From c4357fd984d669e7521ec958b3575acca1b46c21 Mon Sep 17 00:00:00 2001
From: SergeySlice <sergey.slice@gmail.com>
Date: Wed, 29 Apr 2020 11:06:44 +0300
Subject: [PATCH] simplify kext allowing patch

Signed-off-by: SergeySlice <sergey.slice@gmail.com>
---
 MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.c |  9 +++--
 MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.h |  2 +-
 rEFIt_UEFI/Platform/kernel_patcher.cpp        | 38 ++++++++++++-------
 rEFIt_UEFI/Platform/kernel_patcher.h          | 12 +++++-
 rEFIt_UEFI/Platform/kext_inject.cpp           |  8 +++-
 5 files changed, 49 insertions(+), 20 deletions(-)

diff --git a/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.c b/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.c
index 9c2243fd3..4ab43907b 100644
--- a/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.c
+++ b/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.c
@@ -17,6 +17,7 @@
 // monitoring AlocatePages
 extern UINT32 gKernelEntry;
 
+#if NOT_USED
 typedef struct {
 	char			*segname;
 	unsigned long	vmaddr;
@@ -80,7 +81,9 @@ mySegData_t mySegData[] = { // segment, vmaddr, vmsize, filesize, adler32
             {0x72, 0x65, 0x61, 0x6c, 0x6c, 0x6f, 0x63, 0x00}
         },
 };
-int mySegDataNum = 12;
+//int mySegDataNum = 12;
+#endif
+
 //unsigned long rentry = 0x2c3db0;
 unsigned long rentryx64 = 0x2b8000;
 unsigned long rentry = 0x2b8000;
@@ -144,7 +147,7 @@ void PrintSample(unsigned char *sample, int size) {
 	}
 }
 
-
+/* never used
 EFI_STATUS
 EFIAPI
 CheckDecodedSegment (
@@ -203,7 +206,7 @@ CheckDecodedKernel (
 	Print(L"CheckDecodedKernel Status=%r\n");
 	return Status;
 }
-
+*/
 
 
 VOID
diff --git a/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.h b/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.h
index 74e1203df..c9ca7b704 100644
--- a/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.h
+++ b/MemoryFix/OsxAptioFixDrv/DecodedKernelCheck.h
@@ -9,5 +9,5 @@
 
 extern EFI_PHYSICAL_ADDRESS gRelocBase;
 
-EFI_STATUS EFIAPI CheckDecodedKernel (VOID);
+//EFI_STATUS EFIAPI CheckDecodedKernel (VOID);
 VOID EFIAPI DumpStack (UINT64 RSP);
diff --git a/rEFIt_UEFI/Platform/kernel_patcher.cpp b/rEFIt_UEFI/Platform/kernel_patcher.cpp
index c76637d67..2767cd9e7 100644
--- a/rEFIt_UEFI/Platform/kernel_patcher.cpp
+++ b/rEFIt_UEFI/Platform/kernel_patcher.cpp
@@ -85,12 +85,6 @@ UINTN searchProc(unsigned char * kernel, UINTN kernelSize, const char *procedure
   if (!procedure) {
     return 0;
   }
-  INT32 TextAdr = FindBin(kernel, 0x60, (const UINT8 *)kTextSegment, (UINT32)strlen(kTextSegment));
-  if (TextAdr == -1) {
-    TextAdr = 0x28; //ugly hack, not really needed
-  }
-  SEGMENT *TextSeg = (SEGMENT*)&kernel[TextAdr];
-  UINT64 Absolut = TextSeg->SegAddress;
   
