Вот чё получилось, скажу сразу асм я знаю

3 Мар 2006 - 17:18 Unknown BIOS
Шаман >> 1165 >> 108.14

Вот чё получилось, скажу сразу асм я знаю на уровне Z-80, так что силно не пинайте, но суть похоже такая.
1. Ищется $GAFR в последнем секторе. Если нашли то берётся адрес на винте начала образа и
2. Начинается попытка распаковать сохранённый на винте образ. Если не получилось - то никакого авторековери...
3. Если распаковалось - то сравнивается версия. Если она совпала с той, что прописана во флэшке - то начинается восстановление.

HPA начиная с 117302879 сектора.
Вот последний сектор на HDD у GA-8IPE1000 Rev. 3.1, BIOS 8ipekg.f5 :

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F
00000000   24 47 41 46 52 10 41 08  00 00 00 00 00 00 00 00   $GAFRA........
00000010   00 00 00 00 00 00 00 00  00 00 5F E6 FD 06 00 00   .........._ц¤..
00000020   00 00 00 08 00 00 00 00  00 00 00 00 00 00 00 00   ...............
00000030   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000040   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000050   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000060   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000070   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000080   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000090   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000A0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000B0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000C0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000D0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000E0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000000F0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000100   1F 30 39 2F 30 36 2F 32  30 30 34 2D 69 38 36 35   09/06/2004-i865
00000110   50 45 2D 36 41 37 39 5A  47 30 4D 43 2D 30 30 00   PE-6A79ZG0MC-00.
00000120   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................

где видно в смещении 0x01Ah байты 06 FD E6 5F что в десятичной с/с будет ровно 117302879 т.е. начало образа BIOS.
Вторая строчка в смещении 0x100h точная копия версии из самого БИОСА.

Вот бут от GA-8IPE1000MK BIOS pe1000mk.f13 :

;--------------------------------------------------------------------------------------
F000:EFDC ; _______________ S U B R O U T I N E _______________________________________
F000:EFDC 
F000:EFDC 
F000:EFDC sub_FEFDC       proc near               ; CODE XREF: F000:ED25p
F000:EFDC                 mov     byte ptr cs:word_FED3E, 1
F000:EFE2                 call    Copy_ROM        ; Предположительно распаковка образа с ROM в RAM
F000:EFE5                 jb      locret_FEFEA    ; Если не смогли пральна распаковать BIOS
F000:EFE7                 call    Find_$GAFR      ; вызываем рековери
F000:EFEA 
F000:EFEA locret_FEFEA:                           ; CODE XREF: sub_FEFDC+9j
F000:EFEA                 retn                    ; Return Near from Procedure
F000:EFEA sub_FEFDC       endp
F000:EFEA 
F000:EFEB

Собсно основной поиск на винте...

