Jump to content

Broadcom bcm57781 - how do I patch the kext for ML 10.8.5?


92 posts in this topic

Recommended Posts

Although the BCM57781 which can be found on some of Asrock's 7 series boards is fully compatible to the BCM57765 in recent iMacs or Mac minis (with the exception that the BCM57781 lacks the integrated card reader), Apple's driver refuses to work with this chip but the driver can be easily patched in order to add support for the BCM57781. Unfortunately adding the BCM57781's ID to the drivers match list in Info.plist is not enough because it checks the NIC's device-id, subsystem-id and subsystem-vendor-id reading the corresponding registers in it's PCI configuration space in order to verify that the chip is one of the officially supported ones.

 

In principle this method should work with all members of the BCM57785 family:

  • BCM57781 = 0x16B1
  • BCM57785 = 0x16B5 
  • BCM57785X  = 0x16B5 
  • BCM57761  = 0x16B0
  • BCM57791  = 0x16B2
  • BCM57795  = 0x16B6
  • BCM57795X  = 0x16B6 ​​

 

The basic idea of this patch is to make the driver believe it's got a BCM57765 instead of a BCM57781 so that it will work with this NIC too. In order to read the registers in PCI configuration space the driver calls a subroutine which does the actual work and return the values in a certain CPU register. Therefore I located the subroutine calls in the drivers binary and replaced them with instructions that return the corresponding values of the BCM57765. That's the reason why your BCM57781 will show up as BCM57765 in System profiler.

 

Let's start with the trivial part. We have to add the BCM57781's ID ("pci14e4,16b1") to the kext's match list in it's Info.plist file in order make the driver load. Locate the following text and add the line "<string>pci14e4,16b1</string>" as shown in the code below.

<key>IONameMatch</key>
<array>
    <string>pci14e4,1684</string>
    <string>pci14e4,16b0</string>
    <string>pci14e4,16b4</string>
    <string>pci14e4,1682</string>
    <string>pci14e4,1686</string>
    <string>pci14e4,16b1</string>
</array>

Now comes the tricky part. You'll have to locate 3 instructions which call the subroutine to read the NIC's subsystem-vendor-id, subsystem-id and device-id registers in PCI configuration space and replace them with instructions that return the required values making the driver believe it's working on a BCM57765 instead of a BCM57781. Use your favorite binary editor to apply the patch. It's also possible to create a script for Clover letting the boot loader do the hard work for you. As the locations and the opcodes of the instructions to replace will probably change with every new build of the driver it virtually impossible to create a binary patch that works for different versions of the driver but with a basic understanding of x86 assembler it should be quite easy to find these 3 instructions to patch in coming releases of the driver an adapt the patch to them. The instructions below are for 10.8.3. In case you are looking for the instructions to patch the 10.8.5 driver please see post #15 (http://www.insanelymac.com/forum/topic/292117-broadcom-bcm57781-how-do-i-patch-the-kext-for-ml-1085/?p=1952049) of this thread. Of course don't forget to repair permissions after you applied the patch. Modified instructions for the latest Mavericks beta will follow soon.

 

  1. Change 
       7a8b:	ba 2c 00 00 00       	mov    $0x2c,%edx
       7a90:	e8 bb 90 ff ff       		callq  b50 <kmod_info-0x36138>
       7a95:	66 89 83 92 04 00 00 	mov    %ax,0x492(%rbx)
    

    into 

       7a8b:	ba 2c 00 00 00       	mov    $0x2c,%edx
       7a90:	b8 e4 14 00 00       	mov    $0x14e4,%eax    <--- Move the subsystem-vendor-id into AX
       7a95:	66 89 83 92 04 00 00 	mov    %ax,0x492(%rbx)
    
