Jump to content

Meowthra

Meowthra

Member Since 05 Dec 2005
Offline Last Active Today, 12:35 AM
-----

Topics I've Started

Opcode Emulator (OPEMU) Plug-in Project

16 November 2017 - 11:51 AM

this is OPEMU for Lilu Plugin

 
Used for Intel Pentium / Celeron or AMD old processor expansion instruction set Emulation
 
usage:
copy Lilu.kext & OpcodeEmulator.kext To /Volumes/EFI/EFI/CLOVER/kexts/Other/
 
Boot Arguments: -lilubeta -opemubeta
 
 
 
The instruction set Emulation is not completed yet
 
 
 
 
 
UPD: 2017/11/17    FIX kernel_trap
UPD: 2017/11/18    add AVX(vpxor)/BMI2(shlx、sarx、shrx、mulx) Instruction Set
 

Webkit crash debugging

07 November 2017 - 11:21 AM

Qsy36SH.png

Process:               com.apple.WebKit.WebContent [518]
Path:                  /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
Identifier:            com.apple.WebKit.WebContent
Version:               11601 (11601.7.7)
Build Info:            WebKit2-7601007007000000~3
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           Safari [376]
User ID:               501

Date/Time:             2017-11-07 02:57:51.373 -0800
OS Version:            Mac OS X 10.11.6 (15G31)
Report Version:        11
Anonymous UUID:        0121CF6B-29A5-B8A4-32FC-818962685C38


Time Awake Since Boot: 1000 seconds

System Integrity Protection: disabled

Crashed Thread:        1  Dispatch queue: CA::CG::ParallelRenderQueue

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
Bundle controller class:
BrowserBundleController
 
Process Model:
Multiple Web Processes
 

Global Trace Buffer (reverse chronological seconds):
18446744072.594929 AppleJPEG                 	0x00007fff8a0d211c [0x7fecea910e00] Decoding completed without errors
18446744072.597885 AppleJPEG                 	0x00007fff8a0d00fc [0x7fecea910e00] Options: 1x-1 [FFFFFFFF,FFFFFFFF] 00054060
18446744072.597885 AppleJPEG                 	0x00007fff8a0cffae [0x7fecea910e00] Decoding: C0 0x02620262 0x0000304A 0x22111100 0x00000000 48093
18446744072.620670 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea944a00] Created session
18446744072.620670 AppleJPEG                 	0x00007fff8a0cfa11 [0x7fecea944a00] Releasing session
18446744072.621658 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea910e00] Created session
18446744072.621670 AppleJPEG                 	0x00007fff8a0cfa11 [0x7fecea910e00] Releasing session
18446744073.126343 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea944a00] Created session
18446744073.128712 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea94d600] Created session
18446744073.128712 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea94aa00] Created session
18446744073.130878 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea947e00] Created session
18446744073.131512 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea917200] Created session
18446744073.131802 AppleJPEG                 	0x00007fff8a0cf05e [0x7fecea910e00] Created session
0.480768     CFNetwork                 	0x00007fff86f2498f Explicitly setting CF cookie storage singleton
0.481211     CFNetwork                 	0x00007fff86f5b5d1 Explicitly setting cookie storage singleton

