Kernel 關機/重啟修正 OPcode for AnV 版本 @ とらちよ

OPcode 修改

======================
Shutdown
======================

IOPlatformExpert::haltRestart

__text:FFFFFF80006BD100 push rbp
__text:FFFFFF80006BD101 mov rbp, rsp
__text:FFFFFF80006BD104 xor eax, eax
__text:FFFFFF80006BD106 cmp esi, 5
__text:FFFFFF80006BD109 jz short loc_FFFFFF80006BD141
__text:FFFFFF80006BD10B cmp esi, 3
__text:FFFFFF80006BD10E jnz short loc_FFFFFF80006BD114
__text:FFFFFF80006BD110 xor esi, esi
__text:FFFFFF80006BD112 jmp short loc_FFFFFF80006BD122
__text:FFFFFF80006BD114 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD114
__text:FFFFFF80006BD114 loc_FFFFFF80006BD114: ; CODE XREF: SACPIPerformShutdown(void)+Ej
__text:FFFFFF80006BD114 cmp esi, 2
__text:FFFFFF80006BD117 jnz short loc_FFFFFF80006BD122
__text:FFFFFF80006BD119 nop dword ptr [rax+00000000h]
__text:FFFFFF80006BD120
__text:FFFFFF80006BD120 loc_FFFFFF80006BD120: ; CODE XREF: SACPIPerformShutdown(void):loc_FFFFFF80006BD120j
__text:FFFFFF80006BD120 jmp short loc_FFFFFF80006BD120
__text:FFFFFF80006BD122 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD122
__text:FFFFFF80006BD122 loc_FFFFFF80006BD122: ; CODE XREF: SACPIPerformShutdown(void)+12j
__text:FFFFFF80006BD122 ; SACPIPerformShutdown(void)+17j
__text:FFFFFF80006BD122 mov eax, 0FFFFFFFFh
__text:FFFFFF80006BD127 mov rcx, cs:_PE_halt_restart
__text:FFFFFF80006BD12E test rcx, rcx
__text:FFFFFF80006BD131 jz short loc_FFFFFF80006BD141
__text:FFFFFF80006BD133 mov edi, 1
__text:FFFFFF80006BD138 cmp esi, 4
__text:FFFFFF80006BD13B cmovnz edi, esi
__text:FFFFFF80006BD13E pop rbp
__text:FFFFFF80006BD13F jmp rcx
__text:FFFFFF80006BD141 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD141
__text:FFFFFF80006BD141 loc_FFFFFF80006BD141: ; CODE XREF: SACPIPerformShutdown(void)+9j
__text:FFFFFF80006BD141 ; SACPIPerformShutdown(void)+31j
__text:FFFFFF80006BD141 pop rbp
__text:FFFFFF80006BD142 retn

复制代码

patch to 004BD100

55 48 89 E5 31 C0 83 FE 05 74 36 83 FE 03 75 04 31 F6 EB 0E 83 FE 02 75 09 0F 1F 80 00 00 00 00
EB FE B8 FF FF FF FF 48 8B 0D C2 54 24 00 48 85 C9 74 0E BF 01 00 00 00 83 FE 04 0F 45 FE 5D FF
E1 5D C3

复制代码

===============================================================================================

