Attempt to fix pf not working on arm64e

jakeajames · Mar 25, 2020 · 5b4afc5 · 5b4afc5
1 parent 0c72918
commit 5b4afc5
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/patchfinder64.m b/patchfinder64.m
@@ -11,6 +11,7 @@
 #import <stdint.h>
 #import <string.h>
 #import <stdbool.h>
+#import <mach-o/fat.h>
 
 #import "kernel_utils.h"
 
@@ -504,7 +505,7 @@ static int DecodeMov(uint32_t opcode, uint64_t total, int first, uint64_t *newva
 static void *Kernel_mh = 0;
 static addr_t Kernel_delta = 0;
 
-static uint32_t magic = 0;
+static uint32_t arch_off = 0;
 
 int
 InitPatchfinder(addr_t base, const char *filename)
@@ -523,10 +524,17 @@ static int DecodeMov(uint32_t opcode, uint64_t total, int first, uint64_t *newva
         return -1;
     }
 
+    uint32_t magic;
     read(fd, &magic, 4);
     if (magic == 0xbebafeca) {
-        lseek(fd, 28, SEEK_SET); // kerneldec gives a FAT binary for some reason
+        struct fat_header fat;
+        lseek(fd, sizeof(fat), SEEK_SET);
+        struct fat_arch_64 arch;
+        read(fd, &arch, sizeof(arch));
+        arch_off = ntohl(arch.offset);
+        lseek(fd, arch_off, SEEK_SET); // kerneldec gives a FAT binary for some reason
     }
+
     rv = read(fd, buf, sizeof(buf));
     if (rv != sizeof(buf)) {
         close(fd);
@@ -666,7 +674,7 @@ static int DecodeMov(uint32_t opcode, uint64_t total, int first, uint64_t *newva
         q = q + cmd->cmdsize;
     }
 
-    if (magic == 0xbebafeca) Kernel += 28;
+    Kernel += arch_off;
 
     close(fd);
 
@@ -677,7 +685,7 @@ static int DecodeMov(uint32_t opcode, uint64_t total, int first, uint64_t *newva
 void
 TermPatchfinder(void)
 {
-    if (magic == 0xbebafeca) Kernel -= 28;
+    Kernel -= arch_off;
     free(Kernel);
 }