Skip to content

Try to insert a function on lapse.mjs instead of binary fix #55

@viggen66

Description

@viggen66

Instead of waiting for full exploit rop, replace binary file to use this new function

function patch_aio_kernel(kmem, kbase) {
log("Applying AIO kernel patches to prevent game issues...");

// Array patches: [offset, bytes]
const patches = [
    [0x9f141, [0xeb, 0x48]],
    [0x9f183, Array(8).fill(0x90)], // 8x NOP
    [0x9f18b, [41, 83, 0xbf, 0xa0, 0x04, 0x00, 0x00, 0x00]],
    [0x9f199, [0x49, 0x8b, 0x87, 0xd0, 0x04, 0x00, 0x00]],
    [0x9f1a6, [0x49, 0x8b, 0xb7, 0xb0, 0x04, 0x00, 0x00]],
    [0x9f1be, [0x49, 0x8b, 0x87, 0x40, 0x05, 0x00, 0x00]],
    [0x9f1cb, [0x49, 0x8b, 0xb7, 0x20, 0x05, 0x00, 0x00]],
    [0x9f1e3, [0x49, 0x8d, 0xbf, 0xc0, 0x00, 0x00, 0x00]],
    [0x9f1ef, [0x49, 0x8d, 0xbf, 0xe0, 0x00, 0x00, 0x00]],
    [0x9f202, [0x49, 0x8d, 0xbf, 0x00, 0x01, 0x00, 0x00]],
    [0x9f20e, [0x49, 0x8d, 0xbf, 0x20, 0x01, 0x00, 0x00]],
    [0x9f21f, [0x49, 0x8b, 0xff]]
];

patches.forEach(([offset, bytes]) => {
    const addr = kbase.add(offset);
    bytes.forEach((byte, index) => {
        kmem.write8(addr.add(index), byte);
    });
});

log("AIO kernel patches applied successfully");

}

Call function on async function patch_kernel(kbase, kmem, p_ucred, restore_info), after version check

// AIO Fix
log('Applying critical AIO stability patches...');
patch_aio_kernel(kmem, kbase);`

This way the aio fix is applied as soon as possible, to avoid any further damage.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions