use it, but I'm not, so instead,
+ // I'll just leave it to verify the binary stucture.
- bytes[patchLocation - 5] = 0xC7;
- bytes[patchLocation - 4] = 0x05;
- bytes[patchLocation - 3] = (cpuid_model_addr & 0x000000FF) >> 0;
- bytes[patchLocation - 2] = (cpuid_model_addr & 0x0000FF00) >> 8;
- bytes[patchLocation - 1] = (cpuid_model_addr & 0x00FF0000) >> 16;
- bytes[patchLocation - 0] = (cpuid_model_addr & 0xFF000000) >> 24;
+ // NOTE: the cpumodel_family data is not set in _cpuid_set_info
+ // so we don't need to set it here, I'll get set later based on the model
+ // we set now.
- // Note: I could have just copied the 8bit cpuid_model in and saved about 4 bytes
- // so if this function need a different patch it's still possible. Also, about ten bytes previous can be freed.
- bytes[patchLocation + 1] = impersonateModel; // cpuid_model
- bytes[patchLocation + 2] = 0x01; // cpuid_extmodel
- bytes[patchLocation + 3] = 0x00; // cpuid_extfamily
- bytes[patchLocation + 4] = 0x02; // cpuid_stepping
-
-
-
- patchLocation = jumpLocation;
- // We now have 14 bytes available for a patch
-
+ if((patchLocation - jumpLocation) < 0x20)
+ {
+ UInt32 cpuid_model_addr = (bytes[patchLocation - 14] << 0 |
+ bytes[patchLocation - 13] << 8 |
+ bytes[patchLocation - 12] << 16 |
+ bytes[patchLocation - 11] << 24);
+ // Remove jump
+ bytes[patchLocation - 9] = 0x90; /// Was a jump if supported cpu
+ bytes[patchLocation - 8] = 0x90; // jumped past the panic call, we want to override the panic
+
+ bytes[patchLocation - 7] = 0x90;
+ bytes[patchLocation - 6] = 0x90;
+
+ bytes[patchLocation - 5] = 0xC7;
+ bytes[patchLocation - 4] = 0x05;
+ bytes[patchLocation - 3] = (cpuid_model_addr & 0x000000FF) >> 0;
+ bytes[patchLocation - 2] = (cpuid_model_addr & 0x0000FF00) >> 8;
+ bytes[patchLocation - 1] = (cpuid_model_addr & 0x00FF0000) >> 16;
+ bytes[patchLocation - 0] = (cpuid_model_addr & 0xFF000000) >> 24;
+
+ // Note: I could have just copied the 8bit cpuid_model in and saved about 4 bytes
+ // so if this function need a different patch it's still possible. Also, about ten bytes previous can be freed.
+ bytes[patchLocation + 1] = impersonateModel; // cpuid_model
+ bytes[patchLocation + 2] = 0x01; // cpuid_extmodel
+ bytes[patchLocation + 3] = 0x00; // cpuid_extfamily
+ bytes[patchLocation + 4] = 0x02; // cpuid_stepping
+
+
+
+ patchLocation = jumpLocation;
+ // We now have 14 bytes available for a patch
+
+ }
}
- else
+ /*else
{
+ // Check for 64bit kernel.
+
// Patching failed, using NOP replacement done initialy
- }
+ }*/
}
else
{
Index: branches/azimutz/Chazi/i386/modules/KernelPatcher/Makefile
===================================================================
--- branches/azimutz/Chazi/i386/modules/KernelPatcher/Makefile (revision 496)
+++ branches/azimutz/Chazi/i386/modules/KernelPatcher/Makefile (revision 497)
@@ -21,7 +21,7 @@
INSTALLDIR = $(DSTROOT)/System/Library/Frameworks/System.framework/Versions/B/PrivateHeaders/standalone
-OPTIM = -Os -Oz
+OPTIM = -O3
DEBUG = -DNOTHING
#DEBUG = -DDEBUG_HELLO_WORLD=1
CFLAGS = $(RC_CFLAGS) $(OPTIM) $(MORECPP) -arch i386 -g -Wmost \
Index: branches/azimutz/Chazi/i386/modules/Symbols/Makefile
===================================================================
--- branches/azimutz/Chazi/i386/modules/Symbols/Makefile (revision 496)
+++ branches/azimutz/Chazi/i386/modules/Symbols/Makefile (revision 497)
@@ -1,6 +1,7 @@
MODULE_NAME = Symbols
MODULE_VERSION = "1.0.0"
+MODULE_COMPAT_VERSION = `ls ../../.svn &> /dev/null && (svn info ../../ | grep Revision | awk '{print $$2}') || echo 0`
MODULE_START = _$(MODULE_NAME)_start
MODULE_DEPENDENCIES =
DIR = HelloWorld
@@ -63,7 +64,7 @@
-S -x -dead_strip_dylibs \
-no_uuid \
-bind_at_load \
- -current_version $(MODULE_VERSION) -compatibility_version `svn info ../../ | grep Revision | awk '{print $$2}'` \
+ -current_version $(MODULE_VERSION) -compatibility_version $(MODULE_COMPAT_VERSION) \
-final_output $(MODULE_NAME) \
$(OBJROOT)/Symbols.o -o $(SYMROOT)/$(MODULE_NAME).dylib \
Index: branches/azimutz/Chazi/i386/Makefile
===================================================================
--- branches/azimutz/Chazi/i386/Makefile (revision 496)
+++ branches/azimutz/Chazi/i386/Makefile (revision 497)
@@ -44,5 +44,21 @@
) || exit $$?; \
done
+modules:
+ @for i in "modules"; \
+ do \
+ echo ================= make $@ for $$i =================; \
+ ( cd $$i; ${MAKE} \
+ "OBJROOT=$(OBJROOT)/$$i" \
+ "SYMROOT=$(SYMROOT)" \
+ "DSTROOT=$(DSTROOT)" \
+ "SRCROOT=$(SRCROOT)" \
+ "RC_ARCHS=$(RC_ARCHS)" \
+ "RC_KANJI=$(RC_KANJI)" \
+ "JAPANESE=$(JAPANESE)" \
+ "RC_CFLAGS=$(RC_CFLAGS)" $@ \
+ ) || exit $$?; \
+ done
+
installsrc:
tar cf - . | (cd ${SRCROOT}; tar xfBp -)