Fix KernelPM Patch for 10.14.6 beta 6

Add debug line for trace
This commit is contained in:
Sherlocks 2020-03-23 22:31:04 +09:00
parent ddba966e94
commit d62ea4f7f6
2 changed files with 35 additions and 23 deletions

View File

@ -589,7 +589,9 @@ VOID KernelCPUIDPatch(UINT8* kernelData, LOADER_ENTRY *Entry)
}
}
// Credits to RehabMan for the kernel patch information
// new way by RehabMan 2017-08-13
// cleanup by Sherlocks 2020-03-23
#define CompareWithMask(x,m,c) (((x) & (m)) == (c))
BOOLEAN KernelPatchPm(VOID *kernelData, LOADER_ENTRY *Entry)
@ -599,31 +601,38 @@ BOOLEAN KernelPatchPm(VOID *kernelData, LOADER_ENTRY *Entry)
if (Ptr == NULL) {
return FALSE;
}
// Credits to RehabMan for the kernel patch information
DBG("Patching kernel power management...\n");
for (; Ptr < End; Ptr += 2) {
// check for xcpm_scope_msr common 0xe2 prologue
// e2000000 xxxx0000 00000000 00000000 xx040000 00000000
if (CompareWithMask(Ptr[0], 0xFFFF0000FFFFFFFF, 0x00000000000000e2) && 0 == Ptr[1] &&
// check for xcpm_scope_msr common 0xE2 prologue
// E2000000 XX000000 00000000 00000000 00040000 00000000
// 10.8/10.9: 02,0C,10
// E2000000 XXXX0000 00000000 00000000 0F040000 00000000
// 10.10/10.12: 0200,4C00,9001, 10.11: 0200,4C00,9013, 10.13-10.15.3: 4C00,9033,0040
// E2000000 XXXXXX00 00000000 00000000 0F040000 00000000
// 10.15.4+: 4C0000,903306,004000
// E2000000 XXXXXXXX 00000000 00000000 XX040000 00000000
// safe pattern for next macOS
if (CompareWithMask(Ptr[0], 0x00000000FFFFFFFF, 0x00000000000000E2) && 0 == Ptr[1] &&
CompareWithMask(Ptr[2], 0xFFFFFFFFFFFFFF00, 0x0000000000000400)) {
// check for last xcpm_scope_msr entry; terminates search
// example data:
// e2000000 10000000 00000000 00000000 00040000 00000000 0800007e 00000000 00000000 00000000 00000000 00000000
// or
// e2000000 90330000 00000000 00000000 0f040000 00000000 0800007e 00000000 00000000 00000000 00000000 00000000
if (0x000000007e000008 == Ptr[3] && 0 == Ptr[4] && 0 == Ptr[5]) {
// 10.8 - 10.12
// 0700001E 00000000 00000000 00000000 00000000 00000000
// 0500001E 00000000 00000000 00000000 00000000 00000000
// 0800007E 00000000 00000000 00000000 00000000 00000000
// 10.13+
// 0500001E 00000000 00000000 00000000 00000000 00000000
// 0800007E 00000000 00000000 00000000 00000000 00000000
// 0300007E 00000000 00000000 00000000 00000000 00000000
// XX00007E 00000000 00000000 00000000 00000000 00000000
if (CompareWithMask(Ptr[3], 0xFFFFFFFFFFFFFF00, 0x000000007E000000) && 0 == Ptr[4] && 0 == Ptr[5]) {
// zero out 0xE2 MSR and CPU mask
Ptr[0] = 0;
DBG("Kernel power management: LAST entry found and patched\n");
return TRUE;
}
// check for other xcpm_scope_msr entry
// example data:
// e2000000 02000000 00000000 00000000 00040000 00000000 0700001e 00000000 00000000 00000000 00000000 00000000
// e2000000 0c000000 00000000 00000000 00040000 00000000 0500001e 00000000 00000000 00000000 00000000 00000000
// or
// e2000000 4c000000 00000000 00000000 0f040000 00000000 0500001e 00000000 00000000 00000000 00000000 00000000
else if (CompareWithMask(Ptr[3], 0xFFFFFFFFFFFFFF00, 0x000000001e000000) && 0 == Ptr[4] && 0 == Ptr[5]) {
// XX00001E 00000000 00000000 00000000 00000000 00000000
} else if (CompareWithMask(Ptr[3], 0xFFFFFFFFFFFFFF00, 0x000000001E000000) && 0 == Ptr[4] && 0 == Ptr[5]) {
// zero out 0xE2 MSR and CPU mask
Ptr[0] = 0;
DBG("Kernel power management: entry found and patched\n");
@ -687,6 +696,7 @@ BOOLEAN KernelLapicPatch_64(VOID *kernelData)
//(bytes[i+4] == 0x3F || bytes[i+4] == 0x4F) && // 3F:10.10-10.12/4F:10.13+
bytes[i+5] == 0x31 && bytes[i+6] == 0xDB && bytes[i+7] == 0x8D && bytes[i+8] == 0x47 &&
bytes[i+9] == 0xFA && bytes[i+10] == 0x83) {
DBG("Found Lapic panic Base (10.10 - recent macOS)\n");
for (y = i; y < 0x1000000; y++) {
// Lapic panic patch, by vit9696
// mov eax, gs:XX
@ -738,6 +748,7 @@ BOOLEAN KernelLapicPatch_64(VOID *kernelData)
//(bytes[i+4] == 0x3F || bytes[i+4] == 0x4F) && // 3F:10.10-10.12/4F:10.13+
bytes[i+5] == 0x31 && bytes[i+6] == 0xDB && bytes[i+7] == 0x8D && bytes[i+8] == 0x47 &&
bytes[i+9] == 0xFA && bytes[i+10] == 0x83) {
DBG("Found Lapic panic master Base (10.10 - recent macOS)\n");
for (y = i; y < 0x1000000; y++) {
// Lapic panic master patch, by vit9696
// cmp cs:_debug_boot_arg, 0