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff89b7bfae semaphore_wait_trap + 10
1   libsystem_platform.dylib      	0x00007fff83909ce8 _os_semaphore_wait + 16
2   libdispatch.dylib             	0x00007fff912ee994 _dispatch_barrier_sync_f_slow + 594
3   com.apple.QuartzCore          	0x00007fff8cc4ce54 CABackingStoreGetFrontTexture(CABackingStore*) + 92
4   com.apple.QuartzCore          	0x00007fff8cc5c7a6 CABackingStorePrepareFrontTexture + 54
5   com.apple.QuartzCore          	0x00007fff8cc3a6b0 CA::Layer::prepare_commit(CA::Transaction*) + 382
6   com.apple.QuartzCore          	0x00007fff8cc394ac CA::Context::commit_transaction(CA::Transaction*) + 288
7   com.apple.QuartzCore          	0x00007fff8cc390ec CA::Transaction::commit() + 508
8   com.apple.QuartzCore          	0x00007fff8cc44977 CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 71
9   com.apple.CoreFoundation      	0x00007fff97d2b067 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
10  com.apple.CoreFoundation      	0x00007fff97d2afd7 __CFRunLoopDoObservers + 391
11  com.apple.CoreFoundation      	0x00007fff97d09ef8 CFRunLoopRunSpecific + 328
12  com.apple.HIToolbox           	0x00007fff9100f935 RunCurrentEventLoopInMode + 235
13  com.apple.HIToolbox           	0x00007fff9100f76f ReceiveNextEventCommon + 432
14  com.apple.HIToolbox           	0x00007fff9100f5af _BlockUntilNextEventMatchingListInModeWithFilter + 71
15  com.apple.AppKit              	0x00007fff819efdf6 _DPSNextEvent + 1067
16  com.apple.AppKit              	0x00007fff819ef226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
17  com.apple.AppKit              	0x00007fff819e3d80 -[NSApplication run] + 682
18  com.apple.AppKit              	0x00007fff819ad368 NSApplicationMain + 1176
19  libxpc.dylib                  	0x00007fff8e088194 _xpc_objc_main + 795
20  libxpc.dylib                  	0x00007fff8e086bbe xpc_main + 494
21  com.apple.WebKit.WebContent   	0x0000000106476b4a 0x106476000 + 2890
22  libdyld.dylib                 	0x00007fff8a84c5ad start + 1

invalid user opcode (64-bit) : C4 41 19 EF E4 C5 7C 28 15 4A

 

vpxor      xmm12, xmm12, xmm12
c4 41 19 ef e4
 

 

Missing AVX / AVX2  instruction set

About gIOScreenLockState 3 .... sm 0x0 I probably know the reason

05 November 2017 - 12:02 PM

appleIntelXXXGLDriver of OSX 10.12.x/10.13.x which contains a large number of AVX2 instruction set operation code (mulx、shlx...)
 
So lead to gIOScreenLockState 3, hs 0, bs 0, now 0, sm 0x0 && black screen
 
 
View the crash log file
/Library/Logs/DiagnosticReports/WindowServer_xxxxxxxx.crash
 
com.apple.driver.AppleIntelHD5000GraphicsGLDriver 0x000000014a63357f Gen7Context::Initialize(GLDContextRec*) + 1493 (0x5D5)


com.apple.driver.AppleIntelHD5000GraphicsGLDriver 0x000000013d175f15 glrIntelPopulateComputeDeviceConfig(GLDDeviceRec*, GLDDeviceConfigRec*) + 145 (0x91)
glrIntelPopulateComputeDeviceConfig
__text:0000000000001F15                 mulx    rcx, rax, [rbp+var_30] 

Gen7Context::Initialize
__text:000000000000357F                 shlx    eax, r13d, edx
So... Processor must support AVX2 instruction set
 
Pentium / Celeron  and Haswell before the processor Should be the problem
Because these processors do not support AVX2

[HELP] GPU Restart

22 October 2017 - 03:44 AM

system log:

kernel[0]: GPU hang:
kernel[0]: Trying restart GPU ...
kernel[0]: MAIN ring is NOT waiting on an event

What is the reason ?

 

DSDT:

        Device (IGPU)
        {
            Name (_ADR, 0x00020000)
            Method (_DSM, 4, NotSerialized)
            {
                If (LEqual (Arg2, Zero)) { Return (Buffer (One) { 0x03 }) }
                Return (Package ()
                {
                    "AAPL,ig-platform-id", Buffer () { 0x03, 0x00, 0x06, 0x04 },
                    "device-id", Buffer () { 0x06, 0x04, 0x00, 0x0 },
                    "device_type", Buffer () { "display" },
                    "hda-gfx", Buffer () { "onboard-1" }
                })
            }
...
ig-platform-id Patch:
03 00 06 04 00 03 03 03 00 00 00 04 00 00 00 01 
00 00 F0 00 00 00 00 40 99 14 00 00 99 14 00 00 
00 00 00 00 00 00 00 00 00 00 08 00 00 04 00 00 
87 00 00 00 01 05 09 00 04 00 00 00 04 00 00 00 
02 04 09 00 00 08 00 00 82 00 00 00 FF 00 00 00 
01 00 00 00 40 00 00 00 04 00 00 00 00 00 07 00 
04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

