-1

I am using ZDNet Clock utility to overclock my Mac from Mac OS X Leopard every day and boot macOS Big Sur after that. I want to port the 32bit only overclock.kext of the utility to macOS Big Sur or at least add a support for any macOS with 64-bit kernel.

As far as I can see from the disassembled code fragments, there is a rather simple way to read/write to SMBus from kext. The kext do this from the code below (disassembled by Hopper). Looks quite simple like reading and writing to certain address locations. So I can't figure out how this code get access to the SMBus.

Please give me some clues to get access to SMBus.

; ================ B E G I N N I N G   O F   P R O C E D U R E ================
; Variables:
;    var_1C: int32_t, -28
_SMBusExecuteCommand:
0000016d         push       ebp ; CODE XREF=_ReadClockChip+56, _ReadClockChip+114, _WriteClockChip+160
0000016e         movzx      eax, al
00000171         mov        ebp, esp
00000173         push       ebx
00000174         sub        esp, 0x14
00000177         mov        ecx, dword [dword_16e4]
0000017d         lea        edx, dword [ecx+2]
00000180         movzx      edx, dx
00000183         out        dx, al
00000184         xor        ebx, ebx
00000186         jmp        loc_1a3

loc_188:
00000188         mov        dword [esp+0x1c+var_1C], 0x3e8  ; CODE XREF=_SMBusExecuteCommand+59
0000018f         call       _delay                                              ; _delay
00000194         cmp        ebx, 0x3e8
0000019a         je         loc_1b6

0000019c         mov        ecx, dword [dword_16e4]                             ; dword_16e4
000001a2         inc        ebx

loc_1a3:
000001a3         mov        edx, ecx                                            ; CODE XREF=_SMBusExecuteCommand+25
000001a5         in         al, dx
000001a6         test       al, 0x3e
000001a8         je         loc_188

000001aa         in         al, dx
000001ab         test       al, 0x2
000001ad         mov        ecx, 0xffffffff
000001b2         jne        loc_1c8

000001b4         jmp        loc_1c6

loc_1b6:
000001b6         mov        dword [esp+0x1c+var_1C], aZdnetdeSmbusTi            ; argument "format" for method _printf, "ZDNet.de: SMBus timed out.\\n", CODE XREF=_SMBusExecuteCommand+45
000001bd         call       _printf                                             ; _printf
000001c2         xor        ecx, ecx
000001c4         jmp        loc_1d8

loc_1c6:
000001c6         xor        ecx, ecx                                            ; CODE XREF=_SMBusExecuteCommand+71

loc_1c8:
000001c8         test       al, 0x1                                             ; CODE XREF=_SMBusExecuteCommand+69
000001ca         mov        eax, _clock2freq_double
000001cf         cmovne     ecx, eax
000001d2         mov        eax, 0x3e
000001d7         out        dx, al

loc_1d8:
000001d8         add        esp, 0x14                                           ; CODE XREF=_SMBusExecuteCommand+87
000001db         mov        eax, ecx
000001dd         pop        ebx
000001de         leave
000001df         ret
                        ; endp
user3421105
  • 41
  • 5

0 Answers0