Jump to content
9 posts in this topic

Recommended Posts

I fixed issues with the hd3000 driver in 10.14 by using 10.13 kexts but got some kp

 

so i tested with 10.11 opengl and got it working but need to remove capri/azul kexts and AppleIntelHD3000GraphicsGA.plugin

 

 

so depending on your card u can get it partial workig by removig this plugins.

 

attaching the gen6 opengl bundle i'm using

 

update: the gl bundle doesnt load full it is crashing on opengl context init. this can be tested if u manage to have a working framebuffer that boots into os x desktop screen.

 

AppleIntelHD3000GraphicsGLDriver.bundle.zip

 

while trying to enable opengl in 10.14 i instaled packages from 10.13 that might prevent the gl bunde from loading. atm i'm checking coregraphics framework

__int64 CGXInitializeGL()
{
  __int64 v0; // r12
  __int64 *v1; // rbx
  __int64 v2; // r15
  unsigned __int64 v3; // r13
  __int64 v4; // r14
  unsigned __int64 v5; // r12
  char v6; // al
  int v7; // ecx
  unsigned __int64 v8; // r13
  char *v9; // r15
  signed int v10; // er14
  void *v11; // rax
  void *v12; // rax
  void (__fastcall *v13)(__int64, __int64, _QWORD, _QWORD, _QWORD, _QWORD); // ST20_8
  __int64 v14; // rbx
  void *v15; // rax
  __int64 v16; // rbx
  signed int v17; // eax
  __int64 v18; // rbx
  void *v19; // rdi
  void (__fastcall *v20)(void *, const char *); // rax
  void *v21; // rdi
  __int64 v22; // rdx
  const char *v23; // rdi
  unsigned __int64 v24; // r14
  _DWORD *v25; // r15
  __int64 v26; // r13
  unsigned __int64 v27; // r9
  signed __int64 v28; // r12
  unsigned __int64 v29; // rbx
  int v30; // eax
  __int64 i; // rbx
  __int64 v32; // rax
  int v33; // ecx
  _DWORD *v34; // rcx
  unsigned __int64 v35; // rdx
  void *v36; // rdi
  unsigned __int64 v37; // r15
  _DWORD *v38; // rax
  signed __int64 v39; // rax
  __int64 v40; // rcx
  signed __int64 *v41; // r8
  __int64 v42; // rsi
  int v43; // edx
  signed __int64 v44; // rdi
  int v45; // edx
  int v46; // ecx
  signed __int64 v47; // rdx
  signed __int64 v48; // rsi
  signed __int64 v49; // rdx
  __int64 v50; // rcx
  signed __int64 v51; // rax
  signed __int64 v52; // rcx
  __int64 result; // rax
  _QWORD *v54; // rbx
  unsigned __int64 v55; // r12
  __int64 v56; // rax
  __int64 v57; // r8
  __int64 v58; // rcx
  size_t v59; // r12
  void *v60; // rax
  unsigned __int64 v61; // [rsp+20h] [rbp-290h]
  unsigned __int64 v62; // [rsp+28h] [rbp-288h]
  __int64 v63; // [rsp+30h] [rbp-280h]
  int v64; // [rsp+38h] [rbp-278h]
  int v65; // [rsp+3Ch] [rbp-274h]
  __int64 v66; // [rsp+40h] [rbp-270h]
  __int64 v67; // [rsp+48h] [rbp-268h]
  __int64 v68; // [rsp+50h] [rbp-260h]
  char v69; // [rsp+DFh] [rbp-1D1h]
  __int128 v70; // [rsp+E0h] [rbp-1D0h]
  __int128 v71; // [rsp+F0h] [rbp-1C0h]
  __int128 v72; // [rsp+100h] [rbp-1B0h]
  __int128 v73; // [rsp+110h] [rbp-1A0h]
  __int128 v74; // [rsp+120h] [rbp-190h]
  __int128 v75; // [rsp+130h] [rbp-180h]
  __int128 v76; // [rsp+140h] [rbp-170h]
  __int128 v77; // [rsp+150h] [rbp-160h]
  __int128 v78; // [rsp+160h] [rbp-150h]
  __int128 v79; // [rsp+170h] [rbp-140h]
  __int128 v80; // [rsp+180h] [rbp-130h]
  __int128 v81; // [rsp+190h] [rbp-120h]
  __int128 v82; // [rsp+1A0h] [rbp-110h]
  __int128 v83; // [rsp+1B0h] [rbp-100h]
  __int128 v84; // [rsp+1C0h] [rbp-F0h]
  __int128 v85; // [rsp+1D0h] [rbp-E0h]
  __int128 v86; // [rsp+1E0h] [rbp-D0h]
  __int128 v87; // [rsp+1F0h] [rbp-C0h]
  __int128 v88; // [rsp+200h] [rbp-B0h]
  __int128 v89; // [rsp+210h] [rbp-A0h]
  __int128 v90; // [rsp+220h] [rbp-90h]
  __int128 v91; // [rsp+230h] [rbp-80h]
  __int128 v92; // [rsp+240h] [rbp-70h]
  __int128 v93; // [rsp+250h] [rbp-60h]
  __int128 v94; // [rsp+260h] [rbp-50h]
  __int128 v95; // [rsp+270h] [rbp-40h]
  __int64 v96; // [rsp+280h] [rbp-30h]
  unsigned __int64 retaddr; // [rsp+2B8h] [rbp+8h]

  v0 = __stack_chk_guard;
  _glInitalizeOK = 1;
  v95 = 0LL;
  v94 = 0LL;
  v93 = 0LL;
  v92 = 0LL;
  v91 = 0LL;
  v90 = 0LL;
  v89 = 0LL;
  v88 = 0LL;
  v87 = 0LL;
  v86 = 0LL;
  v85 = 0LL;
  v84 = 0LL;
  v83 = 0LL;
  v82 = 0LL;
  v81 = 0LL;
  v80 = 0LL;
  v79 = 0LL;
  v78 = 0LL;
  v77 = 0LL;
  v76 = 0LL;
  v75 = 0LL;
  v74 = 0LL;
  v73 = 0LL;
  v72 = 0LL;
  v71 = 0LL;
  v70 = 0LL;
  v66 = 0LL;
  CGXSetServerOperationState(18LL, 0LL);
  CGXSetServerOperationState(7LL, 0LL);
  CGXSetServerOperationState(15LL, 0LL);
  if ( _glInitalizeOK != 1 || gServerRunningInSafeMode )
    goto LABEL_115;
  if ( glContexts && (_UNKNOWN *)glContexts != &glContextNone )
    free((void *)glContexts);
  glContextCount = 0LL;
  glContexts = (__int64)&glContextNone;
  v1 = (__int64 *)gWSDeviceList;
  v2 = 0LL;
  v3 = 0LL;
  if ( !gWSDeviceList )
    goto LABEL_39;
  do
  {
    v4 = *(unsigned int *)(v1[2] + 328);
    v5 = 1LL;
    do
    {
      v65 = 0;
      v64 = 0;
      if ( _bittest64(&v4, (unsigned int)(v5 - 1)) )
      {
        v6 = 0;
        v7 = 0;
        if ( v1 )
        {
          (*(void (__fastcall **)(__int64 *, _QWORD, int *, int *))(v1[1] + 320))(
            v1,
            (unsigned int)(v5 - 1),
            &v65,
            &v64);
          v7 = v65;
          v6 = v64;
        }
        *((_QWORD *)&v79 + v5 + 1) = v1;
        *((_DWORD *)&v71 + v5 + 3) = v7;
        *(&v69 + v5) = v6;
        if ( v7 )
        {
          v2 += (*(_DWORD *)(v1[2] + 268) >> 8) & 1;
          if ( v5 > v3 )
            v3 = v5;
        }
      }
      ++v5;
    }
    while ( v5 != 33 );
    if ( !v1 )
      v1 = &gWSDeviceList;
    v1 = (__int64 *)*v1;
  }
  while ( v1 );
  if ( !v3 )
  {
    v0 = __stack_chk_guard;
    goto LABEL_39;
  }
  v0 = __stack_chk_guard;
  if ( !v2 )
  {
LABEL_39:
    CGSLogMessage("%s: dev counts are zero (%zu, %zu) - disabling OpenGL", "initialize_display_context", v3);
    goto LABEL_115;
  }
  v62 = v3;
  v8 = sCGXCurrentUserCredentials;
  CGXRestoreCredentials(0x5000000000uLL);
  v9 = (char *)_cgls_plugin;
  if ( !_cgls_plugin )
  {
    v9 = (char *)calloc(1uLL, 0x68uLL);
    _cgls_plugin = (__int64)v9;
  }
  v10 = 10007;
  if ( !*(_DWORD *)v9 )
  {
    _cgls_max_displays = 0;
    if ( _cgls_services )
    {
      free((void *)_cgls_services);
      _cgls_services = 0LL;
    }
    if ( _cgls_fbindices )
    {
      free((void *)_cgls_fbindices);
      _cgls_fbindices = 0LL;
    }
    if ( !(_DWORD)v62 )
      goto LABEL_133;
    if ( !(unsigned int)stat_INODE64(
                          "/System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine",
                          &v68) )
    {
      v11 = dlopen("/System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine", 5);
      *((_QWORD *)v9 + 1) = v11;
      if ( v11 )
      {
        v12 = dlsym(v11, "gliInitializeLibrary");
        if ( v12 )
        {
          v13 = (void (__fastcall *)(__int64, __int64, _QWORD, _QWORD, _QWORD, _QWORD))v12;
          _cgls_max_displays = v62;
          _cgls_services = (__int64)malloc(4LL * (unsigned int)v62);
          memcpy((void *)_cgls_services, &v72, 4LL * (unsigned int)v62);
          _cgls_fbindices = (__int64)malloc((unsigned int)v62);
          memcpy((void *)_cgls_fbindices, &v70, (unsigned int)v62);
          LODWORD(retaddr) = 0;
          v14 = 0LL;
          v13(_cgls_services, _cgls_fbindices, (unsigned int)_cgls_max_displays, 0LL, 0LL, 0LL);
          while ( 1 )
          {
            v15 = dlsym(*((void **)v9 + 1), *(const char **)((char *)&_cgls_gli_names + v14));
            *(_QWORD *)&v9[v14 + 16] = v15;
            if ( !v15 )
              break;
            v14 += 8LL;
            if ( (_DWORD)v14 == 80 )
            {
              if ( !(*((unsigned __int8 (__fastcall **)(char *, __int64 *, char *))v9 + 11))((char *)&v67 + 4, &v67, v9)
                || v67 != 8589934595LL )
              {
                break;
              }
              v16 = v0;
              if ( (*((unsigned int (__fastcall **)(_QWORD, signed __int64, int *))v9 + 10))(
                     0LL,
                     224LL,
                     &_cgls_gli_dispatch_size) )
              {
                _cgls_gli_dispatch_size = 7792;
                v17 = 7792;
              }
              else
              {
                v17 = _cgls_gli_dispatch_size;
              }
              v59 = v17;
              *((_QWORD *)v9 + 12) = calloc(1uLL, v17);
              if ( (unsigned int)v59 < 0x2001 )
                v60 = &_cgls_dummy_disp_const;
              else
                v60 = calloc(1uLL, v59);
              v0 = v16;
              _cgls_dummy_disp = (__int64)v60;
              v10 = 0;
              goto LABEL_56;
            }
          }
        }
      }
    }
    v18 = _cgls_plugin;
    v10 = 10015;
    if ( _cgls_plugin && *(_DWORD *)_cgls_plugin )
    {
      v19 = *(void **)(_cgls_plugin + 8);
      if ( v19 )
      {
        v20 = (void (__fastcall *)(void *, const char *))dlsym(v19, "gliTerminateLibrary");
        if ( v20 )
          v20(v19, "gliTerminateLibrary");
        dlclose(*(void **)(v18 + 8));
        *(_QWORD *)(v18 + 8) = 0LL;
      }
      v21 = *(void **)(v18 + 96);
      if ( v21 )
      {
        free(v21);
        *(_QWORD *)(v18 + 96) = 0LL;
      }
      if ( _cgls_dummy_disp )
      {
        if ( (_UNKNOWN *)_cgls_dummy_disp != &_cgls_dummy_disp_const )
          free((void *)_cgls_dummy_disp);
        _cgls_dummy_disp = 0LL;
      }
      *(_QWORD *)(v18 + 96) = 0LL;
      *(_QWORD *)(v18 + 88) = 0LL;
      *(_QWORD *)(v18 + 80) = 0LL;
      *(_QWORD *)(v18 + 72) = 0LL;
      *(_QWORD *)(v18 + 64) = 0LL;
      *(_QWORD *)(v18 + 56) = 0LL;
      *(_QWORD *)(v18 + 48) = 0LL;
      *(_QWORD *)(v18 + 40) = 0LL;
      *(_QWORD *)(v18 + 32) = 0LL;
      *(_QWORD *)(v18 + 24) = 0LL;
      *(_QWORD *)(v18 + 16) = 0LL;
      *(_QWORD *)(v18 + 8) = 0LL;
      *(_QWORD *)v18 = 0LL;
      _cgls_max_displays = 0;
      if ( _cgls_services )
      {
        free((void *)_cgls_services);
        _cgls_services = 0LL;
      }
      if ( _cgls_fbindices )
      {
        free((void *)_cgls_fbindices);
        _cgls_fbindices = 0LL;
      }
    }
  }
LABEL_56:
  CGXRestoreCredentials(v8);
  if ( v10 )
  {
    v23 = "%s: gl initialization failed - disabling OpenGL";
LABEL_114:
    CGSLogMessage(v23, "initialize_display_context", v22);
    goto LABEL_115;
  }
  if ( !_cgls_plugin
    || !*(_DWORD *)_cgls_plugin
    || (v24 = 0LL,
        (*(unsigned int (__fastcall **)(__int64 *, void *))(_cgls_plugin + 16))(
          &v66,
          &initialize_display_context_attribs))
    || !v66 )
  {
    v23 = "%s: pixel format selection failed - disabling OpenGL";
    goto LABEL_114;
  }
  v25 = 0LL;
  v61 = 0LL;
  v26 = 0LL;
  v27 = v62;
  do
  {
    v63 = 0LL;
    v28 = 1LL << v26;
    if ( _cgls_plugin && *(_DWORD *)_cgls_plugin )
    {
      v29 = v27;
      if ( (*(unsigned int (__fastcall **)(__int64 *, _QWORD))(_cgls_plugin + 32))(&v63, (unsigned int)v28) )
        goto LABEL_100;
      v27 = v29;
      if ( v63 )
      {
        if ( *((_DWORD *)&v72 + v26) )
        {
          v30 = *(_DWORD *)(*(_QWORD *)(*((_QWORD *)&v80 + v26) + 16LL) + 268LL);
          if ( v30 & 0x100 )
          {
            for ( i = v66; i; i = *(_QWORD *)i )
            {
              v32 = *(unsigned int *)(i + 52);
              if ( v32 & v28 )
              {
                if ( *(_WORD *)(i + 12) & 0x101 )
                {
                  v33 = *(_DWORD *)(i + 20);
                  if ( (v33 == 0x4000 || v33 == 0x8000)
                    && *(_DWORD *)(i + 28) == 1
                    && *(_DWORD *)(i + 32) == 1
                    && !*(_WORD *)(i + 38) )
                  {
                    if ( v24 )
                    {
                      v34 = v25 + 41;
                      v35 = 0LL;
                      while ( !((unsigned int)v32 & *v34) || *(v34 - 11) != *(_DWORD *)(i + 8) )
                      {
                        ++v35;
                        v34 += 42;
                        if ( v35 >= v24 )
                          goto LABEL_82;
                      }
                      *(_QWORD *)(v34 - 35) |= v28;
                    }
                    else
                    {
LABEL_82:
                      if ( v24 >= v61 )
                      {
                        v61 += 8LL;
                        v36 = v25;
                        v37 = v27;
                        v38 = realloc(v36, 168 * v61);
                        v27 = v37;
                        v25 = v38;
                      }
                      v39 = 42 * v24;
                      *(_QWORD *)&v25[v39] = 0LL;
                      *(_QWORD *)&v25[v39 + 2] = v24;
                      *(_QWORD *)&v25[v39 + 4] = v26;
                      *(_QWORD *)&v25[v39 + 6] = v28;
                      v40 = v63;
                      *(_QWORD *)&v25[v39 + 8] = (unsigned int)(*(_DWORD *)(v63 + 76) << 20);
                      BYTE1(v25[v39 + 26]) = 0;
                      *(_QWORD *)&v25[v39 + 24] = 0LL;
                      *(_QWORD *)&v25[v39 + 22] = 0LL;
                      *(_QWORD *)&v25[v39 + 20] = 0LL;
                      *(_QWORD *)&v25[v39 + 18] = 0LL;
                      *(_QWORD *)&v25[v39 + 16] = 0LL;
                      v25[v39 + 10] = *((_DWORD *)&v72 + v26);
                      v41 = (signed __int64 *)&v25[42 * v24 + 12];
                      *(_QWORD *)&v25[v39 + 12] = 0LL;
                      v42 = *(_QWORD *)(*((_QWORD *)&v80 + v26) + 16LL);
                      v43 = *(_DWORD *)(v42 + 268);
                      v44 = 4LL;
                      if ( v43 & 0x100 )
                      {
                        *v41 = 1LL;
                        v44 = 5LL;
                      }
                      v45 = *(_DWORD *)(v42 + 268);
                      if ( v45 & 0x400 )
                        *v41 = v44;
                      v46 = *(_DWORD *)(v40 + 20);
                      v47 = 48LL;
                      if ( !(v46 & 0xC00000) )
                        v47 = 16LL;