  2. and 
       7aa6:	ba 2e 00 00 00       	mov    $0x2e,%edx
       7aab:	e8 a0 90 ff ff       		callq  b50 <kmod_info-0x36138>
       7ab0:	66 89 83 94 04 00 00 	mov    %ax,0x494(%rbx)
    

    into 

       7aa6:	ba 2e 00 00 00       	mov    $0x2e,%edx
       7aab:	b8 b4 16 00 00       	mov    $0x16b4,%eax    <--- Move the subsystem-id into AX
       7ab0:	66 89 83 94 04 00 00 	mov    %ax,0x494(%rbx)
    
  3. as well as 
       7b24:	ba 02 00 00 00       	mov    $0x2,%edx
       7b29:	e8 22 90 ff ff       		callq  b50 <kmod_info-0x36138>
       7b2e:	66 89 83 90 04 00 00 	mov    %ax,0x490(%rbx)
    

    into 

       7b24:	ba 02 00 00 00       	mov    $0x2,%edx
       7b29:	b8 b4 16 00 00       	mov    $0x16b4,%eax    <--- Move the device-id into AX
       7b2e:	66 89 83 90 04 00 00 	mov    %ax,0x490(%rbx)
    
Edited by Mieze
  • Like 2

Here are the instructions for patching the latest 10.9 beta. They are slightly different but you'll recognize soon that the overall structure remains the same. Modifications of the driver's Info.plist are identical.

 

  1. First change 
    613b:	ba 2c 00 00 00       	mov    $0x2c,%edx
    6140:	e8 89 ad ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6145:	66 89 83 d2 04 00 00 	mov    %ax,0x4d2(%rbx)
    

    into 

    613b:	ba 2c 00 00 00       	mov    $0x2c,%edx
    6140:	b8 e4 14 00 00       	mov    $0x14e4,%eax
    6145:	66 89 83 d2 04 00 00 	mov    %ax,0x4d2(%rbx)
    
  2. and 
    6156:	ba 2e 00 00 00       	mov    $0x2e,%edx
    615b:	e8 6e ad ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6160:	66 89 83 d4 04 00 00 	mov    %ax,0x4d4(%rbx)
    

    into 

    6156:	ba 2e 00 00 00       	mov    $0x2e,%edx
    615b:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    6160:	66 89 83 d4 04 00 00 	mov    %ax,0x4d4(%rbx)
    
  3. Finally change 
    605f:	ba 02 00 00 00       	mov    $0x2,%edx
    6064:	e8 65 ae ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6069:	66 89 83 d0 04 00 00 	mov    %ax,0x4d0(%rbx)
    

    into 

    605f:	ba 02 00 00 00       	mov    $0x2,%edx
    6064:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    6069:	66 89 83 d0 04 00 00 	mov    %ax,0x4d0(%rbx)
    
  • 2 weeks later...

Hello Mieze,

 

today I finally found the time to try to do your patches but I stuck at the "tricky part". You say that ii's necessary to patch the pci configuration space. But this is the problem. Where can I find it. It tried to hexedit IONetworkingFamily and IOPCIFamiliy.kext but I can't find the correct place to edit.

Would you be so kind to show me the way to find this "pci configuration space"

 

Thanks in advance

Huberer

Hello Mieze,

 

today I finally found the time to try to do your patches but I stuck at the "tricky part". You say that ii's necessary to patch the pci configuration space. But this is the problem. Where can I find it. It tried to hexedit IONetworkingFamily and IOPCIFamiliy.kext but I can't find the correct place to edit.

Would you be so kind to show me the way to find this "pci configuration space"

 

Thanks in advance

Huberer

 

No, you don't need to patch any other kexts. What you have to do is to patch the instructions where the driver calls the functions which read the configuration registers.

 

Mieze

Sorry, but this is too high for me. Where do I find these instructions? I think I've opened every single data file within the IONetworkingFamily.kext with hexedit but can't find the right place to patch

You only have to patch these two files:

 

/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext/Contents/Info.plist

 

and

 

/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext/Contents/MacOS/AppleBCM5701Ethernet

 

 

Mieze

Thanks, I thought that these are the files to edit. But the next problem is that I don't find the strings. Either with hexfind nor with hexedit. They only show me 8 figures instead of 10 you posted above. Which binary editor do you use?

Thanks, I thought that these are the files to edit. But the next problem is that I don't find the strings. Either with hexfind nor with hexedit. They only show me 8 figures instead of 10 you posted above. Which binary editor do you use?

I use 0xED but any other hex editor should work too. By the way, which version of the driver do you try to patch?

 

Mieze

Thanks for the info. I try to patch the driver from ML 10.8.5 (before the supplemental update was released).


Just a quick feed back before I leave. I just could find the string from the third point: e8 22 90 ff ff but it's in A5A8.

The others (1st and second patch) aren't there.

Which version did you use Mieze? (OT: I have to leave - will check here again tomorrow)

@Mieze:

 

Do you have any news? I think your above mentioned describtion is not compatible with the 10.8.5 kext. See my post above.

 

The patch has been confirmed to work with 10.8.3. Before I stated that it should work with 10.8.5 too I only check the version of the kext. Maybe they have changed something without increasing the version number. I will disassemble the 10.8.5 kext from my iMac in order to verify my instructions. In case I find something new I will post an update.

 

Mieze

I'm sorry but I have to correct one of my former posts. It's true that Apple changed the Broadcom driver in 10.8.5, at least they included a new build which requires new patch instructions. Therefore you'll have to follow these instructions in order to patch 10.8.5's Broadcom driver:

 

Change

    78db:	ba 2c 00 00 00       	mov    $0x2c,%edx
    78e0:	e8 5b 92 ff ff       	callq  b40 <_kmod_info-0x363e8>
    78e5:	66 89 83 92 04 00 00 	mov    %ax,0x492(%rbx)

into

    78db:	ba 2c 00 00 00       	mov    $0x2c,%edx
    78e0:	b8 e4 14 00 00       	mov    $0x14e4,%eax
    78e5:	66 89 83 92 04 00 00 	mov    %ax,0x492(%rbx) 

and

    78f6:	ba 2e 00 00 00       	mov    $0x2e,%edx
    78fb:	e8 40 92 ff ff       	callq  b40 <_kmod_info-0x363e8>
    7900:	66 89 83 94 04 00 00 	mov    %ax,0x494(%rbx) 

into

    78f6:	ba 2e 00 00 00       	mov    $0x2e,%edx
    78fb:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    7900:	66 89 83 94 04 00 00 	mov    %ax,0x494(%rbx) 

Finally change

    7974:	ba 02 00 00 00       	mov    $0x2,%edx
    7979:	e8 c2 91 ff ff       	callq  b40 <_kmod_info-0x363e8>
    797e:	66 89 83 90 04 00 00 	mov    %ax,0x490(%rbx)

into

    7974:	ba 02 00 00 00       	mov    $0x2,%edx
    7979:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    797e:	66 89 83 90 04 00 00 	mov    %ax,0x490(%rbx)

Hi Mieze, I have a BCM57781 on my Asrock 77E-ITX which worked fine with 10.8.   I had already gathered that the locations would be different for 10.8.5 & I'm using 0xED too.  your correction above is actually identical to the original patch since in both cases, it's the middle 5 bytes that are being replaced with (mov $0x14e4,%eax) and (mov $0x16b4,%eax) twice, is that right?  Anyway applying the patch to info.plist + AppleBCM5701Ethernet binary of a virgin 10.8.5 IONetworkingFamily.kext still refuses to work.  in fact it's not even recognised in SystemInfo which is strange.  I have triple checked the files with 0xED and both addresses and contents match your last post.  Is there anything else that needs to be done?

 

Thanks for your help

Serge

Hi Mieze, I have a BCM57781 on my Asrock 77E-ITX which worked fine with 10.8.   I had already gathered that the locations would be different for 10.8.5 & I'm using 0xED too.  your correction above is actually identical to the original patch since in both cases, it's the middle 5 bytes that are being replaced with (mov $0x14e4,%eax) and (mov $0x16b4,%eax) twice, is that right?  Anyway applying the patch to info.plist + AppleBCM5701Ethernet binary of a virgin 10.8.5 IONetworkingFamily.kext still refuses to work.  in fact it's not even recognised in SystemInfo which is strange.  I have triple checked the files with 0xED and both addresses and contents match your last post.  Is there anything else that needs to be done?