 

vjVIfi8.png

Intel HD Graphics Haswell GT1 QE/CI Patch

17 October 2017 - 10:56 AM

example: Haswell-UTL GT1 0x0a06
OS: OS X Mavericks 10.9.5
 
DSDT or org.chameleon.Boot.plist EFI strings
 

device-id: 0x0412 or 0x0a26 ...
AAPL,ig-platform-id: 03 00 06 04

 

=======================================
AppleIntelFramebufferAzul Patch
=======================================
ig-platform-id Patch
 
find HEX: 00 00 06 04
 
03 00 06 04 00 03 03 03 00 00 00 04 00 00 00 01
00 00 F0 00 00 00 00 40 99 14 00 00 99 14 00 00
00 00 00 00 00 00 00 00 00 00 10 00 04 00 00 00
04 00 00 00 01 05 12 00 00 04 00 00 87 00 00 00
02 04 12 00 00 08 00 00 82 00 00 00 FF 00 01 00
01 00 00 00 40 00 00 00 04 00 00 00 00 00 07 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 

ig-platform-id
03 00 06 04 
 
eDP
04 00 00 00 04 00 00 00 
DP
00 04 00 00 87 00 00 00 
HDMI
00 08 00 00 82 00 00 00 


 
=======================================
AppleIntelHD5000Graphics Patch
=======================================
Find Functions "IntelAccelerator::probe"
 
Haswell GT3
 

__text:000000000002F461                 mov     dword ptr [r15+0CC4h], 2
__text:000000000002F46C                 mov     r14, r15

Haswell GT2
 

__text:000000000002F481                 mov     dword ptr [r15+0CC4h], 1
__text:000000000002F48C                 mov     r14, r15

Haswell GT1
 

__text:000000000002F498                 mov     dword ptr [r15+0CC4h], 0
__text:000000000002F4A3                 mov     r14, r15
__text:000000000002F21C ; __int64 __fastcall IntelAccelerator::probe(IntelAccelerator *__hidden this, IOService *, int *)
__text:000000000002F21C                 public __ZN16IntelAccelerator5probeEP9IOServicePi
__text:000000000002F21C __ZN16IntelAccelerator5probeEP9IOServicePi proc near
...

__text:000000000002F302                 cpuid
__text:000000000002F304                 mov     ecx, 35h ; '5'
__text:000000000002F309                 rdmsr                    ; read 0x35 MSR_CORE_THREAD_COUNT
__text:000000000002F30B                 shr     eax, 10h
__text:000000000002F30E                 cmp     eax, 4           ; MSR 0x35 eax=0x4000X
__text:000000000002F311                 jnz     short loc_2F320
__text:000000000002F313                 mov     dword ptr [r15+0D0Ch], 2
__text:000000000002F31E                 jmp     short loc_2F334
__text:000000000002F320 ; ---------------------------------------------------------------------------
__text:000000000002F320
__text:000000000002F320 loc_2F320:
__text:000000000002F320                 cmp     eax, 2           ; MSR 0x35 eax=0x2000X
__text:000000000002F323                 jnz     loc_2F3FC        ; Patch NOP
__text:000000000002F329                 mov     dword ptr [r15+0D0Ch], 1
__text:000000000002F334
__text:000000000002F334 loc_2F334:
__text:000000000002F334                 mov     eax, [r15+0CBCh] ; Patch JMP TO Haswell GT1
__text:000000000002F33B                 cmp     eax, 0D268085h
__text:000000000002F340                 ja      loc_2F3F0

...