                      v48 = v47 | 0x80;
                      if ( !(v46 & 0x3000000) )
                        v48 = v47;
                      v49 = v48 | 0x40;
                      if ( !(v46 & 0xC000000) )
                        v49 = v48;
                      *(_QWORD *)&v25[v39 + 14] = v49;
                      *(_QWORD *)&v25[v39 + 40] = *(_QWORD *)(i + 48);
                      *(_QWORD *)&v25[v39 + 38] = *(_QWORD *)(i + 40);
                      *(_QWORD *)&v25[v39 + 36] = *(_QWORD *)(i + 32);
                      *(_QWORD *)&v25[v39 + 34] = *(_QWORD *)(i + 24);
                      *(_QWORD *)&v25[v39 + 32] = *(_QWORD *)(i + 16);
                      v50 = *(_QWORD *)i;
                      *(_QWORD *)&v25[v39 + 30] = *(_QWORD *)(i + 8);
                      *(_QWORD *)&v25[v39 + 28] = v50;
                      *(_QWORD *)&v25[v39 + 28] = 0LL;
                      ++v24;
                    }
                  }
                }
              }
            }
          }
        }
        if ( _cgls_plugin )
        {
          v29 = v27;
          if ( *(_DWORD *)_cgls_plugin )
            (*(void (**)(void))(_cgls_plugin + 40))();
LABEL_100:
          v27 = v29;
          goto LABEL_101;
        }
      }
    }
LABEL_101:
    ++v26;
  }
  while ( v26 != v27 );
  if ( _cgls_plugin && *(_DWORD *)_cgls_plugin )
    (*(void (__fastcall **)(__int64))(_cgls_plugin + 24))(v66);
  if ( v24 >= 2 )
  {
    v51 = v24 - 1;
    v52 = (signed __int64)(v25 + 70);
    do
    {
      *(_QWORD *)(v52 - 168) = v52;
      v52 += 168LL;
      --v51;
    }
    while ( v51 );
  }
  v0 = __stack_chk_guard;
  if ( v24 && !(unsigned int)cglsCreateContext(&_cglsContext, v25 + 28, 0LL) )
  {
    _cglsPixelFormats = (__int64)(v25 + 28);
    glContexts = (__int64)v25;
    v55 = v24;
    do
    {
      v56 = *((_QWORD *)v25 + 6);
      *(_QWORD *)v25 = _cglsContext;
      v57 = *((_QWORD *)v25 + 2);
      v58 = (unsigned int)v25[10];
      retaddr = (unsigned __int64)(*((_QWORD *)v25 + 4) + 0xFFFFFLL) >> 20;
      CGSLogMessage(
        "GLCompositor: GL renderer id 0x%08lx, GL mask 0x%08lx, accelerator 0x%08lx, unit %ld%s, vram %ld MB",
        (unsigned int)v25[30],
        *((_QWORD *)v25 + 3));
      if ( !(unsigned int)cglsAttachDrawable(_cglsContext, 0LL, 0LL, (unsigned int)v25[2]) )
        _CGXGLDisplayContextInformation(v25);
      v25 += 42;
      --v55;
    }
    while ( v55 );
    glContextCount = v24;
    CGXSetServerOperationState(7LL, 1LL);
    v0 = __stack_chk_guard;
    if ( _cglsContext )
    {
      CGXSetServerOperationState(18LL, 1LL);
      if ( _cglsContext )
        CGXSetServerOperationState(15LL, 1LL);
    }
  }
  else
  {
    if ( v25 )
      free(v25);
    CGSLogMessage(
      "%s: no used index (%zu) or context creation failed - disabling OpenGL",
      "initialize_display_context",
      v24);
  }
LABEL_115:
  CGXGLCompositorSetTileSize(256LL, 256LL);
  gCGXGLMipMap = 0;
  result = CGSLogMessage("%s: mip map mode is %s", "CGXGLInitMipMap", "on");
  v54 = (_QWORD *)_cglsContext;
  if ( _cglsContext )
  {
    result = (*(__int64 (__fastcall **)(_QWORD, signed __int64))(_cglsContext + 512))(*(_QWORD *)_cglsContext, 2929LL);
    if ( !gamma_texture )
    {
      ((void (__fastcall *)(_QWORD, signed __int64, int *))v54[99])(*v54, 1LL, &gamma_texture);
      ((void (__fastcall *)(_QWORD, signed __int64, _QWORD))v54[6])(*v54, 3553LL, (unsigned int)gamma_texture);
      ((void (__fastcall *)(_QWORD, signed __int64, signed __int64, signed __int64))v54[305])(
        *v54,
        3553LL,
        34236LL,
        34238LL);
      ((void (__fastcall *)(_QWORD, signed __int64, _QWORD))v54[196])(*v54, 3312LL, 0LL);
      ((void (__fastcall *)(_QWORD, signed __int64, signed __int64))v54[196])(*v54, 3314LL, 1024LL);
      ((void (__fastcall *)(_QWORD, signed __int64, _QWORD))v54[196])(*v54, 3315LL, 0LL);
      ((void (__fastcall *)(_QWORD, signed __int64, _QWORD))v54[196])(*v54, 3316LL, 0LL);
      ((void (__fastcall *)(_QWORD, signed __int64, signed __int64, signed __int64))v54[305])(
        *v54,
        3553LL,
        10241LL,
        9729LL);
      ((void (__fastcall *)(_QWORD, signed __int64, signed __int64, signed __int64))v54[305])(
        *v54,
        3553LL,
        10242LL,
        33071LL);
      ((void (__fastcall *)(_QWORD, signed __int64, signed __int64, signed __int64))v54[305])(
        *v54,
        3553LL,
        10243LL,
        33071LL);
      LODWORD(retaddr) = 0;
      ((void (__fastcall *)(_QWORD, signed __int64, _QWORD, signed __int64, signed __int64, signed __int64))v54[302])(
        *v54,
        3553LL,
        0LL,
        32834LL,
        1024LL,
        32LL);
      result = ((__int64 (__fastcall *)(_QWORD, signed __int64, _QWORD, _QWORD, const char *))v54[815])(
                 *v54,
                 5890LL,
                 (unsigned int)gamma_texture,
                 0LL,
                 "gamma texture");
    }
    gColorConversionCache = 0LL;
    dword_12B285C = 3;
  }
  if ( v0 != v96 )
LABEL_133:
    abort();
  return result;
}

disabling AppleIntelSNBVA.bundle fixed the hang error while loading AppleIntelHD3000 kexts/bundle

the conflct in AppleIntelFramebufferCapri.kext was caused by wrong IMEI (easy to fix in clover)

the vram patch i'm using in AppleIntelSNBGraphicsFB.kext doesnt seem to work.  i'll try check the code since my bios can't be easily changed.

 

also checking AppleIntelSNBGraphicsFB::start , AppleIntelSNBGraphicsFB::initStolenMemory and PAVPSandyBridge::reportConnectionStatus

 

got it loading after cache clean (no need to remove kexts/bundles). this log lines:

 

WindowServer[130]: GLCompositor: GL renderer id 0x01024301, GL mask 0x0000000f, accelerator 0x000043db, unit 0, caps QEX|MIPMAP, vram 1091 MB

WindowServer[130]: GLCompositor: GL renderer id 0x01024301, GL mask 0x0000000f, texture max 8192, viewport max {8192, 8192}, extensions NPOT|GLSL|FLOAT

WindowServer[130]: _CGXGLDisplayContextForDisplayDevice: acquired display context (0x7fb04a519410) - enabling OpenGL

 

then the crash:

 

kernel[0]: stampWait: Overflowed checking for stamp 0x3e on MAIN ring: called from

kernel[0]: timestamp = 0x0019

kernel[0]: ****  Debug info for *possible* hang in MAIN graphics engine  ****

 

on next reboot the gl driver doesnt load so i have to clear caches again to try debug it. the log line is

 

WindowServer[199]: initialize_display_context: gl initialization failed - disabling OpenGL

 

 

 

 

Edited by jalavoui
  • 2 weeks later...
#define INTEL_SNB_D_IDS(info) \
	INTEL_VGA_DEVICE(0x0102, info), \
	INTEL_VGA_DEVICE(0x0112, info), \
	INTEL_VGA_DEVICE(0x0122, info), \
	INTEL_VGA_DEVICE(0x010A, info)

#define INTEL_SNB_M_IDS(info) \
	INTEL_VGA_DEVICE(0x0106, info), \
	INTEL_VGA_DEVICE(0x0116, info), \
	INTEL_VGA_DEVICE(0x0126, info)

i'm uploading the video bios of 0x0106 (clevo) and 0x0126 (macbookpro) im checking the mobile snb cards.

 

"AAPL,snb-platform-id",
Buffer (0x04)
{
 0x10, 0x00, 0x03, 0x00        // i noticed framebufer code changes also  for 0x00, 0x00, 0x04, 0x00 and 0x00, 0x00, 0x01, 0x00              
  }

 

"AAPL,os-info", // if clover patch fails to load the framebuffer (check forum for other combos)
                    Buffer (0x14)
                    {
                         0x30, 0x49, 0x01, 0x12, 0x12, 0x12, 0x08, 0x00, //
                         0x00, 0x01, 0xF0, 0x1F, 0x01, 0x00, 0x00, 0x00,
                         0x10, 0x07, 0x00, 0x00                         
                    }

 

i have done the vram patch in snbframebuffer  (C745C400 000018 to C745C400 000040) and hd3000 (VRAMMethod=2 and VRAMSize=1024)

the connectors patch is easy todo (check forum).

the agpm can  prevent the framebuffer from loading (i changed to macpro3,1 but the AAPL,os-info patch also helps)

 

 

the 0x0112 card works with id 0126 - its a desktop id working with the macbookpro mobile id - why ?

 

 

01068086.rom 01268086.rom

Posted (edited)

i'll keep this here for further checks

i found some bios info here https://elixir.bootlin.com/linux/v5.2.21/source/drivers/gpu/drm/i915/intel_bios.h

static enum intel_pch
intel_pch_type(const struct drm_i915_private *dev_priv, unsigned short id)
{
	switch (id) {
	case INTEL_PCH_IBX_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Ibex Peak PCH\n");
		drm_WARN_ON(&dev_priv->drm, !IS_GEN(dev_priv, 5));
		return PCH_IBX;
	case INTEL_PCH_CPT_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found CougarPoint PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_GEN(dev_priv, 6) && !IS_IVYBRIDGE(dev_priv));
		return PCH_CPT;
	case INTEL_PCH_PPT_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found PantherPoint PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_GEN(dev_priv, 6) && !IS_IVYBRIDGE(dev_priv));
		/* PantherPoint is CPT compatible */
		return PCH_CPT;
	case INTEL_PCH_LPT_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found LynxPoint PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HASWELL(dev_priv) && !IS_BROADWELL(dev_priv));
		drm_WARN_ON(&dev_priv->drm,
			    IS_HSW_ULT(dev_priv) || IS_BDW_ULT(dev_priv));
		return PCH_LPT;
	case INTEL_PCH_LPT_LP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found LynxPoint LP PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HASWELL(dev_priv) && !IS_BROADWELL(dev_priv));
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HSW_ULT(dev_priv) && !IS_BDW_ULT(dev_priv));
		return PCH_LPT;
	case INTEL_PCH_WPT_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found WildcatPoint PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HASWELL(dev_priv) && !IS_BROADWELL(dev_priv));
		drm_WARN_ON(&dev_priv->drm,
			    IS_HSW_ULT(dev_priv) || IS_BDW_ULT(dev_priv));
		/* WildcatPoint is LPT compatible */
		return PCH_LPT;
	case INTEL_PCH_WPT_LP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found WildcatPoint LP PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HASWELL(dev_priv) && !IS_BROADWELL(dev_priv));
		drm_WARN_ON(&dev_priv->drm,
			    !IS_HSW_ULT(dev_priv) && !IS_BDW_ULT(dev_priv));
		/* WildcatPoint is LPT compatible */
		return PCH_LPT;
	case INTEL_PCH_SPT_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found SunrisePoint PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_SKYLAKE(dev_priv) && !IS_KABYLAKE(dev_priv));
		return PCH_SPT;
	case INTEL_PCH_SPT_LP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found SunrisePoint LP PCH\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_SKYLAKE(dev_priv) &&
			    !IS_KABYLAKE(dev_priv) &&
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv));
		return PCH_SPT;
	case INTEL_PCH_KBP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Kaby Lake PCH (KBP)\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_SKYLAKE(dev_priv) &&
			    !IS_KABYLAKE(dev_priv) &&
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv));
		/* KBP is SPT compatible */
		return PCH_SPT;
	case INTEL_PCH_CNP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Cannon Lake PCH (CNP)\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_CANNONLAKE(dev_priv) &&
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv));
		return PCH_CNP;
	case INTEL_PCH_CNP_LP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm,
			    "Found Cannon Lake LP PCH (CNP-LP)\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_CANNONLAKE(dev_priv) &&
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv));
		return PCH_CNP;
	case INTEL_PCH_CMP_DEVICE_ID_TYPE:
	case INTEL_PCH_CMP2_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Comet Lake PCH (CMP)\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv) &&
			    !IS_ROCKETLAKE(dev_priv));
		/* CometPoint is CNP Compatible */
		return PCH_CNP;
	case INTEL_PCH_CMP_V_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Comet Lake V PCH (CMP-V)\n");
		drm_WARN_ON(&dev_priv->drm,
			    !IS_COFFEELAKE(dev_priv) &&
			    !IS_COMETLAKE(dev_priv));
		/* Comet Lake V PCH is based on KBP, which is SPT compatible */
		return PCH_SPT;
	case INTEL_PCH_ICP_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Ice Lake PCH\n");
		drm_WARN_ON(&dev_priv->drm, !IS_ICELAKE(dev_priv));
		return PCH_ICP;
	case INTEL_PCH_MCC_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Mule Creek Canyon PCH\n");
		drm_WARN_ON(&dev_priv->drm, !IS_JSL_EHL(dev_priv));
		return PCH_MCC;
	case INTEL_PCH_TGP_DEVICE_ID_TYPE:
	case INTEL_PCH_TGP2_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Tiger Lake LP PCH\n");
		drm_WARN_ON(&dev_priv->drm, !IS_TIGERLAKE(dev_priv) &&
			    !IS_ROCKETLAKE(dev_priv));
		return PCH_TGP;
	case INTEL_PCH_JSP_DEVICE_ID_TYPE:
	case INTEL_PCH_JSP2_DEVICE_ID_TYPE:
		drm_dbg_kms(&dev_priv->drm, "Found Jasper Lake PCH\n");
		drm_WARN_ON(&dev_priv->drm, !IS_JSL_EHL(dev_priv));
		return PCH_JSP;
	default:
		return PCH_NONE;
	}
}

 

Edited by jalavoui

found this ids from https://github.com/tiagovignatti/intel-gpu-tools

 

#define PCI_CHIP_SANDYBRIDGE_GT1	0x0102 /* desktop */
#define PCI_CHIP_SANDYBRIDGE_GT2	0x0112
#define PCI_CHIP_SANDYBRIDGE_GT2_PLUS	0x0122
#define PCI_CHIP_SANDYBRIDGE_M_GT1	0x0106 /* mobile */
#define PCI_CHIP_SANDYBRIDGE_M_GT2	0x0116
#define PCI_CHIP_SANDYBRIDGE_M_GT2_PLUS	0x0126
#define PCI_CHIP_SANDYBRIDGE_S		0x010A /* server */

 

 

i'm checking power issues that might crash the driver. i checked latest code against a old framebuffer version

 

char __fastcall AppleIntelSNBGraphicsFB::initPMMode(AppleIntelSNBGraphicsFB *this)
{
  int v1; // er14
  unsigned int v2; // ecx
  unsigned int v3; // edx
  char result; // al
  __int64 v5; // [rsp+8h] [rbp-28h]

  v1 = AppleIntelSNBGraphicsFB::getPlatformID(this);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x44050uLL);
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0x44050uLL, 0xFFFFF7F7);
  IOSleep(1LL, 278608LL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x44050uLL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA094uLL);
  (*((void (__fastcall **)(signed __int64, signed __int64))this + 56))(1LL, 0xA094LL);
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xA094uLL, 0);
  v2 = *((_DWORD *)this + 760) - ((unsigned int)AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x145948uLL) >> 8);
  *((_DWORD *)this + 786) = v2;
  *((_DWORD *)this + 787) = v2;
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA008uLL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA010uLL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA014uLL);
  InterruptThreshold::updateHW((AppleIntelSNBGraphicsFB *)((char *)this + 3072), *((_DWORD *)this + 787));
  v3 = 1426;
  if ( v1 != 2 && v1 != 4 )
    v3 = 2962;
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xA024uLL, v3);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA024uLL);
  result = (*((__int64 (__fastcall **)(_QWORD, signed __int64))this + 56))(0LL, 40996LL);
  *((_BYTE *)this + 3108) = v1 == 2 || v1 == 4;
  if ( v1 == 4 )
  {
    result = *((_BYTE *)this + 3109);
    if ( result )
    {
      v5 = 300LL;
      result = pmCPUControl(2148028584LL, &v5);
    }
  }
  return result;

and the old version

char __fastcall AppleIntelSNBGraphicsFB::initPMMode(AppleIntelSNBGraphicsFB *this)
{
  int v1; // er14
  unsigned int v2; // ecx
  unsigned int v3; // edx
  char result; // al
  int v5; // [rsp+8h] [rbp-18h]
  int v6; // [rsp+Ch] [rbp-14h]

  v1 = AppleIntelSNBGraphicsFB::getPlatformID(this);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x44050uLL);
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0x44050uLL, 0xFFFFF7F7);
  IOSleep(1LL, 278608LL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x44050uLL);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA094uLL);
  (*((void (__fastcall **)(signed __int64, signed __int64))this + 54))(1LL, 0xA094LL);
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xA094uLL, 0);
  v2 = *((_DWORD *)this + 804) - ((unsigned int)AppleIntelSNBGraphicsFB::ReadRegister32(this, 0x145948uLL) >> 8);
  *((_DWORD *)this + 822) = v2;
  *((_DWORD *)this + 823) = v2;
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA008uLL);
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xA010uLL, 0xF4240u);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA010uLL);
  AppleIntelSNBGraphicsFB::WriteRegister32(
    this,
    0xA014uLL,
    (*((_DWORD *)this + 804) << 24) | (*((_DWORD *)this + 803) << 16));
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA014uLL);
  AppleIntelSNBGraphicsFB::updatePMThresholds(this);
  if ( v1 != 2 && v1 != 4 )
    v3 = 2962;
  else
    v3 = 1426;
  AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xA024uLL, v3);
  AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xA024uLL);
  (*((void (__fastcall **)(_QWORD, signed __int64))this + 54))(0LL, 40996LL);
  result = v1 == 2;
  *((_BYTE *)this + 3260) = v1 == 2 || v1 == 4;
  if ( *((_BYTE *)this + 3261) )
  {
    if ( v1 == 4 )
    {
      v6 = 0;
      v5 = 300;
      result = pmCPUControl(2148028584LL, &v5);
    }
  }
  return result;
}

this code can be found on linux sources. maybe latest version discard old ahrdware ?

 

latest frame as this function

 

__int64 __fastcall AppleIntelSNBGraphicsFB::setPowerState(AppleIntelSNBGraphicsFB *this, __int64 a2, IOService *a3)
{
  int v3; // eax

  if ( a2 == 2 )
  {
    if ( *((_BYTE *)this + 592) )
      AppleIntelSNBGraphicsFB::restoreGTT(this);
    v3 = AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xC2020uLL);
    AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xC2020uLL, v3 | 0x40004000);
  }
  else if ( !a2 && !*((_BYTE *)this + 592) )
  {
    AppleIntelSNBGraphicsFB::saveGTT(this);
  }
  return 0LL;
}

 

and from linux

 

static void lpt_suspend_hw(struct drm_device *dev)
{
	struct drm_i915_private *dev_priv = dev->dev_private;

	if (dev_priv->pch_id == INTEL_PCH_LPT_LP_DEVICE_ID_TYPE) {
		uint32_t val = I915_READ(SOUTH_DSPCLK_GATE_D);

		val &= ~PCH_LP_PARTITION_LEVEL_DISABLE;
		I915_WRITE(SOUTH_DSPCLK_GATE_D, val);
	}
}

oldest frame code looks like this

 

__int64 __fastcall AppleIntelSNBGraphicsFB::setPowerState(AppleIntelSNBGraphicsFB *this, __int64 a2, IOService *a3)
{
  if ( a2 == 2 )
  {
    if ( *((_QWORD *)this + 70) )
      AppleIntelSNBGraphicsFB::restoreGTT(this);
  }
  else if ( !a2 && !*((_QWORD *)this + 70) )
  {
    AppleIntelSNBGraphicsFB::saveGTT(this);
  }
  return 0LL;
}

 

well ofc some cards gotta crash with this apple updates...

  • Like 1

latest frame as this function

 

__int64 __fastcall AppleIntelSNBGraphicsFB::setPowerState(AppleIntelSNBGraphicsFB *this, __int64 a2, IOService *a3)
{
  int v3; // eax

  if ( a2 == 2 )
  {
    if ( *((_BYTE *)this + 592) )
      AppleIntelSNBGraphicsFB::restoreGTT(this);
    v3 = AppleIntelSNBGraphicsFB::ReadRegister32(this, 0xC2020uLL);
    AppleIntelSNBGraphicsFB::WriteRegister32(this, 0xC2020uLL, v3 | 0x40004000);
  }
  else if ( !a2 && !*((_BYTE *)this + 592) )
  {
    AppleIntelSNBGraphicsFB::saveGTT(this);
  }
  return 0LL;
}

 

and from linux

 

static void lpt_suspend_hw(struct drm_device *dev)
{
	struct drm_i915_private *dev_priv = dev->dev_private;

	if (dev_priv->pch_id == INTEL_PCH_LPT_LP_DEVICE_ID_TYPE) {
		uint32_t val = I915_READ(SOUTH_DSPCLK_GATE_D);

		val &= ~PCH_LP_PARTITION_LEVEL_DISABLE;
		I915_WRITE(SOUTH_DSPCLK_GATE_D, val);
	}
}

oldest frame code looks like this

 

