zo0/PSFree-Enhanced-Dockerized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 900.c

Browse Source
This commit is contained in:
Al Azif
2025-06-24 04:19:56 -07:00
committed by GitHub
parent b6bccb39a9
commit 943f06ddc3
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/kpatch/900.c
View File

@@ -66,7 +66,7 @@ static inline void do_patch(void *kbase) {
disable_cr0_wp(); disable_cr0_wp();
// ChendoChap's patches from pOOBs4 // ChendoChap's patches from pOOBs4
write16(kbase, 0x626874, 0x9090); // veriPatch write16(kbase, 0x626874, 0x00eb); // veriPatch
write8(kbase, 0xacd, 0xeb); // bcopy write8(kbase, 0xacd, 0xeb); // bcopy
write8(kbase, 0x2713fd, 0xeb); // bzero write8(kbase, 0x2713fd, 0xeb); // bzero
write8(kbase, 0x271441, 0xeb); // pagezero write8(kbase, 0x271441, 0xeb); // pagezero
@@ -76,6 +76,9 @@ static inline void do_patch(void *kbase) {
write8(kbase, 0x271b5d, 0xeb); // copyinstr write8(kbase, 0x271b5d, 0xeb); // copyinstr
write8(kbase, 0x271c2d, 0xeb); // copystr write8(kbase, 0x271c2d, 0xeb); // copystr
// stop sysVeri from causing a delayed panic on suspend
write16(kbase, 0x62715f, 0x00eb);
// patch amd64_syscall() to allow calling syscalls everywhere // patch amd64_syscall() to allow calling syscalls everywhere
// struct syscall_args sa; // initialized already // struct syscall_args sa; // initialized already
// u64 code = get_u64_at_user_address(td->tf_frame-tf_rip); // u64 code = get_u64_at_user_address(td->tf_frame-tf_rip);
@@ -111,8 +114,8 @@ static inline void do_patch(void *kbase) {
// //
// sy_call() is the function that will execute the requested syscall. // sy_call() is the function that will execute the requested syscall.
write8(kbase, 0x4c2, 0xeb); write8(kbase, 0x4c2, 0xeb);
write16(kbase, 0x4b9, 0x9090); write16(kbase, 0x4b9, 0x00eb);
write16(kbase, 0x4b5, 0x9090); write16(kbase, 0x4b5, 0x00eb);
// patch sys_setuid() to allow freely changing the effective user ID // patch sys_setuid() to allow freely changing the effective user ID
// ; PRIV_CRED_SETUID = 50 // ; PRIV_CRED_SETUID = 50
@@ -131,7 +134,7 @@ static inline void do_patch(void *kbase) {
// } // }
write32(kbase, 0x80b8d, 0); write32(kbase, 0x80b8d, 0);
// TODO: Description of this patch. "prx" // TODO: Description of this patch. patch sys_dynlib_load_prx()
write16(kbase, 0x23aec4, 0xe990); write16(kbase, 0x23aec4, 0xe990);
// patch sys_dynlib_dlsym() to allow dynamic symbol resolution everywhere // patch sys_dynlib_dlsym() to allow dynamic symbol resolution everywhere