升級DP2,使用Clover 3585還是不能用kext inject功能的可以試試這個.

pcj

如題:
基於Clover 3585修改的.
使用Clover 3585還是不能用kext inject功能的試試吧.
我的OK.
ASUS 8H61-M LX PLUS R2.0
Intel(R) Pentium(R) CPU G645 @ 2.90GHz

附件中包含CloverX64.efi及BOOTX64.efi請自行替換.
剛剛看了一下3586已修改正確了.
所以請改用官方的3586.
我這只是應急用的.

pcj

15176580671 发表于 2016-7-6 16:22
我把驱动都放到sle下了  除了applealc偶尔会卡住以外其他都能正常使用

我是先升級後卡住,再將fakesmc.kext放至/S/L/E下還是無法加載fakesmc.kext.
所以才去改這個的.

pcj

口袋妖怪heart 发表于 2016-7-6 16:22
想知道都改動了什麼...
perl -pi -e 's|\x48\x89\xc3\x49\x8b\x04\x24\x4c\x89\xe7\x48\x85\xdb\x74\x77\x ...

不是.你這段是什麼?

pcj

口袋妖怪heart 发表于 2016-7-6 16:29
看3585的改動寫出的perl code。https://sourceforge.net/p/cloverefiboot/code/3585/

在我這他這個一點效果都沒有.我改的如下:

1. //sherlocks: Sierra DP1
   
2. UINT8 KBESieSearch[]  = { 0xC3, 0x48, 0x85, 0xDB, 0x74, 0x71, 0x48, 0x8B, 0x03, 0x48, 0x89, 0xDF, 0xFF, 0x50, 0x28, 0x48 };
   
3. UINT8 KBESieReplace[] = { 0xC3, 0x48, 0x85, 0xDB, 0xEB, 0x12, 0x48, 0x8B, 0x03, 0x48, 0x89, 0xDF, 0xFF, 0x50, 0x28, 0x48 };
   
4. 
   
5. UINT8 KBESieDP2Search[]  = { 0xE8, 0x25, 0x00, 0x00, 0x00, 0xEB, 0x05, 0xE8, 0x7E, 0x05, 0x00, 0x00 };
   
6. UINT8 KBESieDP2Replace[] = { 0xE8, 0x25, 0x00, 0x00, 0x00, 0x90, 0x90, 0xE8, 0x7E, 0x05, 0x00, 0x00 };
   
7. 
   
8. //
   
9. // We can not rely on OSVersion global variable for OS version detection,
   
10. // since in some cases it is not correct (install of ML from Lion, for example).
    
11. // So, we'll use "brute-force" method - just try to patch.
    
12. // Actually, we'll at least check that if we can find only one instance of code that
    
13. // we are planning to patch.
    
14. //
    
15. 
    
16. #define KERNEL_MAX_SIZE 40000000
    
17. VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
    
18. {
    
19.   
    
20.   UINTN   Num = 0;
    
21.   UINTN   NumSnow_X64 = 0;
    
22.   UINTN   NumSnow_i386 = 0;
    
23.   UINTN   NumLion_X64 = 0;
    
24.   UINTN   NumLion_i386 = 0;
    
25.   UINTN   NumML = 0;
    
26.   UINTN   NumYos = 0;
    
27.   UINTN   NumSie = 0;
    
28.   
    
29.   DBG_RT(Entry, "\nPatching kernel for injected kexts\n");
    
30.   
    
31.   if (is64BitKernel) {
    
32.     NumLion_X64 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBELionSearch_X64, sizeof(KBELionSearch_X64));
    
33.     NumSnow_X64 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_X64, sizeof(KBESnowSearch_X64));
    
34.     NumML  = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBEMLSearch, sizeof(KBEMLSearch));
    
35.     NumYos = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBEYosSearch, sizeof(KBEYosSearch));
    
36.     NumSie = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESieDP2Search, sizeof(KBESieDP2Search));
    
37.   } else {
    
38.     NumLion_i386 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBELionSearch_i386, sizeof(KBELionSearch_i386));
    
39.     NumSnow_i386 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_i386, sizeof(KBESnowSearch_i386));
    
40.   }
    
41.   
    
42.   if (NumSnow_X64 + NumSnow_i386 + NumLion_X64 + NumLion_i386 + NumML + NumYos + NumSie > 1) {
    
43.     // more then one pattern found - we do not know what to do with it
    
44.     // and we'll skipp it
    
45.           AsciiPrint("\nERROR patching kernel for injected kexts:\nmultiple patterns found (LionX64: %d, Lioni386: %d, ML: %d) - skipping patching!\n",
    
46.                NumLion_X64, NumLion_i386, NumML);
    
47.           gBS->Stall(10000000);
    
48.           return;
    
49.   }
    
50.   
    