   INT32 LinkAdr = FindBin(kernel, 0x1000, (const UINT8 *)kLinkEditSegment, (UINT32)strlen(kLinkEditSegment));
   if (LinkAdr == -1) {
@@ -102,7 +96,6 @@ UINTN searchProc(unsigned char * kernel, UINTN kernelSize, const char *procedure
   const char* Names = (const char*)(&kernel[LinkSeg->AddrNames]);
   VTABLE * vArray = (VTABLE*)(&kernel[AddrVtable]);
   //search for the name
-//  UINTN nameLen = strlen(procedure);
   size_t i;
   bool found = false;
   for (i=0; i<SizeVtable; ++i) {
@@ -115,19 +108,38 @@ UINTN searchProc(unsigned char * kernel, UINTN kernelSize, const char *procedure
   if (!found) {
     return 0;
   }
-  UINT64 procAddr = vArray[i].ProcAddr - Absolut;
-  if (vArray[i].Attr == 0x1a0f) {
-    procAddr += 0x9e000;
-  } else if (vArray[i].Attr == 0x180f ) {
-    procAddr -= 0x120000;
+  INT32 SegVAddr;
+  switch (vArray[i].Seg) {
+  case SEG_TEXT:
+    SegVAddr = FindBin(kernel, 0x60, (const UINT8 *)kTextSegment, (UINT32)strlen(kTextSegment));
+    break;
+  case SEG_DATA:
+    SegVAddr = FindBin(kernel, 0x600, (const UINT8 *)kDataSegment, (UINT32)strlen(kDataSegment));
+    break;
+  case SEG_DATA_CONST:
+    SegVAddr = FindBin(kernel, 0x1000, (const UINT8 *)kDataConstSegment, (UINT32)strlen(kDataConstSegment));
+    break;
+  case SEG_KLD:
+  case SEG_KLD2:
+    SegVAddr = FindBin(kernel, 0x1000, (const UINT8 *)kKldSegment, (UINT32)strlen(kKldSegment));
+    break;
+  default:
+ //   DBG_RT(Entry, "unknown segment %x \n", vArray[i].Seg);
+    return 0; //
   }
+  
+  SEGMENT *TextSeg = (SEGMENT*)&kernel[SegVAddr];
+  UINT64 Absolut = TextSeg->SegAddress;
+  UINT64 FileOff = TextSeg->fileoff;
+  UINT64 procAddr = vArray[i].ProcAddr - Absolut + FileOff;
+  
   UINT64 prevAddr;
   if (i == 0) {
     prevAddr = Absolut;
   } else {
     prevAddr = vArray[i-1].ProcAddr;
   }
-  *procLen = vArray[i].ProcAddr - prevAddr;
+  *procLen = vArray[i].ProcAddr - prevAddr; //never worked
   return procAddr;
 }
 
diff --git a/rEFIt_UEFI/Platform/kernel_patcher.h b/rEFIt_UEFI/Platform/kernel_patcher.h
index 47aec597b..9cab9195d 100644
--- a/rEFIt_UEFI/Platform/kernel_patcher.h
+++ b/rEFIt_UEFI/Platform/kernel_patcher.h
@@ -39,8 +39,16 @@
 #define kPrelinkInfoSegment                "__PRELINK_INFO"
 #define kPrelinkInfoSection                "__info"
 
-#define kTextSegment                       "__TEXT"
 #define kLinkEditSegment                   "__LINKEDIT"
+#define kTextSegment                       "__TEXT"
+#define SEG_TEXT                            0x010f
+#define kDataSegment                       "__DATA"
+#define SEG_DATA                            0x0f0f
+#define kDataConstSegment                   "__DATA_CONST"
+#define SEG_DATA_CONST                      0x110f
+#define kKldSegment                         "__KLD"
+#define SEG_KLD                             0x180f
+#define SEG_KLD2                            0x1a0f
 
 #define kPrelinkBundlePathKey              "_PrelinkBundlePath"
 #define kPrelinkExecutableRelativePathKey  "_PrelinkExecutableRelativePath"
@@ -76,7 +84,7 @@ typedef struct _DeviceTreeBuffer {
 
 typedef struct VTABLE {
   UINT32 NameOffset;
-  UINT32 Attr;
+  UINT32 Seg;
   UINT64 ProcAddr;
 } VTABLE;
 
diff --git a/rEFIt_UEFI/Platform/kext_inject.cpp b/rEFIt_UEFI/Platform/kext_inject.cpp
index 3b975dc81..20f4f6f08 100644
--- a/rEFIt_UEFI/Platform/kext_inject.cpp
+++ b/rEFIt_UEFI/Platform/kext_inject.cpp
@@ -954,6 +954,7 @@ VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
 		DBG_RT(Entry, "==> kernel Lion X64: %llu replaces done.\n", Num);
     } else {
       // EXT - load extra kexts besides kernelcache.
+#if OLD_EXTRA_KEXT_PATCH
       for (i = 0; i < 0x1000000; i++) {
         // 01 00 31 FF BE 14 00 05
         if (Kernel[i+0] == 0x01 && Kernel[i+1] == 0x00 && Kernel[i+2] == 0x31 &&
@@ -987,7 +988,12 @@ VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
           Kernel[patchLocation1 + i] = 0x90;
         }
       }
-            
+#else
+      UNITN procLocation = searchProc(Kernel, 0x1000000, "readStartupExtensions", 0x100);
+      const UINT8 * findJmp = {0xEB, 0x05};
+      const UINT8 * patchJmp = {0x90, 0x90};
+      applyKernPatch(Kernel+procLocation, findJmp, 2, patchJmp, "load kexts");
+#endif
       // SIP - bypass kext check by System Integrity Protection.
       for (i = 0; i < 0x1000000; i++) {
         // 45 31 FF 41 XX 01 00 00 DC 48