F000:F060 ; _______________ S U B R O U T I N E _______________________________________
F000:F060 
F000:F060 
F000:F060 Find_$GAFR      proc near               ; CODE XREF: sub_FEFDC+Bp
F000:F060                 push    ds
F000:F061                 push    es
F000:F062                 mov     bx, 0
F000:F065 
F000:F065 loc_FF065:                              ; DATA XREF: F000:F86Fr
F000:F065                                         ; F000:F874w ...
F000:F065                 call    Compare_$GAFR   ; Ищем адрес "$GAFR" на HDD
F000:F068                 jnz     NO_$GAFR        ; Выходим если не нашли
F000:F06A                 mov     eax, es:[bx+1Ah]; Иначе берём адрес начала образа BIOS на HDD
F000:F06F                 mov     edx, es:[bx+1Eh]; это непонятно, т.к. по смещению 1Eh только 00
F000:F074                 mov     cs:dword_FED40, eax
F000:F079                 mov     cs:dword_FED44, edx
F000:F07F                 mov     ax, 200h
F000:F082                 mov     cs:word_FED3C, ax
F000:F086                 mov     cx, 40h
F000:F089 
F000:F089 loc_FF089:                              ; CODE XREF: Find_$GAFR+4Bj
F000:F089                 mov     cs:word_FED3E, 8
F000:F090                 call    Copy_ROM        ; Предположительно распаковка образа с HDD в RAM
F000:F093                 jb      NO_$GAFR        ; Выходим если не смогли пральна распаковать BIOS
F000:F095                 mov     ax, es
F000:F097                 add     ax, 100h        ; Add
F000:F09A                 mov     es, ax
F000:F09C                 assume es:nothing
F000:F09C                 add     cs:dword_FED40, 8 ; Add
F000:F0A3                 jnb     loc_FF0AB       ; Jump if Not Below (CF=0)
F000:F0A5                 inc     cs:dword_FED44  ; Increment by 1
F000:F0AB 
F000:F0AB loc_FF0AB:                              ; CODE XREF: Find_$GAFR+43j
F000:F0AB                 loop    loc_FF089       ; Предположительно возвращаемся на распаковку слещего модуля
F000:F0AD                 call    Compare_Version ; Проверка БИОС для этой мамки или нет
F000:F0B0                 jnz     NO_$GAFR        ; Jump if Not Zero (ZF=0)
F000:F0B2                 clc                     ; Clear Carry Flag
F000:F0B3                 jmp     short Find_Exit ; Начинаем упешно восстанавливать
F000:F0B5 
F000:F0B5 NO_$GAFR:                               ; CODE XREF: Find_$GAFR+8j
F000:F0B5                                         ; Find_$GAFR+33j ...
F000:F0B5                 stc                     ; Образ не наш, не нашли или повреждён
F000:F0B6 
F000:F0B6 Find_Exit:                              ; CODE XREF: Find_$GAFR+53j
F000:F0B6                 pop     es
F000:F0B7                 assume es:nothing
F000:F0B7                 pop     ds
F000:F0B8                 assume ds:nothing
F000:F0B8                 retn                    ; Return Near from Procedure
F000:F0B8 Find_$GAFR      endp
F000:F0B8 
F000:F0B9 


F000:F0B9 ; _______________ S U B R O U T I N E _______________________________________
F000:F0B9 
F000:F0B9 
F000:F0B9 Compare_Version proc near               ; CODE XREF: Find_$GAFR+4Dp
F000:F0B9                 mov     cx, cs:word_FED3C
F000:F0BE                 shl     cx, 5           ; Shift Logical Left
F000:F0C1                 add     cx, 2000h       ; Add
F000:F0C5                 sub     ch, 10h         ; Integer Subtraction
F000:F0C8                 mov     es, cx
F000:F0CA                 mov     cx, cs
F000:F0CC                 mov     ds, cx
F000:F0CE                 assume ds:seg000
F000:F0CE                 mov     si, offset a6a79zg08 ; "6A79ZG08"
F000:F0D1                 mov     di, si
F000:F0D3                 mov     cx, 8
F000:F0D6                 repe cmpsb              ; Compare Strings
F000:F0D8                 retn                    ; Return Near from Procedure
F000:F0D8 Compare_Version endp
F000:F0D8 
F000:F0D8 ; ---------------------------------------------------------------------------
F000:F0D9 aGafr           db '$GAFR'              ; DATA XREF: Compare_$GAFR+2o
F000:F0DE 
F000:F0DE ; _______________ S U B R O U T I N E _______________________________________
F000:F0DE 
F000:F0DE 
F000:F0DE Compare_$GAFR   proc near               ; CODE XREF: Find_$GAFR+5p
F000:F0DE                 mov     di, bx
F000:F0E0                 mov     si, offset aGafr ; "$GAFR"
F000:F0E3                 mov     cx, 5
F000:F0E6                 repe cmpsb              ; Compare Strings
F000:F0E8                 retn                    ; Return Near from Procedure
F000:F0E8 Compare_$GAFR   endp
F000:F0E8

Ну и по ходу, пара процедур связанных с флэшкой и выводом сообщений об авторековери:

F000:F0E9
F000:F0E9 ; _______________ S U B R O U T I N E _______________________________________
F000:F0E9
F000:F0E9 
F000:F0E9 Flash_ID        proc near               ; CODE XREF: F000:ED2Ap
F000:F0E9                 xor     ax, ax          ; Logical Exclusive OR
F000:F0EB                 mov     ds, ax
F000:F0ED                 assume ds:nothing
F000:F0ED                 mov     es, ax
F000:F0EF                 assume es:nothing
F000:F0EF                 mov     ax, ds:0FFBC0000h
F000:F0F5                 call    FlashID_Comp                  ; Call Procedure
F000:F0F8                 jnb     AutoRecovery                  ; Jump if Not   Below (CF=0)
F000:F0FA                 mov     esi, 0FFFF0000h
F000:F100                 mov     byte ptr [esi+5555h], 0AAh
F000:F108                 mov     byte ptr [esi+2AAAh], 55h
F000:F110                 mov     byte ptr [esi+5555h], 0F0h    ; Software      ID Exit
F000:F118                 call    Flash_IO                      ; Call Procedure
F000:F11B                 mov     byte ptr [esi+5555h], 0AAh
F000:F123                 mov     byte ptr [esi+2AAAh], 55h
F000:F12B                 mov     byte ptr [esi+5555h], 90h     ; Software ID Entry
F000:F133                 call    Flash_IO                      ; Call Procedure
F000:F136                 mov     ax, [esi]
F000:F139                 mov     byte ptr [esi+5555h], 0AAh
F000:F141                 mov     byte ptr [esi+2AAAh], 55h
F000:F149                 mov     byte ptr [esi+5555h], 0F0h    ; Software      ID Exit
F000:F151                 call    FlashID_Comp                  ; Call Procedure
F000:F154                 jnb     AutoRecovery                  ; Jump if Not   Below (CF=0)
F000:F156                 lea     ax, ds:aUnknownFlashMe        ; "Unknown Flash Memory !"
F000:F15A                 mov     cx, 16h
F000:F15D                 nop                                   ; No Operation
F000:F15E                 mov     dx, 0FF02h
F000:F161                 call    VideoOut                      ; Call Procedure
F000:F164                 jmp     short Flash_ID_Retn           ; Jump


F000:F166 
F000:F166 AutoRecovery:                                         ; CODE XREF: Flash_ID+Fj
F000:F166                                                       ; Flash_ID+6Bj
F000:F166                 mov     al, 52h
F000:F168                 out     80h, al                       ; manufacture's diagnostic checkpoint
F000:F16A                 lea     ax, ds:aBiosAutoRecove        ; "BIOS Auto-Recovering "
F000:F16E                 mov     cx, 15h
F000:F171                 nop                                   ; No Operation
F000:F172                 mov     dx, 0FF02h
F000:F175                 call    VideoOut                      ; Call Procedure
F000:F178 
F000:F178 loc_FF178:                                            ; CODE XREF: Flash_ID+95j
F000:F178                 mov     ax, cs:word_FF33F
F000:F17C                 call    ax                            ; Indirect Call Near Procedure
F000:F17E                 jb      loc_FF178                     ; Jump if Below (CF=1)
F000:F180                 mov     al, 53h
F000:F182                 out     80h, al                       ; manufacture's diagnostic checkpoint
F000:F184 
F000:F184 Flash_ID_Retn:                                        ; CODE XREF: Flash_ID+7Bj
F000:F184                 retn                                  ; Return Near   from Procedure
F000:F184 Flash_ID        endp
F000:F184 
F000:F184 ; ---------------------------------------------------------------------------
F000:F185 aBiosAutoRecove db 'BIOS Auto-Recovering '            ; DATA XREF: Flash_ID+81t
F000:F19A a_scanningBiosI db '.Scanning BIOS Image in Hard Drive ...'
F000:F19A                                                       ; DATA XREF: F000:F1DCt
F000:F1C0 ; ---------------------------------------------------------------------------
F000:F1C0 
F000:F1C0 ScaningHD:                                            ; CODE XREF: F000:F206p
F000:F1C0                 pushad                                ; Push all General Registers (use32)
F000:F1C2                 mov     ebx, esi
F000:F1C5                 sub     ebx, 20000h                   ; Integer Subtraction
F000:F1CC                 mov     eax, ebx
F000:F1CF                 and     bx, 3FFFh                     ; Logical AND
F000:F1D3                 jnz     NoScan_Retn                   ; Jump if Not   Zero (ZF=0)
F000:F1D5                 shr     eax, 0Eh                      ; Shift Logical Right
F000:F1D9                 inc     ax                            ; Increment by 1
F000:F1DA                 out     80h, al                       ; manufacture's diagnostic checkpoint
F000:F1DC                 lea     ax, ds:a_scanningBiosI        ; ".Scanning BIOS Image in Hard Drive ..."
F000:F1E0                 mov     cx, 1
F000:F1E3                 mov     dx, 0FE01h
F000:F1E6                 call    VideoOut                      ; Call Procedure
F000:F1E9 
F000:F1E9 NoScan_Retn:                                          ; CODE XREF: F000:F1D3j
F000:F1E9                 popad                                 ; Pop   all General Registers (use32)
F000:F1EB                 retn                                  ; Return Near   from Procedure
F000:F1EC ; ---------------------------------------------------------------------------
F000:F1EC                 mov     esi, 20000h
F000:F1F2                 mov     edi, 0FFF00000h
F000:F1F8                 mov     edx, 0C0000h
F000:F1FE                 mov     bx, 40h
F000:F201 
F000:F201 loc_FF201:                              ; CODE XREF: F000:F21Dj
F000:F201                 call    Erase_Sector    ; Call Procedure
F000:F204                 jb      Prog_Err        ; Jump if Below (CF=1)
F000:F206                 call    ScaningHD       ; Call Procedure
F000:F209                 mov     ecx, 1000h
F000:F20F 
F000:F20F loc_FF20F:                              ; CODE XREF: F000:F21Aj
F000:F20F                 call    Prog_Byte       ; Call Procedure
F000:F212                 jb      Prog_Err        ; Jump if Below (CF=1)
F000:F214                 inc     edx             ; Increment by 1
F000:F216                 inc     esi             ; Increment by 1
F000:F218                 dec     ecx             ; Decrement by 1
F000:F21A                 jnz     loc_FF20F       ; Jump if Not Zero (ZF=0)
F000:F21C                 dec     bx              ; Decrement by 1
F000:F21D                 jnz     loc_FF201       ; Jump if Not Zero (ZF=0)
F000:F21F                 clc                     ; Clear Carry Flag
F000:F220                 retn                    ; Return Near from Procedure
F000:F221
F000:F221 
F000:F221 Prog_Err:                               ; CODE XREF: F000:F204j
F000:F221                                         ; F000:F212j
F000:F221                 stc                     ; Set Carry Flag
F000:F222                 retn                    ; Return Near from Procedure


