| 1 | /*␊ |
| 2 | * Copyright (c) 2009-2012 Evan Lojewski. All rights reserved.␊ |
| 3 | * Copyright (c) 2013-2015 xZenue LLC. All rights reserved.␊ |
| 4 | *␊ |
| 5 | *␊ |
| 6 | * This work is licensed under the␊ |
| 7 | * Creative Commons Attribution-NonCommercial 3.0 Unported License.␊ |
| 8 | * To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/.␊ |
| 9 | */␊ |
| 10 | ␊ |
| 11 | #ifndef __BOOT2_KERNEL_PATCHER_H␊ |
| 12 | #define __BOOT2_KERNEL_PATCHER_H␊ |
| 13 | ␊ |
| 14 | #include <libkern/OSTypes.h>␊ |
| 15 | #include <mach-o/loader.h>␊ |
| 16 | #include <mach-o/nlist.h>␊ |
| 17 | #include <mach-o/reloc.h>␊ |
| 18 | ␊ |
| 19 | #include "modules.h" ␊ |
| 20 | #include "cpu.h"␊ |
| 21 | #include "binaryPatcher.h"␊ |
| 22 | ␊ |
| 23 | #define CPU_MODEL_ANY 0x00␊ |
| 24 | #define CPU_MODEL_UNKNOWN 0x01␊ |
| 25 | ␊ |
| 26 | #define KERNEL_ANY 0x00␊ |
| 27 | #define KERNEL_64 0x01␊ |
| 28 | #define KERNEL_32 0x02␊ |
| 29 | #define KERNEL_ERR 0xFF␊ |
| 30 | ␊ |
| 31 | #define CPUIDFAMILY_DEFAULT 6␊ |
| 32 | ␊ |
| 33 | ␊ |
| 34 | // kernel patches␊ |
| 35 | void patch_kernel_internal(void *kernelData, u_int32_t uncompressed_size);␊ |
| 36 | ␊ |
| 37 | // Power management patch for kernel 13.0␊ |
| 38 | static UInt8 KernelPatchPmSrc[] = {␊ |
| 39 | 0x55, 0x48, 0x89, 0xe5, 0x41, 0x89, 0xd0, 0x85,␊ |
| 40 | 0xf6, 0x74, 0x6c, 0x48, 0x83, 0xc7, 0x28, 0x90,␊ |
| 41 | 0x8b, 0x05, 0x5e, 0x30, 0x5e, 0x00, 0x85, 0x47,␊ |
| 42 | 0xdc, 0x74, 0x54, 0x8b, 0x4f, 0xd8, 0x45, 0x85,␊ |
| 43 | 0xc0, 0x74, 0x08, 0x44, 0x39, 0xc1, 0x44, 0x89,␊ |
| 44 | 0xc1, 0x75, 0x44, 0x0f, 0x32, 0x89, 0xc0, 0x48,␊ |
| 45 | 0xc1, 0xe2, 0x20, 0x48, 0x09, 0xc2, 0x48, 0x89,␊ |
| 46 | 0x57, 0xf8, 0x48, 0x8b, 0x47, 0xe8, 0x48, 0x85,␊ |
| 47 | 0xc0, 0x74, 0x06, 0x48, 0xf7, 0xd0, 0x48, 0x21,␊ |
| 48 | 0xc2, 0x48, 0x0b, 0x57, 0xf0, 0x49, 0x89, 0xd1,␊ |
| 49 | 0x49, 0xc1, 0xe9, 0x20, 0x89, 0xd0, 0x8b, 0x4f,␊ |
| 50 | 0xd8, 0x4c, 0x89, 0xca, 0x0f, 0x30, 0x8b, 0x4f,␊ |
| 51 | 0xd8, 0x0f, 0x32, 0x89, 0xc0, 0x48, 0xc1, 0xe2,␊ |
| 52 | 0x20, 0x48, 0x09, 0xc2, 0x48, 0x89, 0x17, 0x48,␊ |
| 53 | 0x83, 0xc7, 0x30, 0xff, 0xce, 0x75, 0x99, 0x5d,␊ |
| 54 | 0xc3, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90␊ |
| 55 | };␊ |
| 56 | static UInt8 KernelPatchPmRepl[] = {␊ |
| 57 | 0x55, 0x48, 0x89, 0xe5, 0x41, 0x89, 0xd0, 0x85,␊ |
| 58 | 0xf6, 0x74, 0x73, 0x48, 0x83, 0xc7, 0x28, 0x90,␊ |
| 59 | 0x8b, 0x05, 0x5e, 0x30, 0x5e, 0x00, 0x85, 0x47,␊ |
