shift symbolic table

Signed-off-by: SergeySlice <sergey.slice@gmail.com>
This commit is contained in:
SergeySlice 2020-07-17 23:45:01 +03:00
parent df946b75f4
commit bfe7db9208
5 changed files with 42 additions and 14 deletions

View File

@ -125,6 +125,7 @@ struct mach_header_64 {
#define MH_DSYM 0xa /* companion file with only debug */
/* sections */
#define MH_KEXT_BUNDLE 0xb /* x86_64 kexts */
#define MH_KEXT_CACHE 0xc //???
/* Constants for the flags field of the mach_header */
#define MH_NOUNDEFS 0x1 /* the object file has no undefined

View File

@ -18,7 +18,7 @@
//#include "sse3_5_patcher.h"
#ifndef DEBUG_ALL
#define KERNEL_DEBUG 0
#define KERNEL_DEBUG 1
#else
#define KERNEL_DEBUG DEBUG_ALL
#endif
@ -85,7 +85,7 @@ EFI_STATUS LOADER_ENTRY::getVTable()
//00FFFFFF FF0FFFFF 00000000 FFFFFFFF
// INT32 Tabble = FindBin(KernelData, 0x5000000, vtableSur, 8);
INT32 NTabble = FindBin(KernelData, 0x2000000, (const UINT8 *)ctor_used, (UINT32)strlen(ctor_used));
INT32 NTabble = FindBin(KernelData, KERNEL_MAX_SIZE, (const UINT8 *)ctor_used, (UINT32)strlen(ctor_used));
if (NTabble < 0) {
return EFI_NOT_FOUND;
}
@ -94,10 +94,10 @@ EFI_STATUS LOADER_ENTRY::getVTable()
// NTabble -=4;
DBG_RT("LinkAdr=%x Tabble=%x\n",LinkAdr, NTabble);
// DBG("LinkAdr=%x NTabble=%x Tabble=%x\n",LinkAdr, NTabble, Tabble);
SEGMENT *LinkSeg = (SEGMENT*)&KernelData[LinkAdr];
AddrVtable = LinkSeg->AddrVtable;
SizeVtable = LinkSeg->SizeVtable;
NamesTable = LinkSeg->AddrNames;
// SEGMENT *LinkSeg = (SEGMENT*)&KernelData[LinkAdr];
// AddrVtable = LinkSeg->AddrVtable;
// SizeVtable = LinkSeg->SizeVtable;
// NamesTable = LinkSeg->AddrNames;
//TODO find an origin of the shift
shift = NTabble - NamesTable;
// DBG_RT("AddrVtable=%x Size=%x AddrNames=%x shift=%x\n", AddrVtable, SizeVtable, NamesTable, shift);
@ -105,7 +105,8 @@ EFI_STATUS LOADER_ENTRY::getVTable()
AddrVtable += shift;
// AddrVtable = Tabble;
DBG("AddrVtable=%x Size=%x AddrNames=%x shift=%x\n", AddrVtable, SizeVtable, NamesTable, shift);
SegVAddr = FindBin(KernelData, 0x600, (const UINT8 *)kTextSegment, (UINT32)strlen(kTextSegment));
SegVAddr = FindBin(KernelData+KernelOffset, 0x600, (const UINT8 *)kTextSegment, (UINT32)strlen(kTextSegment));
SegVAddr += KernelOffset;
DBG("SegVAddr=0x%x\n", SegVAddr);
return EFI_SUCCESS;
}
@ -161,6 +162,7 @@ UINTN LOADER_ENTRY::searchProcInDriver(UINT8 * driver, UINT32 driverLen, const c
break;
case ID_SEG_KLD:
case ID_SEG_KLD2:
case ID_SEG_KLD3:
lSegVAddr = FindBin(driver, 0x2000, (const UINT8 *)kKldSegment, (UINT32)strlen(kKldSegment));
break;
// case ID_SEC_BSS:
@ -1909,10 +1911,11 @@ VOID LOADER_ENTRY::Get_PreLink()
UINT32 ncmds, cmdsize;
UINT32 binaryIndex;
UINTN cnt;
UINT8* binary = (UINT8*)KernelData;
UINT8* binary = &KernelData[KernelOffset];
struct load_command *loadCommand;
struct segment_command *segCmd;
struct segment_command_64 *segCmd64;
struct symtab_command *symCmd;
if (is64BitKernel) {
@ -1928,7 +1931,7 @@ VOID LOADER_ENTRY::Get_PreLink()
cmdsize = loadCommand->cmdsize;
switch (loadCommand->cmd) {
case LC_SEGMENT_64:
case LC_SEGMENT_64: //19
segCmd64 = (struct segment_command_64 *)loadCommand;
//segn = (UINT32)(UINTN)segCmd64->segname;
if ((segCmd64->segname[2] != 'R') || (segCmd64->segname[3] != 'E')) {
@ -2059,6 +2062,21 @@ VOID LOADER_ENTRY::Get_PreLink()
}
break;
case LC_SYMTAB:
symCmd = (struct symtab_command *)loadCommand;
// struct symtab_command {
// uint32_t cmd; /* LC_SYMTAB == 2 */
// uint32_t cmdsize; /* sizeof(struct symtab_command) */
// uint32_t symoff; /* symbol table offset */
// uint32_t nsyms; /* number of symbol table entries */
// uint32_t stroff; /* string table offset */
// uint32_t strsize; /* string table size in bytes */
// };
AddrVtable = symCmd->symoff;
SizeVtable = symCmd->nsyms;
NamesTable = symCmd->stroff;
break;
default:
break;
}
@ -2317,7 +2335,14 @@ LOADER_ENTRY::KernelAndKextPatcherInit()
is64BitKernel = FALSE;
} else if (MACH_GET_MAGIC(KernelData) == MH_MAGIC_64 || MACH_GET_MAGIC(KernelData) == MH_CIGAM_64) {
DBG_RT( "Found 64 bit kernel at 0x%llx\n", (UINTN)KernelData);
DBG_RT("text section is: %s\n", (const char*)&KernelData[0x28]);
// DBG_RT("text section is: %s\n", (const char*)&KernelData[0x28]);
KernelOffset = 0;
while (KernelOffset < KERNEL_MAX_SIZE) {
KernelOffset += 4;
if ((KernelData[KernelOffset + 0x0C] == MH_EXECUTE) && (MACH_GET_MAGIC(KernelData) == MH_MAGIC_64 )) {
break;
}
}
is64BitKernel = TRUE;
} else {
// not valid Mach-O header - exiting
@ -2328,7 +2353,7 @@ LOADER_ENTRY::KernelAndKextPatcherInit()
// find __PRELINK_TEXT and __PRELINK_INFO
Get_PreLink();
/*
for (UINTN i=0x00200000; i<0x30000000; i+=4) {
UINT32 *KD = (UINT32 *)i;
if ((KD[0] == MH_MAGIC_64) && (KD[0x0a] == 0x45545F5F)){
@ -2339,7 +2364,7 @@ LOADER_ENTRY::KernelAndKextPatcherInit()
break;
}
}
*/
if (EFI_ERROR(getVTable())) {
DBG_RT("error getting vtable: \n");
}

View File

@ -57,6 +57,7 @@ const char kDataSection[] = "__data";
#define ID_SEG_DATA_CONST 0x110f
#define ID_SEG_KLD 0x180f
#define ID_SEG_KLD2 0x1a0f
#define ID_SEG_KLD3 0x210f
const char ctor_used[] = ".constructors_used";

View File

@ -3,7 +3,7 @@
#include "DataHubCpu.h"
#ifndef DEBUG_ALL
#define KEXT_INJECT_DEBUG 0
#define KEXT_INJECT_DEBUG 2
#else
#define KEXT_INJECT_DEBUG DEBUG_ALL
#endif

View File

@ -370,6 +370,7 @@ class REFIT_ABSTRACT_MENU_ENTRY
BOOLEAN isKernelcache;
BOOLEAN is64BitKernel;
UINT32 KernelSlide;
UINT32 KernelOffset;
// notes:
// - 64bit segCmd64->vmaddr is 0xffffff80xxxxxxxx and we are taking
// only lower 32bit part into PrelinkTextAddr
@ -398,7 +399,7 @@ class REFIT_ABSTRACT_MENU_ENTRY
CustomBoot(0), KernelAndKextPatches(0), Settings(0), KernelData(0),
AddrVtable(0), SizeVtable(0), NamesTable(0), shift(0),
PatcherInited(false), gSNBEAICPUFixRequire(false), gBDWEIOPCIFixRequire(false), isKernelcache(false), is64BitKernel(false),
KernelSlide(0), PrelinkTextLoadCmdAddr(0), PrelinkTextAddr(0), PrelinkTextSize(0),
KernelSlide(0), KernelOffset(0), PrelinkTextLoadCmdAddr(0), PrelinkTextAddr(0), PrelinkTextSize(0),
PrelinkInfoLoadCmdAddr(0), PrelinkInfoAddr(0), PrelinkInfoSize(0),
KernelRelocBase(0), bootArgs1(0), bootArgs2(0), dtRoot(0), dtLength(0)
{};