Apple's documentation of the Copland PCI driver architecture is so vague that it's nearly useless.
darthnVader, I'd really like to have your ndrv work and documentation in one place before I take a dive into it. Got a repo somewhere?
So, patchpef! This script makes it easy to reproducibly patch PEF files with a quick turnaround time.
First, get it here. You will need to compile vasm, a portable multi-architecture assembler. https://github.com/elliotnunn/patchpef
The simplest patchpef command is this. It will just copy the PEF unchanged (unless it's really weird, like the MixedMode library).
patchpef.py INPUT-FILE OUTPUT-FILE
You should know that patchpef includes my macresources library, which lets it do this:
patchpef.py INPUT-RSRC-FILE//ndrv/299 OUTPUT-FILE
From here, you add arguments in pairs.
- The first argument in a pair is an offset within the code section, like "0x124". If the binary includes debug symbols (relatively rare), you can use them: "MyFunction+0x10". Wildcards also work: "MPCreate*+0x4". To insert the same code just before the return instruction of every function, use "*-0x4".
- The second argument specifies some assembly code. You need to remember to enclose this in shell quotes. Semicolons are replaced with newlines, and the assembler expects all directives to be preceded by whitespace. Specifying " li r3, 0; li r4, 1" would insert those instructions into the position you specified with the in argument, massaging the original code to give all of the original instructions a chance to execute (this process is logged extensively, albeit cryptically). There are several assembler macros specified within the script that help you to save registers and spam the NanoKernel log.
Alternatively, you can use one of my all-in-one arguments. Passing ":r3" as the second argument simply dumps r3 to the log, and "::r3" dumps several bytes of hex starting at r3 (useful when you can't figure out a function pointer). Lastly, ":hello world" will print an arbitrary string to the log.
I have left a few features unmentioned here. If you can't do something that you want to, let me know!
It might not look like a whole lot, but patchpef has enabled me to solve some problems, like the CPU Plugin crash, *very* quickly. I use it in conjunction with a disassembly tool like MacNosy, IDA or Hopper. I will leave you with a mundane, unthreatening line pulled at random from my shell history.
patchpef.py MixedMode ../mac-rom/Misc/GoNativeResources//ncod/1/MixedMode 0x10 :r3
Happy hacking!
It's all just hacks done with Hexedit and Resedit.
Open /System/Library/Extensions/AppleNDRV/ATIRuntimeDriver.bundle/Contents/MacOS/ATIRuntimeDriver in Hexedit.
Search for the " compatible" property of the ATI cards display node in ASCII. I.E. Command+F RockHopper2. Then search for the next "Joy", as in Joy!peffpwpc. Note the offset in Hexedit, on the left.
This will be the beginning of the next 'NDRV', so now find the previous Joy!, this will be the beginning of the 'NDRV' that is for RockHopper2. Copy everything from this Joy! to the next Joy!, the one we noted the offset of. I.E. insert the curser before the first Joy! that begins the 'NDRV' and drag it to the offset at the end so that the hex is selected in Hexedit. Do not include the second Joy!, we don't need it, that's the next 'NDRV', we only need one, the one at the beginning.
While the hex we want to copy is highlighted hit Command+C, then Command+N for a new file, then Command+V to paste the 'NDRV' we copied into the new file. Then Save As...I normally name the file like this:RockHopper2(10.x.x).ndrv. So if I'm looking at the one from 10.4.11 for the Mini, it would be RockHopper2(10.4.11).ndrv.
Now we need Resedit with Forker, as the 'NDRV' lives in the Data Fork and we need to edit a few things in the resource fork. You can replace the Data Fork under OS 9 with Hexedit, but Hexedit for OS X will corrupt our driver, so it's best to just use Resedit with Forker.
I assume we could use Classic Mode here, but I just boot OS 9.
Open the file we created in Hexedit, RockHopper2(10.x.x).ndrv, in Resedit, Resedit will complain that it has no resource fork and will want to create one. Just say OK, and open the file, you'll see the <DF> ( Data Fork ) and the one Resource Resedit created. We only need the Data Fork, one it and copy the one resource in contains, don't open the resource itself, just highlight it and copy it.
Next we need to open the driver we want to modify, the ATI Via driver created by iMic for the Via Radeon9200M2 in the iBook G4. I think the file he modified was originally called the ATI Driver Update.
Open the <DF> and paste the data into it, Resedit will ask if you want to replace the ID with this one, and you do, so say yes. Note the length in bytes of this ID, on the right.
Now open the cfrg and open ID 0, scroll down to 1(member and edit the length to match the length in bytes of the Data Fork. The edit the member name to match the " compatible" property from our display 'NDRV', I.E. ATY,RockHopper2.
Close the driver and save it, place it in the extensions folder and reboot, you may need to remove any previous version of this driver.
The 2D Acceleration and 3D acceleration where a matter of replacing the 5960 device ID's with the Device ID we want to use. I.E. 5961 or 5962 in three files, the ATI Graphics Accelerator( Two resources we need to change Accl one ID 4 GraphicsAccelerationR6, find 5961 in Hex, should be just after 2C00 in hex, change it to 5962, find the next 5961, again just after 2C00 in hex, change it to 5962. Next open the intr resource and open ID 0 GAInterfacePro, again search for 5961, just after 2C00 and replace it with 5962.
Close the driver and save it.
Open the ATI 8500 3D Accelerator, open the Data Fork, open ID 128 "Data Fork". Search for 5960 just after 2C00, replace it with, you guested it, 5962. Find the next 5960 after 2C00, replace it too. You should find two total after 2C00.
Close the file and save it.
Open the ATI Resource Manager. Open the Data Fork, ID 128, and replace only 5961 after 2C00 with 5962.(Six of them I think)
I think that was it, maybe I should only change the 5960 in the data fork of the Res.Man. that come after 2C00, I'll have to check that and see if things work better.
Author
Topic: Mac OS 9 booting on: Mac mini G4 (Detailed Posts) (Read 743773 times)