51.   if (NumML == 1) {
    
52.     Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEMLSearch, sizeof(KBEMLSearch), KBEMLReplace, 1);
    
53.     DBG_RT(Entry, "==> kernel OS X64: %d replaces done.\n", Num);
    
54.   }
    
55.   else if (NumSie == 1) {
    
56.       Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieDP2Search, sizeof(KBESieDP2Search), KBESieDP2Replace, 1) +
    
57.             SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieSearch, sizeof(KBESieSearch), KBESieReplace, 1);
    
58.       DBG_RT(Entry, "==> kernel Sierra: %d replaces done.\n", Num);
    
59.       
    
60.   }
    
61.   else if (NumYos == 1) {
    
62.       Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEYosSearch, sizeof(KBEYosSearch), KBEYosReplace, 1) +
    
63.             SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEECSearch, sizeof(KBEECSearch), KBEECReplace, 1) +
    
64.             /* Micky1979, was a pain to place F/R here */
    
65.             SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieSearch, sizeof(KBESieSearch), KBESieReplace, 1);
    
66.             DBG_RT(Entry, "==> kernel Yosemite/El Capitan/Sierra(DP1): %d replaces done.\n", Num);
    
67. 
    
68.   }
    
69.   else if (NumLion_i386 == 1) {
    
70.           Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBELionSearch_i386, sizeof(KBELionSearch_i386), KBELionReplace_i386, 1);
    
71.     DBG_RT(Entry, "==> Lion i386: %d replaces done.\n", Num);
    
72.   }
    
73.   else if (NumLion_X64 == 1) {
    
74.           Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBELionSearch_X64, sizeof(KBELionSearch_X64), KBELionReplace_X64, 1);
    
75.     DBG_RT(Entry, "==> Lion X64: %d replaces done.\n", Num);
    
76.   }
    
77.   else if (NumSnow_X64 == 1) {
    
78.           Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_X64, sizeof(KBESnowSearch_X64), KBESnowReplace_X64, 1);
    
79.           DBG_RT(Entry, "==> Snow X64: %d replaces done.\n", Num);
    
80.   }
    
81.   else if (NumSnow_i386 == 1) {
    
82.           Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_i386, sizeof(KBESnowSearch_i386), KBESnowReplace_i386, 1);
    
83.     DBG_RT(Entry, "==> Snow i386: %d replaces done.\n", Num);
    
84.   }
    
85.   else {
    
86.     DBG_RT(Entry, "==> ERROR: NOT patched - unknown kernel.\n");
    
87.   }
    
88.   
    
89.   if (Entry->KernelAndKextPatches->KPDebug) {
    
90.     DBG_RT(Entry, "Pausing 5 secs ...\n");
    
91.     gBS->Stall(5000000);
    
92.   }
    
93. }

复制代码

pcj

口袋妖怪heart 发表于 2016-7-6 16:39
oops 好奇怪的現象...
要是按你的改法 那麼就是：
只不過現在沒有條件測試... 黑果要過些天才能折騰

你搞錯了.
正確的patch有兩段.
10.12 DP2
第一段是KBESieDP2Search ==> KBESieDP2Replace.
第二段是KBESieSearch ==> KBESieReplace.
10.12 DP1
第一段是KBEYosSearch ==> KBEYosReplace.
第二段是KBESieSearch ==> KBESieReplace.
10.11 是
第一段是KBEYosSearch ==> KBEYosReplace.
第二段是KBEECSearch ==> KBEECReplace.

pcj

口袋妖怪heart 发表于 2016-7-6 17:02
只討論10.12 DP2先～
那麼就是：

對的.      

pcj

口袋妖怪heart 发表于 2016-7-6 17:07
那麼或許我已經了解了，3585 slice應該只執行了他的新patch 而deprecate掉原先的patch了。
你的原理是原 ...

不是.
3585的code.要能執行patch.前提是要先搜尋到KBEYosSearch這個值.
他加了KBESieDP2Search但是還是搜尋不到KBEYosSearch這個值.
所以patch是不會執行的.
依據以前kernel的code來說. KBEYosSearch代表kernelcache加載後單獨讀取extension的部分.
KBEECSearch應該是修改讀取路徑的.
我修改的KBESieDP2Search是取代KBEYosSearch這個值的.

pcj

口袋妖怪heart 发表于 2016-7-6 17:23
看字面意味 KBEYosSearch 這個是yosemite的二進位制替換data？
我記得每個大版本都會改不同...

這段code從10.6開始一直到現在,code幾乎都一樣.
但會因為其他kernel code的變動編譯出來的16進制data可能會有所改變.
所以這個從yosemite一直到現在Sierra才有所改變.
而每個版本有變化的都是如KBEECSearch這個data.