Patch:

offset 0x2F323 90 90 90 90 90 90 (NOP)
offset 0x2F334 E9 5F 01 00 00 90 90 (JMP 2F498) // Haswell GT1

 
=======================================
AppleIntelHD5000GraphicsVADriver Patch
=======================================
Find text "8086h"
 
sub_1B71A
 
Haswell GT3

__text:000000000001B89A  mov     dword ptr [rbx+8DECh], 3
__text:000000000001B8A4  mov     dword ptr [rbx+8DF4h], 118h ; Threads 280

Haswell GT2

__text:000000000001B8D7  mov     dword ptr [rbx+8DECh], 1
__text:000000000001B8E1  mov     dword ptr [rbx+8DF4h], 8Ch ; Threads 140

Haswell GT1 

__text:000000000001B8F5  mov     dword ptr [rbx+8DECh], 0
__text:000000000001B8FF  mov     dword ptr [rbx+8DF4h], 46h ; Threads 70
__text:000000000001B71B                 mov     rbp, rsp
__text:000000000001B71E                 push    rbx
__text:000000000001B71F                 sub     rsp, 18h
__text:000000000001B723                 mov     rbx, rdi
__text:000000000001B726                 mov     [rbp+var_20], 0Ch
__text:000000000001B72E                 mov     [rbp+var_10], 0
__text:000000000001B735                 mov     [rbp+var_18], 0
__text:000000000001B73D                 mov     rax, [rbx+50h]
__text:000000000001B741                 mov     edi, [rax+18h]
__text:000000000001B744                 lea     r8, [rbp+var_18]
__text:000000000001B748                 lea     r9, [rbp+var_20]
__text:000000000001B74C                 mov     esi, 100h
__text:000000000001B751                 xor     edx, edx
__text:000000000001B753                 xor     ecx, ecx
__text:000000000001B755                 call    _IOConnectCallStructMethod
__text:000000000001B75A                 mov     ecx, eax
__text:000000000001B75C                 mov     eax, 0Ah
__text:000000000001B761                 test    ecx, ecx
__text:000000000001B763                 jnz     loc_1B8BE       ; JMP 1B8F5 (Haswell GT1)
__text:000000000001B769                 mov     ecx, [rbp+var_10]
__text:000000000001B76C                 cmp     ecx, 0D268085h
__text:000000000001B772                 ja      loc_1B831
__text:000000000001B778                 cmp     ecx, 0D228085h
__text:000000000001B77E                 ja      loc_1B83F
__text:000000000001B784                 cmp     ecx, 0C268085h

 
64-bit Patch:
 

offset 0x1C763 E9 8D 01 00 00 90  (JMP offset 0x1C8F5) // Haswell GT1

32-bit Patch:
 

offset 0x2324DF E9 8C 01 00 00 90 (JMP offset 0x232670) // Haswell GT1

 
=======================================
libCLVMIGILPlugin.dylib Patch
=======================================
Find Functions "loadIcbeDylib"
 
Intel HD 5000 iCBE.dylib
 

__text:00000000000032BA loc_32BA:
__text:00000000000032BA                 lea     rdi, aSystemLibrar_5 ; "/System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle/Contents/MacOS/iCBE.dylib"
__text:00000000000032C1                 jmp     loc_2F34
__text:0000000000002F02 ; __int64 __fastcall loadIcbeDylib(unsigned int)
__text:0000000000002F02 __ZL13loadIcbeDylibj proc near
__text:0000000000002F02
__text:0000000000002F02 var_18          = qword ptr -18h
__text:0000000000002F02 var_10          = qword ptr -10h
__text:0000000000002F02
__text:0000000000002F02                 push    rbp
__text:0000000000002F03                 mov     rbp, rsp
__text:0000000000002F06                 push    rbx
__text:0000000000002F07                 sub     rsp, 18h
__text:0000000000002F0B                 mov     eax, edi
__text:0000000000002F0D                 and     eax, 0FFFBFFFFh
__text:0000000000002F12                 cmp     eax, 1628086h   ; JMP 32BA (Intel HD 5000 iCBE.dylib)
__text:0000000000002F17                 jz      short loc_2F2D
__text:0000000000002F19                 cmp     edi, 1568086h
__text:0000000000002F1F                 jz      short loc_2F2D
__text:0000000000002F21                 cmp     edi, 1528086h
__text:0000000000002F27                 jnz     loc_304C

Find Functions "compileIGILToDeviceBinary"
 