| 60 | 0xdc, 0x74, 0x5b, 0x8b, 0x4f, 0xd8, 0x45, 0x85,␊ |
| 61 | 0xc0, 0x74, 0x08, 0x44, 0x39, 0xc1, 0x44, 0x89,␊ |
| 62 | 0xc1, 0x75, 0x4b, 0x0f, 0x32, 0x89, 0xc0, 0x48,␊ |
| 63 | 0xc1, 0xe2, 0x20, 0x48, 0x09, 0xc2, 0x48, 0x89,␊ |
| 64 | 0x57, 0xf8, 0x48, 0x8b, 0x47, 0xe8, 0x48, 0x85,␊ |
| 65 | 0xc0, 0x74, 0x06, 0x48, 0xf7, 0xd0, 0x48, 0x21,␊ |
| 66 | 0xc2, 0x48, 0x0b, 0x57, 0xf0, 0x49, 0x89, 0xd1,␊ |
| 67 | 0x49, 0xc1, 0xe9, 0x20, 0x89, 0xd0, 0x8b, 0x4f,␊ |
| 68 | 0xd8, 0x4c, 0x89, 0xca, 0x66, 0x81, 0xf9, 0xe2,␊ |
| 69 | 0x00, 0x74, 0x02, 0x0f, 0x30, 0x8b, 0x4f, 0xd8,␊ |
| 70 | 0x0f, 0x32, 0x89, 0xc0, 0x48, 0xc1, 0xe2, 0x20,␊ |
| 71 | 0x48, 0x09, 0xc2, 0x48, 0x89, 0x17, 0x48, 0x83,␊ |
| 72 | 0xc7, 0x30, 0xff, 0xce, 0x75, 0x92, 0x5d, 0xc3␊ |
| 73 | };␊ |
| 74 | // Power management patch for kernel 12.5␊ |
| 75 | static UInt8 KernelPatchPmSrc2[] = {␊ |
| 76 | 0x55, 0x48, 0x89, 0xe5, 0x41, 0x89, 0xd0, 0x85,␊ |
| 77 | 0xf6, 0x74, 0x69, 0x48, 0x83, 0xc7, 0x28, 0x90,␊ |
| 78 | 0x8b, 0x05, 0xfe, 0xce, 0x5f, 0x00, 0x85, 0x47,␊ |
| 79 | 0xdc, 0x74, 0x51, 0x8b, 0x4f, 0xd8, 0x45, 0x85,␊ |
| 80 | 0xc0, 0x74, 0x05, 0x44, 0x39, 0xc1, 0x75, 0x44,␊ |
| 81 | 0x0f, 0x32, 0x89, 0xc0, 0x48, 0xc1, 0xe2, 0x20,␊ |
| 82 | 0x48, 0x09, 0xc2, 0x48, 0x89, 0x57, 0xf8, 0x48,␊ |
| 83 | 0x8b, 0x47, 0xe8, 0x48, 0x85, 0xc0, 0x74, 0x06,␊ |
| 84 | 0x48, 0xf7, 0xd0, 0x48, 0x21, 0xc2, 0x48, 0x0b,␊ |
| 85 | 0x57, 0xf0, 0x49, 0x89, 0xd1, 0x49, 0xc1, 0xe9,␊ |
| 86 | 0x20, 0x89, 0xd0, 0x8b, 0x4f, 0xd8, 0x4c, 0x89,␊ |
| 87 | 0xca, 0x0f, 0x30, 0x8b, 0x4f, 0xd8, 0x0f, 0x32,␊ |
| 88 | 0x89, 0xc0, 0x48, 0xc1, 0xe2, 0x20, 0x48, 0x09,␊ |
| 89 | 0xc2, 0x48, 0x89, 0x17, 0x48, 0x83, 0xc7, 0x30,␊ |
| 90 | 0xff, 0xce, 0x75, 0x9c, 0x5d, 0xc3, 0x90, 0x90,␊ |
| 91 | 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90␊ |
| 92 | };␊ |
| 93 | ␊ |
| 94 | static UInt8 KernelPatchPmRepl2[] = {␊ |
| 95 | 0x55, 0x48, 0x89, 0xe5, 0x41, 0x89, 0xd0, 0x85,␊ |
| 96 | 0xf6, 0x74, 0x70, 0x48, 0x83, 0xc7, 0x28, 0x90,␊ |
| 97 | 0x8b, 0x05, 0xfe, 0xce, 0x5f, 0x00, 0x85, 0x47,␊ |
| 98 | 0xdc, 0x74, 0x58, 0x8b, 0x4f, 0xd8, 0x45, 0x85,␊ |
| 99 | 0xc0, 0x74, 0x05, 0x44, 0x39, 0xc1, 0x75, 0x4b,␊ |
| 100 | 0x0f, 0x32, 0x89, 0xc0, 0x48, 0xc1, 0xe2, 0x20,␊ |
| 101 | 0x48, 0x09, 0xc2, 0x48, 0x89, 0x57, 0xf8, 0x48,␊ |
| 102 | 0x8b, 0x47, 0xe8, 0x48, 0x85, 0xc0, 0x74, 0x06,␊ |
| 103 | 0x48, 0xf7, 0xd0, 0x48, 0x21, 0xc2, 0x48, 0x0b,␊ |
| 104 | 0x57, 0xf0, 0x49, 0x89, 0xd1, 0x49, 0xc1, 0xe9,␊ |
| 105 | 0x20, 0x89, 0xd0, 0x8b, 0x4f, 0xd8, 0x4c, 0x89,␊ |
| 106 | 0xca, 0x66, 0x81, 0xf9, 0xe2, 0x00, 0x74, 0x02,␊ |
| 107 | 0x0f, 0x30, 0x8b, 0x4f, 0xd8, 0x0f, 0x32, 0x89,␊ |
| 108 | 0xc0, 0x48, 0xc1, 0xe2, 0x20, 0x48, 0x09, 0xc2,␊ |
| 109 | 0x48, 0x89, 0x17, 0x48, 0x83, 0xc7, 0x30, 0xff,␊ |
| 110 | 0xce, 0x75, 0x95, 0x5d, 0xc3, 0x90, 0x90, 0x90␊ |
| 111 | };␊ |
| 112 | ␊ |
| 113 | #define KERNEL_PATCH_SIGNATURE 0x85d08941e5894855ULL␊ |
| 114 | ␊ |
| 115 | void patch_kernel_32(void *kernelData, u_int32_t uncompressed_size);␊ |
| 116 | void patch_kernel_64(void *kernelData, u_int32_t uncompressed_size);␊ |
| 117 | ␊ |
| 118 | void patch_BooterExtensions_32(void *kernelData); ␊ |
| 119 | void patch_BooterExtensions_64(void *kernelData);␊ |
| 120 | ␊ |
| 121 | bool patch_pm_init(void *kernelData);␊ |
| 122 | bool patch_lapic_version_init_32(void *kernelData);␊ |
| 123 | bool patch_lapic_version_init_64(void *kernelData);␊ |
| 124 | bool patch_lapic_init_32(void *kernelData);␊ |
| 125 | bool patch_lapic_init_64(void *kernelData);␊ |
| 126 | bool patch_haswell_E_init(void *kernelData);␊ |
| 127 | bool patch_haswell_ULT_init(void *kernelData);␊ |
| 128 | ␊ |
| 129 | void patch_SSE3_6(void *kernelData);␊ |
| 130 | void patch_SSE3_5(void *kernelData);␊ |
| 131 | void patch_SSE3_7(void *kernelData);␊ |
| 132 | ␊ |
| 133 | bool patch_string_XNU_init(void *kernelData);␊ |
| 134 | ␊ |
| 135 | // kexts pathes␊ |
| 136 | unsigned int AppleRTC_Patch(void *data, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 137 | unsigned int AsusAICPUPMPatch(void *data, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 138 | unsigned int patch_NVDAStartupWeb(void *kernelData, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 139 | unsigned int trimEnablerSata(void *data, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 140 | unsigned int patch_AppleAHCIPort_OrangeFix(void *data, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 141 | ␊ |
| 142 | void patch_prelinked_kexts(void *kernelData,␊ |
| 143 | u_int32_t uncompressed_size,␊ |
| 144 | unsigned prelinkTextVmaddr,␊ |
| 145 | unsigned prelinkTextFileOff);␊ |
| 146 | ␊ |
| 147 | void patchBooterDefinedKext(const char *kext, void *driverAddr, UInt32 DriverSize, UInt32 StartLocation);␊ |
| 148 | ␊ |
| 149 | // os version␊ |
| 150 | bool checkFullOSVer(const char *version);␊ |
| 151 | ␊ |
| 152 | #endif /* !__BOOT2_KERNEL_PATCHER_H */␊ |
| 153 | |