F000:F223 
F000:F223 ; _______________ S U B R O U T I N E _______________________________________
F000:F223 
F000:F223 
F000:F223 Erase_Sector    proc near                             ; CODE XREF: F000:F201p
F000:F223                 push    edi
F000:F225                 call    sub_FF27C                     ; Call Procedure
F000:F228                 mov     byte ptr es:[edi+0F5555h], 0AAh
F000:F231                 mov     byte ptr es:[edi+0F2AAAh], 55h
F000:F23A                 mov     byte ptr es:[edi+0F5555h], 80h
F000:F243                 mov     byte ptr es:[edi+0F5555h], 0AAh
F000:F24C                 mov     byte ptr es:[edi+0F2AAAh], 55h
F000:F255                 add     edi, edx                      ; Add
F000:F258                 mov     byte ptr es:[edi], 30h        ; Sector-Erase
F000:F25D                 call    Flash_IO                      ; Call Procedure
F000:F260                 call    Flash_IO                      ; Call Procedure
F000:F263                 call    Flash_IO                      ; Call Procedure
F000:F266                 call    sub_FF2E6                     ; Call Procedure
F000:F269                 mov     ax, es:[edi]
F000:F26D                 out     0EBh, al
F000:F26F                 cmp     ax, 0FFFFh                    ; Compare Two   Operands
F000:F272                 jnz     loc_FF278                     ; Jump if Not   Zero (ZF=0)
F000:F274                 pop     edi
F000:F276                 clc                                   ; Clear Carry   Flag
F000:F277                 retn                                  ; Return Near   from Procedure
F000:F278 
F000:F278 loc_FF278:                                            ; CODE XREF: Erase_Sector+4Fj
F000:F278                 pop     edi
F000:F27A                 stc                                   ; Set   Carry Flag
F000:F27B                 retn                                  ; Return Near   from Procedure
F000:F27B Erase_Sector    endp
F000:F27B 
F000:F27C 
F000:F27C ; _______________ S U B R O U T I N E _______________________________________
F000:F27C 
F000:F27C 
F000:F27C sub_FF27C       proc near               ; CODE XREF: Erase_Sector+2p
F000:F27C                 push    edi
F000:F27E                 push    ax
F000:F27F                 add     edi, edx        ; Add
F000:F282                 and     edi, 0FF000h    ; Logical AND
F000:F289                 or      edi, 0FFB00002h ; Logical Inclusive OR
F000:F290                 xor     al, al          ; Logical Exclusive OR
F000:F292                 mov     es:[edi], al
F000:F296                 out     0EBh, al
F000:F298                 pop     ax
F000:F299                 pop     edi
F000:F29B                 retn                    ; Return Near from Procedure
F000:F29B sub_FF27C       endp
F000:F29B 
F000:F29C 
F000:F29C ; _______________ S U B R O U T I N E _______________________________________
F000:F29C 
F000:F29C 
F000:F29C Prog_Byte       proc near               ; CODE XREF: F000:F20Fp
F000:F29C                 pushad                  ; Push all General Registers (use32)
F000:F29E                 mov     cx, 3E7h
F000:F2A1 
F000:F2A1 loc_FF2A1:                              ; CODE XREF: Prog_Byte+41j
F000:F2A1                 push    edi
F000:F2A3                 mov     byte ptr es:[edi+0F5555h], 0AAh
F000:F2AC                 mov     byte ptr es:[edi+0F2AAAh], 55h
F000:F2B5                 mov     byte ptr es:[edi+0F5555h], 0A0h ; Byte-Program
F000:F2BE                 add     edi, edx        ; Add
F000:F2C1                 mov     al, [esi]
F000:F2C4                 mov     es:[edi], al
F000:F2C8                 push    cx
F000:F2C9                 call    sub_FF2E6       ; Call Procedure
F000:F2CC                 pop     cx
F000:F2CD                 mov     ah, es:[edi]
F000:F2D1                 pop     edi
F000:F2D3                 mov     al, [esi]
F000:F2D6                 out     0EBh, al
F000:F2D8                 cmp     al, ah          ; Compare Two Operands
F000:F2DA                 jz      loc_FF2E2       ; Jump if Zero (ZF=1)
F000:F2DC                 dec     cx              ; Decrement by 1
F000:F2DD                 jnz     loc_FF2A1       ; Jump if Not Zero (ZF=0)
F000:F2DF                 stc                     ; Set Carry Flag
F000:F2E0                 jmp     short loc_FF2E3 ; Jump
F000:F2E2
F000:F2E2 
F000:F2E2 loc_FF2E2:                              ; CODE XREF: Prog_Byte+3Ej
F000:F2E2                 clc                     ; Clear Carry Flag
F000:F2E3 
F000:F2E3 loc_FF2E3:                              ; CODE XREF: Prog_Byte+44j
F000:F2E3                 popad                   ; Pop all General Registers (use32)
F000:F2E5                 retn                    ; Return Near from Procedure
F000:F2E5 Prog_Byte       endp
F000:F2E5 
F000:F2E6 
;--------------------------------------------------------------------------------------