Intel Haswell GPU
 

__text:0000000000005B62 loc_5B62:
__text:0000000000005B62                 mov     dword ptr [rbp+var_50], 0Eh
__text:0000000000005B69                 mov     dword ptr [rbp+var_50+8], 0Ah
__text:0000000000005B70                 mov     ecx, 0Ah
__text:0000000000005658 ; __int64 __fastcall compileIGILToDeviceBinary(const char *, unsigned __int64, const char *, unsigned __int64, unsigned int, unsigned int, unsigned int, char **, unsigned __int64 *, char **)
__text:0000000000005658 __ZL25compileIGILToDeviceBinaryPKcmS0_mjjjRPcRmS2_ proc near
__text:0000000000005658                 push    rbp
__text:0000000000005659                 mov     rbp, rsp
__text:000000000000565C                 push    r15
__text:000000000000565E                 push    r14
__text:0000000000005660                 push    r13
__text:0000000000005662                 push    r12
__text:0000000000005664                 push    rbx
__text:0000000000005665                 sub     rsp, 158h
__text:000000000000566C                 mov     [rbp+var_170], rcx
__text:0000000000005673                 mov     [rbp+var_178], rdx
__text:000000000000567A                 mov     rbx, rsi
__text:000000000000567D                 mov     r13, rdi
__text:0000000000005680                 mov     rax, cs:___stack_chk_guard_ptr
__text:0000000000005687                 mov     rax, [rax]
__text:000000000000568A                 mov     [rbp+var_30], rax
__text:000000000000568E                 mov     r12, [rbp+arg_18]
__text:0000000000005692                 mov     al, cs:__ZL39gIGILToDeviceBinaryTranslationSupported ; gIGILToDeviceBinaryTranslationSupported
__text:0000000000005698                 test    al, al
__text:000000000000569A                 jz      loc_5886        ; NOP
__text:00000000000056A0                 mov     eax, [rbp+arg_0]
__text:00000000000056A3                 xorps   xmm0, xmm0
__text:00000000000056A6                 movaps  [rbp+var_50], xmm0
__text:00000000000056AA                 mov     [rbp+var_38], 0
__text:00000000000056B1                 mov     [rbp+var_40], 0
__text:00000000000056B9                 mov     ecx, eax
__text:00000000000056BB                 and     ecx, 0FFFBFFFFh
__text:00000000000056C1                 cmp     ecx, 1628086h   ; JMP 5B62 (Intel Haswell GPU)
__text:00000000000056C7                 jz      short loc_56DB
__text:00000000000056C9                 cmp     eax, 1568086h
__text:00000000000056CE                 jz      short loc_56DB
__text:00000000000056D0                 cmp     eax, 1528086h
__text:00000000000056D5                 jnz     loc_596E

 
64-bit Patch:
 

offset 0x3F12 E9 A3 03 00 00 90 90 (JMP offset 0x42BA) // Intel HD 5000 iCBE.dylib
offset 0x66C1 E9 9C 04 00 00 90 (JMP offset 0x6B62) // Intel Haswell GPU
offset 0x669A  90 90 90 90 90 90 (NOP)

32-bit Patch:
 

offset 0x14871 E9 04 04 00 00 90 90 (JMP offset 0x14C7A) // Intel HD 5000 iCBE.dylib
offset 0x17707 E9 42 04 00 00 90 (JMP offset 0x17B4E) // Intel Haswell GPU
offset 0x176D2 90 90 90 90 90 90 (NOP)

 
Replace File:
/System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics
/System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver
/System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib

sudo rm /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo cp libCLVMIGILPlugin.dylib /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/
sudo chown 0:0 /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo chmod 755 /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo codesign -f -s - /System/Library/Frameworks/OpenCL.framework/Libraries/libCLVMIGILPlugin.dylib

sudo rm /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics
sudo cp AppleIntelHD5000Graphics /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/
sudo chown 0:0 /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics
sudo chmod 755 /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics

sudo rm /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver
sudo cp AppleIntelHD5000GraphicsVADriver /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/
sudo chown 0:0 /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver
sudo chmod 755 /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver

sudo rm -r /System/Library/Caches/*
sudo kextcache -a x86_64 -e
shutdown -r now

ud5xsFc.png

© 2017 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy