working on Windows on Apple Silicon unofficially, reverse engineer, C/Rust/ASM dev
disclaimer: i probably have no idea what i'm doing but doing my best anyways
| Github | https://github.com/amarioguy |
Haven't posted in way too long - but a progress update on AppleWOA: We are now in NT (the address space change means that the bootloader successfully transitioned to the kernel - OslArm64TransferToKernel completed here)
There seems to be some race condition that causes the boot to fail every once in a while that I need to address - and I need to switch off the m1n1 hypervisor debugger to WinDbg proper at this point
late night IDA discoveries...
to enable ARMv8.3 pointer authentication for *user* mode processes in Windows:
In the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel registry key,
set PointerAuthUserIpEnabled as a DWORD value set to 0x1
(Kernel mode pointer auth can similarly be force enabled with PointerAuthKernelIpEnabled (DWORD again set to 0x1)
Kernel mode PAC seems to be on by default in newer ARM64 builds, while user mode PAC seems to be off by default (PointerAuthKernel and PointerAuthUser are the velocity features that set the *default* enable states, kernel PAC enable settings are checked by winload and user processes by kernel)
To forcefully disable PAC in either kernel or user mode, set the following registry keys (for kernel/user respectively) in the same registry key as above:
PointerAuthKernelIpForceDisabled (DWORD, 0x1 to force disable kernel mode PAC)
PointerAuthUserIpForceDisabled (DWORD, 0x1 to force disable PAC in user mode applications)
