void hooked(int flags, void* addr, int phymem) { // patch kernel printf("Entered hooked jump_to function!!!\n"); printf("Patching kernel\n"); patch_kernel((void*)(LOADADDR - 0x1000000), 0xA00000); printf("Replace hooking code with original\n"); if(strstr((char*) (IBOOT_BASEADDR + 0x200), "n72ap")) { memcpy(jump_to, "\xf0\xb5\x03\xaf\x04\x1c\x15\x1c", 8); } else { memcpy(jump_to, "\x80\xb5\x00\xaf\x04\x46\x15\x46", 8); } clear_icache(); jump_to++; printf("Calling %p\n", jump_to); jump_to(flags, addr, phymem); }
int kernel_cmd(int argc, CmdArg* argv) { char* action = NULL; unsigned int size = 0; unsigned int* compressed = 0; unsigned char* address = NULL; if(argc < 2) { puts("usage: kernel <load/patch/boot> [options]\n"); puts(" load <address> <size> \t\tload filesystem kernel to address\n"); puts(" patch <address> <size> \t\tpatches kernel at address in memory\n"); puts(" bootargs <string> \t\treplace current bootargs with another\n"); puts(" boot \t\tboot a loaded kernel\n"); return 0; } action = argv[1].string; size = argv[3].uinteger; address = (unsigned char*) argv[2].uinteger; if(!strcmp(action, "load")) { if(strstr((char*) (IBOOT_BASEADDR + 0x200), "k66ap")) { printf("Loading AppleTV kernelcache from %s\n", KERNEL_PATH); kernel_atv_load(KERNEL_PATH, &gKernelAddr); } else { printf("Loading kernelcache from 0x%x\n", address); kernel_load((void*) address, size, &gKernelAddr); } printf("kernelcache prepped at %p with phymem %p\n", gKernelAddr, *gKernelPhyMem); } else if(!strcmp(action, "patch")) { printf("patching kernel...\n"); if(gKernelAddr) { patch_kernel(gKernelAddr, 0xC00000); } } else if(!strcmp(action, "bootargs")) { kernel_bootargs(argc, argv); } else if(!strcmp(action, "boot")) { if(gKernelAddr) { printf("booting kernel...\n"); jump_to(3, gKernelAddr, *gKernelPhyMem); } } return 0; }