View File

@ -952,6 +952,7 @@ VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
if (Kernel[i+0] == 0x01 && Kernel[i+1] == 0x00 && Kernel[i+2] == 0x31 &&
Kernel[i+3] == 0xFF && Kernel[i+4] == 0xBE && Kernel[i+5] == 0x14 &&
Kernel[i+6] == 0x00 && Kernel[i+7] == 0x05) {
DBG_RT(Entry, "==> found EXT Base (10.8 - recent macOS)\n");
for (y = i; y < 0x1000000; y++) {
// E8 XX 00 00 00 EB XX XX
if (Kernel[y+0] == 0xE8 && Kernel[y+2] == 0x00 && Kernel[y+3] == 0x00 &&
@ -987,6 +988,7 @@ VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
//(Kernel[i+4] == 0xBF || Kernel[i+4] == 0xBE) && // BF:10.11/BE:10.12+
Kernel[i+5] == 0x01 && Kernel[i+6] == 0x00 && Kernel[i+7] == 0x00 &&
Kernel[i+8] == 0xDC && Kernel[i+9] == 0x48) {
DBG_RT(Entry, "==> found SIP Base (10.11 - recent macOS)\n");
for (y = i; y < 0x1000000; y++) {
// 48 85 XX 74 XX 48 XX XX 48
if (Kernel[y+0] == 0x48 && Kernel[y+1] == 0x85 && Kernel[y+3] == 0x74 &&
@ -1042,17 +1044,16 @@ VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
// 48 83 EC 30 48 C7 45 B8 XX XX XX //21
// XX XX XX XX XX XX XX XX XX XX XX //32
// XX XX XX XX XX XX XX XX XX XX XX //43
// XX XX XX XX XX XX XX XX 31 FF BE //54
// 14 XX XX XX 31 C0 E8 XX XX FF FF //65
// XX XX XX XX XX XX XX XX XX FF XX //54
// XX XX XX XX XX XX XX XX XX FF FF //65
if (Kernel[i+0] == 0x55 && Kernel[i+1] == 0x48 && Kernel[i+2] == 0x89 &&
Kernel[i+3] == 0xE5 && Kernel[i+4] == 0x41 && Kernel[i+5] == 0x57 &&
Kernel[i+6] == 0x41 && Kernel[i+7] == 0x56 && Kernel[i+8] == 0x41 &&
Kernel[i+9] == 0x54 && Kernel[i+10] == 0x53 && Kernel[i+11] == 0x48 &&
Kernel[i+12] == 0x83 && Kernel[i+13] == 0xEC && Kernel[i+14] == 0x30 &&
Kernel[i+15] == 0x48 && Kernel[i+16] == 0xC7 && Kernel[i+17] == 0x45 &&
Kernel[i+18] == 0xB8 && Kernel[i+52] == 0x31 && Kernel[i+53] == 0xFF &&
Kernel[i+54] == 0xBE && Kernel[i+55] == 0x14 && Kernel[i+59] == 0x31 &&
Kernel[i+60] == 0xC0 && Kernel[i+61] == 0xE8 && Kernel[i+64] == 0xFF && Kernel[i+65] == 0xFF) {
Kernel[i+18] == 0xB8 && Kernel[i+53] == 0xFF && Kernel[i+64] == 0xFF && Kernel[i+65] == 0xFF) {
DBG_RT(Entry, "==> found KxldUnmap Base (10.14 - recent macOS)\n");
for (y = i; y < 0x1000000; y++) {
// 00 0F 85 XX XX 00 00 48
if (Kernel[y+0] == 0x00 && Kernel[y+1] == 0x0F && Kernel[y+2] == 0x85 &&