Rick mentioned on Sunday at the ACM Conference that he wanted to change the minimum font smoothing size. I took it as a challenge. Consider this a tutorial of how you can use Macsbug to do some really cool stuff.
Be careful. I haven't fully tested this hack yet, and it requires you to follow along and apply the ideas I present... numbers and code listed here are NOT absolute. You will most likely have to formulate these numbers by yourself.
Remember, this is my documentary of how this was accomplished, not the exact steps you need to take!!! Read the last part of it to see what you essentially need to change.
What did it take for me to figure this out?
ResEdit
Macsbug
PEF Viewer
HexEdit
30 minutes of running around in Macsbug and
20 minutes to write this in a coherent fashion, and verify the steps I took.
What shareware tools would have helped?
The Fragmanalyzer ($25) (disassembly of the AppearanceLib fragment from the "System" context.)
MacNosy to disassemble any cfrg.
Resourcerer to take apart extended 'cfrgs' and maybe to do the data fork editing.
How did I start?
I opened the Appearance control panel in ResEdit.
I remembered that I had tried hacking it before by just changing the MENU resource that lists all the values you can enter, so I didn't take that path.
I then disassembled AppearanceLib (using PEF Viewer) and found a global symbol named SetThemeFontSmoothing in the Imports list of the Loader Section.
I dropped into Macsbug.
"tvb SetThemeFontSmoothing"
TVector Break at “SetThemeFontSmoothing” (TVector at 0050285C) every time
"wh ."
Address 0050285C is in the System heap at 00002800
It is 00000B8C bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
PowerPC TVector break at 36551F6C SetThemeFontSmoothing
I noticed PowerPC register 4 was 0000000b (11 decimal).
This makes sense since the MacOS Application Binary Interface states that parameter passage is done in registers r3, r4 and r5, (any others come on the stack).
So I listed the code.
"ilp SetThemeFontSmoothing" (hit return a few times to see more of the disassembly.)
< INSERT MACSBUG DISASSEMBLY HERE, if I actually disassembled it. ;) >
< I will not repost any code I saw, just some opcodes that are interesting >
< since it's against the license agreement to disassemble any part of MacOS. >
You might see that r4 is stored in 0x006E+SP.
Later, you might see that 0x006E+SP is compared against 0x000C:
cmplwi r0,0x000C | 2800000C
BINGO. That's the limit. 12 decimal (0c hexadecimal) is the current minimum.
"wh SetThemeFontSmoothing"
Address 36551FAC is in VM file-mapped logical memory space
It is in the CFM fragment “AppearanceLib” at 3654DAB0
It is 000044FC bytes from the start of the fragment
and 00000A9C bytes into a non-writeable code section at 36551510
Well. Now we just need to find out where AppearanceLib is stored at on disk so we can change it permanently.
This is the tough part.
I looked in the extension folder. Doh! 8.6 no longer has an "Appearance Extension". If you want to hack 8.5 or any earlier system, things are immensely easier because you can edit the "Appearance Extension"... much easier than hacking 8.6's System file's 4MB data fork.... where almost all Toolbox APIs are stored.
Open ResEdit.
Open the System file.
Check out the 'cfrg's.
'cfrg' 49 contains: (you might have to search through all of the 'cfrg' resources to find it.)
Member 11:
arch: ppc
...
Where: 1
Offset: 2464432
Length: 315821
Member Size: 56
Member Name: AppearanceLib
This means, AppearanceLib is located in the data fork of the System file at offset 2464432.
Open HexEdit.
Open A COPY OF the System file.
Goto Offset 2464432 decimal.
You should see:
Joy!peffpwpc....
Now, we need to do a search for our code snippet above since the offsets Macsbug sees are not accurate in practice.
Find Hex: (Note these are the hex code for the three instructions that do the cmplwi...0x000C, blt, cmplwi...0x0018)
2800000C 4180000C 28000018
Modify the 2800000C to be whatever minimum you'd like. Be careful as the scaling algorithm MIGHT not be able to handle small sizes!!! If you haven't figured it out by now, 2800xxxx is the opcode where xxxx can be any 4 digit value you'd like to compare against.
Save your changes.
Put your current System file in the trash. This unblesses your System Folder.
Move or copy the modified one into your System Folder to rebless it.
Reboot.
Enjoy.
Have any other challenges? :)
--Steve, who needs to be enrolled in hackers anonymous
Date: Tue, 26 Oct 1999 18:05:09 -0500
From: Rick Roe
Subject: Re: Hacking SetThemeFontSmoothing
To: ACM@UIUC's Mac Warriors
I just successfully applied this hack on Mac OS 9... it runs fine with the
minimum size set to 9 point.
Only difference from Steve's exploratory surgery is that the offset of
AppearanceLib in the system file is 2471952 under OS 9.
Also, something that Steve didn't point out: this hack allows you to set the
minimum size below 12, but it doesn't allow you to edit the number below 12 in
the Appearance control panel. Looks like that'd be a separate hack. :) You can,
however, use this snippet of applescript to do the deed:
tell application "Appearance" to set minimum font smoothing size to 9
Incidentally, there's no longer a memory leak from opening and closing the
Appearance CP in OS 9, so AppleScripts that pop into it just to change a setting