 

Thanks for your help

Serge

 

If the kext doesn't load at all the Info.plist is not correct. Use "kextstat" in Terminal to verify it has been loaded. If it loads but refuses to work you'll find the reason why in your kernel logs.

 

Mieze

Thanks for the quick reply. I had switch to the old non functioning 10.8 version (169.254.xxx.xxx) which at least loads.  

 

kextstat | grep BCM

 

confirmed it, so I switched back to the 10.8.5 patched version and the same command shows that it's not loaded.  I edited a new info.plist using nano this time.  still not loading.  I'm at a loss as to why??

 

I've attached a patched copy, if it's ok.  I'd appreciate if you could have a look, to check that I'm not going blind or crazy.

Thanks in advance

 

Serge

IONetworkingFamily.kext-SRG.zip

Thanks for the quick reply. I had switch to the old non functioning 10.8 version (169.254.xxx.xxx) which at least loads.  

 

kextstat | grep BCM

 

confirmed it, so I switched back to the 10.8.5 patched version and the same command shows that it's not loaded.  I edited a new info.plist using nano this time.  still not loading.  I'm at a loss as to why??

 

I've attached a patched copy, if it's ok.  I'd appreciate if you could have a look, to check that I'm not going blind or crazy.

Thanks in advance

 

Serge

Please also post a dump of IOReg and your kernel logs.

 

Mieze

Hi Mieze

 

I'll get those together, meanwhile this may be significant:  I was trying to install my Audio drivers and a certain MB was failing the solution to which was:

 

sudo kextcache -update-volume /

 

this was failing with:

 

AppleBCM5701Ethernet.kext - no dependency found for com.apple.iokit.IOEthernetAVBController.

AppleBCM5701Ethernet.kext is missing dependencies (including anyway; dependencies may be available from elsewhere) etc.

 

quick swap to old kext fixed that, but a quick look at system logs (narrowed with ionetworking) shows the kext not loading because some files need to be 644 but are 755 also this:

 

08/10/2013 16:13:11.589 com.apple.kextd[12] Can't load /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext - failed to resolve dependencies.
08/10/2013 17:07:19.000 kernel[0] Refusing new kext com.apple.iokit.IONetworkingFamily, v3.0: a loaded copy with a different executable UUID is already present.
 
Shall I still send the full logs & ioreg dump?
Cheers
Serge

 

Shall I still send the full logs & ioreg dump?
Cheers
Serge

 

No, because your problems should be resolved my cleaning up the kernel cache and repairing the permissions.

 

Mieze

Still unsure as to how to clean up.  With the Virgin 10.8.5 IONetworkingFamily.kext patched in place, this fails:

 

sudo kextcache -system-prelinked-kernel
Kernel file /mach_kernel does not contain requested arch: i386
AppleBCM5701Ethernet.kext - no dependency found for com.apple.iokit.IOEthernetAVBController.
AppleBCM5701Ethernet.kext is missing dependencies (including anyway; dependencies may be available from elsewhere)
AppleBCM5701Ethernet.kext - no dependency found for com.apple.iokit.IOEthernetAVBController.
AppleBCM5701Ethernet.kext - no dependency found for com.apple.iokit.IOEthernetAVBController.
Prelink failed for com.apple.iokit.AppleBCM5701Ethernet; aborting prelink.
Failed to generate prelinked kernel.
 
I temporarily added the IOEthernetAVBController.kext from the old not working driver to the Patched one/Plugins, so now the enX interface comes up but with the same problem as before (169.254.xxx.xxx) This is the relevant part of the logs
 
09/10/2013 13:58:56.000 kernel[0]: AppleBCM5701Ethernet:        0        0 ReadInRom: no 2nd code header found
09/10/2013 13:58:58.000 kernel[0]: BCM5701Enet: Ethernet address bc:5f:f4:4a:28:80
09/10/2013 14:00:29.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [7949,0003,0de1,0300,0000,0000]
09/10/2013 14:00:29.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en1
09/10/2013 14:00:34.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [7949,0003,0de1,0300,0000,0000]
09/10/2013 14:00:34.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en1
09/10/2013 14:00:38.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [7949,0003,0de1,0300,0000,0000]
09/10/2013 14:00:38.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en1
09/10/2013 14:00:42.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [7949,0003,0de1,0300,0000,0000]
09/10/2013 14:00:42.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en1
09/10/2013 14:00:46.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [7949,0003,0de1,0300,0000,0000]
09/10/2013 14:00:46.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en1
09/10/2013 14:00:49.000 kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en1, 100-Megabit, Full-duplex, Symmetric flow-control, Debug [796d,0301,0de1,0300,4de1,0000]
 
is there a different procedure to clean up kernel cache with the original patched driver? I also tried Onyx before... ?
 
Cheers
Serge

 

Still unsure as to how to clean up.  With the Virgin 10.8.5 IONetworkingFamily.kext patched in place, this fails:

 

is there a different procedure to clean up kernel cache with the original patched driver? I also tried Onyx before... ?
 

 

The Apple recommended way to recreate the kernel cache in Terminal is

sudo touch /System/Library/Extensions/

This is best practice as long as you don't have any kexts installed outside of /S/L/E because "incorrect use of kextcache can render a volume incapable of startup". Please see the kextcache manpage for further information.

 

Mieze

Hi Mieze,

 

I have tried all of these methods already, having googled extensively.  There are no kexts outside of /S/L/E  and everything else is in good working order.  This is what I have tried so far:

 

sudo rm -r /System/Library/Caches/com.apple.kext.caches

 

Repair permissions:   (having deleted above caches)

     in DiskUtility

     in Kext Wizard (latest)

     in Terminal

     in Safe mode -v

     in stand alone mode -s

     While booting -f

 

sudo touch /System/Library/Extensions

 

all of the following fail the same way:

 

sudo kextcache -update-volume /

sudo kextcache -system-prelinked-kernel

 

I have removed all network entries and deleted /L/P/SC/Preferences & NetworkInterfaces.plist which got recreated on reboot.  The only thing that remains constant is the dependency on   "com.apple.iokit.IOEthernetAVBController"  for which I cannot find any useful info on the internet.  What it is? What it does? and more importantly which part of my fricking system is continuously looking for it?

 

I should also mention that my WiFi card is also Broadcom based and functions perfectly with any version of the driver.  Could something in my dsdt be the problem?

 

Thanks again

 

Serge

 

P.S.  I've just checked my DSDT source and found the following:

 

Scope (_SB.PCI0)
    {
        Device (GLAN)
        {
            Name (_ADR, 0x00190000)
            Method (_PRW, 0, NotSerialized)
            {
                Return (GPRW (0x0D, 0x04))
            }
            Method (_DSM, 4, NotSerialized)
            {
                Store (Package () {
                    "Name", Buffer (0x09) {"Ethernet"},
                    "Model", Buffer (0x12) {"Broadcom 57765-B0"},
                    "Device-id", Buffer (0x04) {0xB4, 0x16, 0x00, 0x00},
                    "Vendor-id", Buffer (0x04) {0xE4, 0x14, 0x00, 0x00},
                    "Compatible", Buffer (0x0D) {"Pci14e4, 16b4"},
                    "IOName", Buffer (0x0D) {"Pci14e4, 16b4"},
                    "IONameMatch", Buffer () {"Pci14e4"}, Buffer () {"16b4"},
                    "built-in", Buffer (One) {0x01}
                }, Local0)
                DTGP (Arg0, Arg1, Arg2, Arg3, RefOf (Local0))
                Return (Local0)
            }
        }
 
        .....
This looks about right to me if indeed it's trying to fool the driver into thinking it's a 57765.
 
Update 2:
I replaced the patched IONetworkingFamily with the original 10.8.5 one and rebooted.  No further log entries for any dependency.  So I cleaned & rebuilt the -system-prelinked-kernel & system-caches which completed without error.  Reboot (Still no Ethernet).  Replaced with the repatched version (with the only difference being 16b0 -> 16b1) plus the binary patch.  Reboot and the Dependency Errors are back again.
 
this is from the logs:
 
09/10/2013 22:32:51.000 kernel[0]: Kext com.apple.iokit.AppleBCM5701Ethernet - library kext com.apple.iokit.IOEthernetAVBController not found.
09/10/2013 22:32:51.000 kernel[0]: Can't load kext com.apple.iokit.AppleBCM5701Ethernet - failed to resolve library dependencies.
09/10/2013 22:32:51.000 kernel[0]: Kext com.apple.iokit.AppleBCM5701Ethernet failed to load (0xdc00800e).
09/10/2013 22:32:51.000 kernel[0]: Failed to load kext com.apple.iokit.AppleBCM5701Ethernet (error 0xdc00800e).
09/10/2013 22:32:51.000 kernel[0]: Couldn't alloc class "BCM5701Enet"
09/10/2013 22:32:53.744 com.apple.kextd[12]: /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext - no dependency found for com.apple.iokit.IOEthernetAVBController.
09/10/2013 22:32:53.800 com.apple.kextd[12]: Can't load /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext - failed to resolve dependencies.
09/10/2013 22:32:53.801 com.apple.kextd[12]: Load com.apple.iokit.AppleBCM5701Ethernet failed; removing personalities from kernel.
 
 Cheers
Serge

 

Here are the instructions for patching the latest 10.9 beta. They are slightly different but you'll recognize soon that the overall structure remains the same. Modifications of the driver's Info.plist are identical.

 

  1. First change 
    613b:	ba 2c 00 00 00       	mov    $0x2c,%edx
    6140:	e8 89 ad ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6145:	66 89 83 d2 04 00 00 	mov    %ax,0x4d2(%rbx)
    

    into 

    613b:	ba 2c 00 00 00       	mov    $0x2c,%edx
    6140:	b8 e4 14 00 00       	mov    $0x14e4,%eax
    6145:	66 89 83 d2 04 00 00 	mov    %ax,0x4d2(%rbx)
    
  2. and 
    6156:	ba 2e 00 00 00       	mov    $0x2e,%edx
    615b:	e8 6e ad ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6160:	66 89 83 d4 04 00 00 	mov    %ax,0x4d4(%rbx)
    

    into 

    6156:	ba 2e 00 00 00       	mov    $0x2e,%edx
    615b:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    6160:	66 89 83 d4 04 00 00 	mov    %ax,0x4d4(%rbx)
    
  3. Finally change 
    605f:	ba 02 00 00 00       	mov    $0x2,%edx
    6064:	e8 65 ae ff ff       	callq  ece <__ZN11BCM5701Enet10superClassE-0x1f20a>
    6069:	66 89 83 d0 04 00 00 	mov    %ax,0x4d0(%rbx)
    

    into 

    605f:	ba 02 00 00 00       	mov    $0x2,%edx
    6064:	b8 b4 16 00 00       	mov    $0x16b4,%eax
    6069:	66 89 83 d0 04 00 00 	mov    %ax,0x4d0(%rbx)
    

 

Hi. Sorry for my english. I try to do patch for Clover.

I understood that "replace" data is my own ID of network card?

For expl.

I have pci14e4,16b1. 

Than patch data for me is:

 

1 find e8 89 ad ff ff replace b8 e4 14 00 00

2 find e8 6e ad ff ff and replace with b8 b4 16 00 00  b8 b1 16 00 00 ?

3 find e8 65 ae ff ff replace  b8 b4 16 00 00  b8 b1 16 00 00 ?

???

×
×
  • Create New...