__int64 __fastcall AppleIntelSNBGraphicsFB::setPowerState(AppleIntelSNBGraphicsFB *this, __int64 a2, IOService *a3)
{
  if ( a2 == 2 )
  {
    if ( *((_QWORD *)this + 70) )
      AppleIntelSNBGraphicsFB::restoreGTT(this);
  }
  else if ( !a2 && !*((_QWORD *)this + 70) )
  {
    AppleIntelSNBGraphicsFB::saveGTT(this);
  }
  return 0LL;
}

 

well ofc some cards gotta crash with this apple updates...

cards crashes in opengl - too much code to patch

 

void __thiscall GHAL3D::CContext::Initialize(CContext *this)

{
  byte bVar1;
  
  bVar1 = CPrivateCommandTransport::Create(this,(CPrivateCommandTransport **)(this + 0x28));
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivatePrimitiveProcessor::Create(this,(CPrivatePrimitiveProcessor **)(this + 0x18));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateResourceManager::Create(this,(CPrivateResourceManager **)(this + 0x20));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateQueryProcessor::Create(this,(CPrivateQueryProcessor **)(this + 0x40));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateStateProcessor::Create(this,(CPrivateStateProcessor **)(this + 0x10));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateVertexFetchStream::Create(this,(CPrivateVertexFetchStream **)(this + 0x30));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateClearProcessor::Create(this,(CPrivateClearProcessor **)(this + 0x38));
  }
  if ((bVar1 & 1) != 0) {
    bVar1 = CPrivateConstantBufferStream::Create
                      (this,(CPrivateConstantBufferStream **)(this + 0x48));
  }
  if ((bVar1 & 1) != 0) {
    CPrivateComputeGroupProcessor::Create(this,(CPrivateComputeGroupProcessor **)(this + 0x50));
    return;
  }
  return;
}

 

Posted (edited)
/*
 * Some BIOS implementations leave the Intel GPU interrupts enabled,
 * even though no one is handling them (f.e. i915 driver is never loaded).
 * Additionally the interrupt destination is not set up properly
 * and the interrupt ends up -somewhere-.
 *
 * These spurious interrupts are "sticky" and the kernel disables
 * the (shared) interrupt line after 100.000+ generated interrupts.
 *
 * Fix it by disabling the still enabled interrupts.
 * This resolves crashes often seen on monitor unplug.
 */
#define I915_DEIER_REG 0x4400c
static void disable_igfx_irq(struct pci_dev *dev)
{
	void __iomem *regs = pci_iomap(dev, 0, 0);
	if (regs == NULL) {
		dev_warn(&dev->dev, "igfx quirk: Can't iomap PCI device\n");
		return;
	}

	/* Check if any interrupt line is still enabled */
	if (readl(regs + I915_DEIER_REG) != 0) {
		dev_warn(&dev->dev, "BIOS left Intel GPU interrupts enabled; "
			"disabling\n");

		writel(0, regs + I915_DEIER_REG);
	}

	pci_iounmap(dev, regs);
}
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0102, disable_igfx_irq);
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq);
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq);

check the cards id - y i have the 0x0106

 

 

Edited by jalavoui
  • Like 1
  • 2 weeks later...

This function as a probe for GT1/ GT2 !! (hd3000 kext)

 

Gen6Accelerator *__fastcall Gen6Accelerator::probe(Gen6Accelerator *this, IOService *a2, int *a3)
{
  __int64 v3; // rcx
  Gen6Accelerator *result; // rax
  int v5; // eax

  v3 = (*((__int64 (__fastcall **)(Gen6Accelerator *, IOService *, int *))&`vtable for'IntelAccelerator + 185))(
         this,
         a2,
         a3);
  result = 0LL;
  if ( v3 )
  {
    *((_DWORD *)this + 10045) = 2;
    v5 = *((unsigned __int16 *)this + 4369) | 4;
    if ( v5 == 0x126 || v5 == 0x116 )
    {
      *((_DWORD *)this + 10045) = 2;
    }
    else if ( v5 == 0x106 )
    {
      *((_DWORD *)this + 10045) = 1;
    }
    kLargeCommandSizeMin = 0x10000;
    kLargeCommandSize = 0x20000;
    kDataSizeMin = 0x40000;
    kDataSize = 0x200000;
    *((_DWORD *)this + 8489) = page_size;
    result = this;
  }
  return result;
}

i feel so tempted to hack this but ill study a bit more

this is from AppleIntelHD3000GraphicsVADriver

 

signed __int64 __fastcall sub_AF97(__int64 a1)
{
  int v1; // ecx
  signed __int64 result; // rax
  __int64 v3; // [rsp+20h] [rbp-30h]
  __int64 v4; // [rsp+28h] [rbp-28h]
  int v5; // [rsp+30h] [rbp-20h]

  v5 = 0;
  v4 = 0LL;
  v3 = 12LL;
  v1 = IOConnectCallMethod(*(unsigned int *)(a1 + 56), 29LL, 0LL, 0LL, 0LL, 0LL, 0LL, 0LL, &v4, &v3);
  result = 10LL;
  if ( !v1 )
  {
    if ( v5 <= 0x1168085 )
    {
      if ( v5 == 0x1028086 || v5 == 0x1068086 )
      {
        *(_QWORD *)(a1 + 0x8BFC) = 0x1800000000LL;
        *(_DWORD *)(a1 + 0x8C04) = 0x400;
        return 0LL;
      }
      if ( v5 != 0x1128086 )
        return result;
LABEL_10:
      *(_QWORD *)(a1 + 0x8BFC) = 0x3C00000001LL;
      *(_DWORD *)(a1 + 0x8C04) = 0x800;
      return 0LL;
    }
    if ( v5 == 0x1168086 || v5 == 0x1228086 || v5 == 0x1268086 )
      goto LABEL_10;
  }
  return result;
}

 

×
×
  • Create New...