А вот тут можно опредиль какие типы флэшки поддерживает данный БИОС - часто справшивают, какую ставить:)

F000:F330 ; ---------------------------------------------------------------------------
F000:F331 FlsIDs_Table    dw 57BFh                ; DATA XREF: FlashID_Compo
F000:F331                                         ; SST49LF002A
F000:F333                 dw 0F1ECh
F000:F335                 dw 32DAh                ; W49V002FA
F000:F337                 dw 0F1ECh
F000:F339                 dw 6D9Dh                ; Pm49FL002
F000:F33B                 dw 0F1ECh
F000:F33D                 dw 0
F000:F33F word_FF33F      dw 0                    ; DATA XREF: Flash_ID+8Fr
F000:F33F                                         ; FlashID_Comp+19w


F000:F341 
F000:F341 ; _______________ S U B R O U T I N E _______________________________________
F000:F341 
F000:F341 
F000:F341 FlashID_Comp    proc near               ; CODE XREF: Flash_ID+Cp
F000:F341                                         ; Flash_ID+68p
F000:F341                 mov     bx, offset FlsIDs_Table
F000:F344 
F000:F344 loc_FF344:                              ; CODE XREF: FlashID_Comp+11j
F000:F344                 cmp     word ptr cs:[bx], 0 ; Compare Two Operands
F000:F348                 jz      loc_FF354       ; Jump if Zero (ZF=1)
F000:F34A                 cmp     ax, cs:[bx]     ; Compare Two Operands
F000:F34D                 jz      loc_FF356       ; Jump if Zero (ZF=1)
F000:F34F                 add     bx, 4           ; Add
F000:F352                 jmp     short loc_FF344 ; Jump
F000:F354 
F000:F354 loc_FF354:                              ; CODE XREF: FlashID_Comp+7j
F000:F354                 stc                     ; Set Carry Flag
F000:F355                 retn                    ; Return Near from Procedure
F000:F356 
F000:F356 loc_FF356:                              ; CODE XREF: FlashID_Comp+Cj
F000:F356                 mov     ax, cs:[bx+2]
F000:F35A                 mov     cs:word_FF33F, ax
F000:F35E                 clc                     ; Clear Carry Flag
F000:F35F                 retn                    ; Return Near from Procedure
F000:F35F FlashID_Comp    endp
F000:F35F 
F000:F360 
F000:F360 ; _______________ S U B R O U T I N E _______________________________________
F000:F360 
F000:F360 
F000:F360 Flash_IO        proc near               ; CODE XREF: Flash_ID+2Fp
F000:F360                                         ; Flash_ID+4Ap ...
F000:F360                 push    ecx
F000:F362                 mov     ecx, 29Ah
F000:F368                 call    In_61_wait_10   ; Call Procedure
F000:F36B                 pop     ecx
F000:F36D                 retn                    ; Return Near from Procedure
F000:F36D Flash_IO        endp
F000:F36D 
F000:F36D ; ---------------------------------------------------------------------------
F000:F36E aUnknownFlashMe db 'Unknown Flash Memory !' ; DATA XREF: Flash_ID+6Dt
F000:F384 ; ---------------------------------------------------------------------------

;--------------------------------------------------------------------------------------

F000:FFE8 a6a79zg08       db '6A79ZG08'           ; DATA XREF: Compare_Version+15o

;--------------------------------------------------------------------------------------

F000:FFF0 ; ---------------------------------------------------------------------------
F000:FFF0                 jmp     far ptr loc_FE05B ; Jump
F000:FFF0 ; ---------------------------------------------------------------------------
F000:FFF5 aMrb            db '*MRB*',2,0,0,0,'`',0

Award BootBlock Bios v1.0 -- Не загружается ПК GA-8IPE1000