- 积分
- 2007
- 最后登录
- 2024-3-21
- 精华
- 1
- 阅读权限
- 205
- 主题
- 25
- UID
- 983256
- 帖子
- 1959
- PB币
- 7893
- 威望
- 203
- 贡献
- 3
- 技术
- 1
- 活跃
- 1181
歪樓團 - 小兵一
- UID
- 983256
- 帖子
- 1959
- PB币
- 7893
- 贡献
- 3
- 技术
- 1
- 活跃
- 1181
|
8F
发表于 2016-7-6 16:34:19
IP属地台湾
|只看该作者
口袋妖怪heart 发表于 2016-7-6 16:29
看3585的改動寫出的perl code。https://sourceforge.net/p/cloverefiboot/code/3585/
在我這他這個一點效果都沒有.我改的如下:
- //sherlocks: Sierra DP1
- UINT8 KBESieSearch[] = { 0xC3, 0x48, 0x85, 0xDB, 0x74, 0x71, 0x48, 0x8B, 0x03, 0x48, 0x89, 0xDF, 0xFF, 0x50, 0x28, 0x48 };
- UINT8 KBESieReplace[] = { 0xC3, 0x48, 0x85, 0xDB, 0xEB, 0x12, 0x48, 0x8B, 0x03, 0x48, 0x89, 0xDF, 0xFF, 0x50, 0x28, 0x48 };
- UINT8 KBESieDP2Search[] = { 0xE8, 0x25, 0x00, 0x00, 0x00, 0xEB, 0x05, 0xE8, 0x7E, 0x05, 0x00, 0x00 };
- UINT8 KBESieDP2Replace[] = { 0xE8, 0x25, 0x00, 0x00, 0x00, 0x90, 0x90, 0xE8, 0x7E, 0x05, 0x00, 0x00 };
- //
- // We can not rely on OSVersion global variable for OS version detection,
- // since in some cases it is not correct (install of ML from Lion, for example).
- // So, we'll use "brute-force" method - just try to patch.
- // Actually, we'll at least check that if we can find only one instance of code that
- // we are planning to patch.
- //
- #define KERNEL_MAX_SIZE 40000000
- VOID EFIAPI KernelBooterExtensionsPatch(IN UINT8 *Kernel, LOADER_ENTRY *Entry)
- {
-
- UINTN Num = 0;
- UINTN NumSnow_X64 = 0;
- UINTN NumSnow_i386 = 0;
- UINTN NumLion_X64 = 0;
- UINTN NumLion_i386 = 0;
- UINTN NumML = 0;
- UINTN NumYos = 0;
- UINTN NumSie = 0;
-
- DBG_RT(Entry, "\nPatching kernel for injected kexts\n");
-
- if (is64BitKernel) {
- NumLion_X64 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBELionSearch_X64, sizeof(KBELionSearch_X64));
- NumSnow_X64 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_X64, sizeof(KBESnowSearch_X64));
- NumML = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBEMLSearch, sizeof(KBEMLSearch));
- NumYos = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBEYosSearch, sizeof(KBEYosSearch));
- NumSie = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESieDP2Search, sizeof(KBESieDP2Search));
- } else {
- NumLion_i386 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBELionSearch_i386, sizeof(KBELionSearch_i386));
- NumSnow_i386 = SearchAndCount(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_i386, sizeof(KBESnowSearch_i386));
- }
-
- if (NumSnow_X64 + NumSnow_i386 + NumLion_X64 + NumLion_i386 + NumML + NumYos + NumSie > 1) {
- // more then one pattern found - we do not know what to do with it
- // and we'll skipp it
- AsciiPrint("\nERROR patching kernel for injected kexts:\nmultiple patterns found (LionX64: %d, Lioni386: %d, ML: %d) - skipping patching!\n",
- NumLion_X64, NumLion_i386, NumML);
- gBS->Stall(10000000);
- return;
- }
-
- if (NumML == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEMLSearch, sizeof(KBEMLSearch), KBEMLReplace, 1);
- DBG_RT(Entry, "==> kernel OS X64: %d replaces done.\n", Num);
- }
- else if (NumSie == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieDP2Search, sizeof(KBESieDP2Search), KBESieDP2Replace, 1) +
- SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieSearch, sizeof(KBESieSearch), KBESieReplace, 1);
- DBG_RT(Entry, "==> kernel Sierra: %d replaces done.\n", Num);
-
- }
- else if (NumYos == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEYosSearch, sizeof(KBEYosSearch), KBEYosReplace, 1) +
- SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBEECSearch, sizeof(KBEECSearch), KBEECReplace, 1) +
- /* Micky1979, was a pain to place F/R here */
- SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESieSearch, sizeof(KBESieSearch), KBESieReplace, 1);
- DBG_RT(Entry, "==> kernel Yosemite/El Capitan/Sierra(DP1): %d replaces done.\n", Num);
-
- }
- else if (NumLion_i386 == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBELionSearch_i386, sizeof(KBELionSearch_i386), KBELionReplace_i386, 1);
- DBG_RT(Entry, "==> Lion i386: %d replaces done.\n", Num);
- }
- else if (NumLion_X64 == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBELionSearch_X64, sizeof(KBELionSearch_X64), KBELionReplace_X64, 1);
- DBG_RT(Entry, "==> Lion X64: %d replaces done.\n", Num);
- }
- else if (NumSnow_X64 == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_X64, sizeof(KBESnowSearch_X64), KBESnowReplace_X64, 1);
- DBG_RT(Entry, "==> Snow X64: %d replaces done.\n", Num);
- }
- else if (NumSnow_i386 == 1) {
- Num = SearchAndReplace(Kernel, KERNEL_MAX_SIZE, KBESnowSearch_i386, sizeof(KBESnowSearch_i386), KBESnowReplace_i386, 1);
- DBG_RT(Entry, "==> Snow i386: %d replaces done.\n", Num);
- }
- else {
- DBG_RT(Entry, "==> ERROR: NOT patched - unknown kernel.\n");
- }
-
- if (Entry->KernelAndKextPatches->KPDebug) {
- DBG_RT(Entry, "Pausing 5 secs ...\n");
- gBS->Stall(5000000);
- }
- }
复制代码
|
|