void hooked(int flags, void* addr, int phymem) {
// patch kernel
printf("Entered hooked jump_to function!!!\n");
printf("Patching kernel\n");
patch_kernel((void*)(LOADADDR - 0x1000000), 0xA00000);
printf("Replace hooking code with original\n");
if(strstr((char*) (IBOOT_BASEADDR + 0x200), "n72ap")) {
memcpy(jump_to, "\xf0\xb5\x03\xaf\x04\x1c\x15\x1c", 8);
} else {
memcpy(jump_to, "\x80\xb5\x00\xaf\x04\x46\x15\x46", 8);
}
clear_icache();
jump_to++;
printf("Calling %p\n", jump_to);
jump_to(flags, addr, phymem);
}
int kernel_cmd(int argc, CmdArg* argv) {
char* action = NULL;
unsigned int size = 0;
unsigned int* compressed = 0;
unsigned char* address = NULL;
if(argc < 2) {
puts("usage: kernel <load/patch/boot> [options]\n");
puts(" load <address> <size> \t\tload filesystem kernel to address\n");
puts(" patch <address> <size> \t\tpatches kernel at address in memory\n");
puts(" bootargs <string> \t\treplace current bootargs with another\n");
puts(" boot \t\tboot a loaded kernel\n");
return 0;
}
action = argv[1].string;
size = argv[3].uinteger;
address = (unsigned char*) argv[2].uinteger;
if(!strcmp(action, "load")) {
if(strstr((char*) (IBOOT_BASEADDR + 0x200), "k66ap")) {
printf("Loading AppleTV kernelcache from %s\n", KERNEL_PATH);
kernel_atv_load(KERNEL_PATH, &gKernelAddr);
} else {
printf("Loading kernelcache from 0x%x\n", address);
kernel_load((void*) address, size, &gKernelAddr);
}
printf("kernelcache prepped at %p with phymem %p\n", gKernelAddr, *gKernelPhyMem);
}
else if(!strcmp(action, "patch")) {
printf("patching kernel...\n");
if(gKernelAddr) {
patch_kernel(gKernelAddr, 0xC00000);
}
}
else if(!strcmp(action, "bootargs")) {
kernel_bootargs(argc, argv);
}
else if(!strcmp(action, "boot")) {
if(gKernelAddr) {
printf("booting kernel...\n");
jump_to(3, gKernelAddr, *gKernelPhyMem);
}
}
return 0;
}