IODTPlatformExpert::haltRestart

__text:FFFFFF80006BD390 push rbp
__text:FFFFFF80006BD391 mov rbp, rsp
__text:FFFFFF80006BD394 push rbx
__text:FFFFFF80006BD395 push rax
__text:FFFFFF80006BD396 mov ebx, esi
__text:FFFFFF80006BD398 mov rdi, [rdi+0E0h]
__text:FFFFFF80006BD39F test rdi, rdi
__text:FFFFFF80006BD3A2 jz short loc_FFFFFF80006BD3AD
__text:FFFFFF80006BD3A4 mov rax, [rdi]
__text:FFFFFF80006BD3A7 call qword ptr [rax+8E8h]
__text:FFFFFF80006BD3AD
__text:FFFFFF80006BD3AD loc_FFFFFF80006BD3AD: ; CODE XREF: SACPIPerformReboot(void)+12j
__text:FFFFFF80006BD3AD xor eax, eax
__text:FFFFFF80006BD3AF cmp ebx, 5
__text:FFFFFF80006BD3B2 jz short loc_FFFFFF80006BD3F6
__text:FFFFFF80006BD3B4 cmp ebx, 3
__text:FFFFFF80006BD3B7 jnz short loc_FFFFFF80006BD3BD
__text:FFFFFF80006BD3B9 xor ebx, ebx
__text:FFFFFF80006BD3BB jmp short loc_FFFFFF80006BD3D2
__text:FFFFFF80006BD3BD ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD3BD
__text:FFFFFF80006BD3BD loc_FFFFFF80006BD3BD: ; CODE XREF: SACPIPerformReboot(void)+27j
__text:FFFFFF80006BD3BD cmp ebx, 2
__text:FFFFFF80006BD3C0 jnz short loc_FFFFFF80006BD3D2
__text:FFFFFF80006BD3C2 db 66h, 66h, 66h, 66h, 2Eh
__text:FFFFFF80006BD3C2 nop word ptr [rax+rax+00000000h]
__text:FFFFFF80006BD3D0
__text:FFFFFF80006BD3D0 loc_FFFFFF80006BD3D0: ; CODE XREF: SACPIPerformReboot(void):loc_FFFFFF80006BD3D0j
__text:FFFFFF80006BD3D0 jmp short loc_FFFFFF80006BD3D0
__text:FFFFFF80006BD3D2 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD3D2
__text:FFFFFF80006BD3D2 loc_FFFFFF80006BD3D2: ; CODE XREF: SACPIPerformReboot(void)+2Bj
__text:FFFFFF80006BD3D2 ; SACPIPerformReboot(void)+30j
__text:FFFFFF80006BD3D2 mov eax, 0FFFFFFFFh
__text:FFFFFF80006BD3D7 mov rcx, cs:_PE_halt_restart
__text:FFFFFF80006BD3DE test rcx, rcx
__text:FFFFFF80006BD3E1 jz short loc_FFFFFF80006BD3F6
__text:FFFFFF80006BD3E3 mov edi, 1
__text:FFFFFF80006BD3E8 cmp ebx, 4
__text:FFFFFF80006BD3EB cmovnz edi, ebx
__text:FFFFFF80006BD3EE add rsp, 8
__text:FFFFFF80006BD3F2 pop rbx
__text:FFFFFF80006BD3F3 pop rbp
__text:FFFFFF80006BD3F4 jmp rcx
__text:FFFFFF80006BD3F6 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD3F6
__text:FFFFFF80006BD3F6 loc_FFFFFF80006BD3F6: ; CODE XREF: SACPIPerformReboot(void)+22j
__text:FFFFFF80006BD3F6 ; SACPIPerformReboot(void)+51j
__text:FFFFFF80006BD3F6 add rsp, 8
__text:FFFFFF80006BD3FA pop rbx
__text:FFFFFF80006BD3FB pop rbp
__text:FFFFFF80006BD3FC retn

复制代码

patch to 004BD390

55 48 89 E5 53 50 89 F3 48 8B BF E0 00 00 00 48 85 FF 74 09 48 8B 07 FF 90 E8 08 00 00 31 C0 83
FB 05 74 42 83 FB 03 75 04 31 DB EB 15 83 FB 02 75 10 66 66 66 66 66 2E 0F 1F 84 00 00 00 00 00
EB FE B8 FF FF FF FF 48 8B 0D 12 52 24 00 48 85 C9 74 13 BF 01 00 00 00 83 FB 04 0F 45 FB 48 83
C4 08 5B 5D FF E1 48 83 C4 08 5B 5D C3

复制代码

======================
ReBoot
======================
_halt_all_cpus

__text:FFFFFF80006BD145
__text:FFFFFF80006BD145 ; Attributes: bp-based frame
__text:FFFFFF80006BD145
__text:FFFFFF80006BD145 _halt_all_cpus_0 proc near ; CODE XREF: _halt_all_cpusj
__text:FFFFFF80006BD145 push rbp
__text:FFFFFF80006BD146 mov rbp, rsp
__text:FFFFFF80006BD149 push r15
__text:FFFFFF80006BD14B push r14
__text:FFFFFF80006BD14D push rbx
__text:FFFFFF80006BD14E push rax
__text:FFFFFF80006BD14F mov r14d, edi
__text:FFFFFF80006BD152 call sub_FFFFFF80002B84F0
__text:FFFFFF80006BD157 mov r15d, eax
__text:FFFFFF80006BD15A test r15d, r15d
__text:FFFFFF80006BD15D jz short loc_FFFFFF80006BD175
__text:FFFFFF80006BD15F xor ebx, ebx
__text:FFFFFF80006BD161 nop dword ptr [rax+00h]
__text:FFFFFF80006BD165
__text:FFFFFF80006BD165 loc_FFFFFF80006BD165: ; CODE XREF: _halt_all_cpus_0+2Ej
__text:FFFFFF80006BD165 mov edi, ebx
__text:FFFFFF80006BD167 xor esi, esi
__text:FFFFFF80006BD169 call sub_FFFFFF80002EF580
__text:FFFFFF80006BD16E inc ebx
__text:FFFFFF80006BD170 cmp r15d, ebx
__text:FFFFFF80006BD173 jnz short loc_FFFFFF80006BD165
__text:FFFFFF80006BD175
__text:FFFFFF80006BD175 loc_FFFFFF80006BD175: ; CODE XREF: _halt_all_cpus_0+18j
__text:FFFFFF80006BD175 test r14d, r14d
__text:FFFFFF80006BD178 jz short loc_FFFFFF80006BD199
__text:FFFFFF80006BD17A lea rdi, aMachReboot ; "MACH Reboot\n"
__text:FFFFFF80006BD181 xor al, al
__text:FFFFFF80006BD183 call _printf
__text:FFFFFF80006BD188 mov edi, 1
__text:FFFFFF80006BD18D call _PEHaltRestart
__text:FFFFFF80006BD192 mov al, 0FEh
__text:FFFFFF80006BD194 out 64h, al ; AT Keyboard controller 8042.
__text:FFFFFF80006BD194 ; Resend the last transmission
__text:FFFFFF80006BD196 hlt
__text:FFFFFF80006BD196 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD197 db 0EBh ; ?
__text:FFFFFF80006BD198 db 1Ch
__text:FFFFFF80006BD199 ; ---------------------------------------------------------------------------
__text:FFFFFF80006BD199
__text:FFFFFF80006BD199 loc_FFFFFF80006BD199: ; CODE XREF: _halt_all_cpus_0+33j
__text:FFFFFF80006BD199 lea rdi, aCpuHalted ; "CPU halted\n"
__text:FFFFFF80006BD1A0 xor al, al
__text:FFFFFF80006BD1A2 call _printf
__text:FFFFFF80006BD1A7 xor edi, edi
__text:FFFFFF80006BD1A9 call _PEHaltRestart
__text:FFFFFF80006BD1AE nop dword ptr [rax+00000000h]
__text:FFFFFF80006BD1B5
__text:FFFFFF80006BD1B5 loc_FFFFFF80006BD1B5: ; CODE XREF: _halt_all_cpus_0:loc_FFFFFF80006BD1B5j
__text:FFFFFF80006BD1B5 jmp short loc_FFFFFF80006BD1B5
__text:FFFFFF80006BD1B5 _halt_all_cpus_0 endp
__text:FFFFFF80006BD1B5

复制代码

patch to 004BD145

55 48 89 E5 41 57 41 56 53 50 41 89 FE E8 99 B3 BF FF 41 89 C7 45 85 FF 74 16 31 DB 0F 1F 40 00
89 DF 31 F6 E8 12 24 C3 FF FF C3 41 39 DF 75 F0 45 85 F6 74 1F 48 8D 3D B3 3D 05 00 30 C0 E8 C8
33 B7 FF BF 01 00 00 00 E8 BE 0E 00 00 B0 FE E6 64 F4 EB 1C 48 8D 3D A1 3D 05 00 30 C0 E8 A9 33
B7 FF 31 FF E8 A2 0E 00 00 0F 1F 80 00 00 00 00 EB FE 66 66 66 66 66 2E 0F 1F 84 00

复制代码

Mac

虎千代

とらちよ - 小猛虎俱樂部

虎千代發表在痞客邦留言(0) 人氣()

E-mail轉寄

とらちよ - 小猛虎俱樂部

歡迎光臨小猛虎的小天地

Kernel 關機/重啟修正 OPcode for AnV 版本

歷史上的今天

留言列表

站方公告

活動快報

解饞救...

我的好友

熱門文章

文章分類

最新文章

最新留言

動態訂閱

文章精選

文章搜尋

新聞交換(RSS)

誰來我家

參觀人氣

QR Code

POWERED BY

とらちよ - 小猛虎俱樂部

歡迎光臨小猛虎的小天地

Kernel 關機/重啟 修正 OPcode for AnV 版本

歷史上的今天

留言列表

站方公告

活動快報

解饞救...

我的好友

熱門文章

文章分類

最新文章

最新留言

動態訂閱

文章精選

文章搜尋

新聞交換(RSS)

誰來我家

參觀人氣

QR Code

POWERED BY

Kernel 關機/重啟修正 OPcode for AnV 版本