Important Update to Award BIOS Code Injection
статья B Award BIOS
- I've added another article: Pinczakko's Guide to Self-patching
- Нет. Ждем-с... Причем сказать что со дня на
- Так а биоскоммандер этот самый доступен где-нибудь?
- Если бы кто-нибудь расписал бы ещё как измененить
- Послушайте вот у меня нет acbrom. Я пытаюсь
- Important Update to Award BIOS Code Injection
- В некоторых Award bios есть модуль nnoprom - там
- Thx for the feedback apple_rom
- Поправочка (кто-то скажет - опровержение :) )
- just made minor update to the Award
- Статья для работы "PCI Expansion ROM" Кодий Low_Cost_Embedded_x86_Teaching_Tool
- Я сделал маленькое исправление к статье "Award Bios
- MmM А тут я отчасти
- apple_rom А как же "наш
- Кстати, всем, кто серьезно интересуется работой с биосом
Прошивка и настройка BIOS, переделка и ремонт материнских плат, БП, видеокарт, HDD.
ROM.by 2002-2019 © apple_rom
Important Update to Award BIOS Code Injection Article
OK, let me clarify, there is nothing wrong with the main concept explained in the article, i.e. the method used to inject new code into Award BIOS. But, there is something that can mislead people in the particular implementation explained there in the last section (Possible Downside and Its Workaround). I've made a "critical update" to address the issue in the latest version of the article in the following link:
Award BIOS Code Injection
To summarise, the issue is: in the original article I've claimed that the bug due to the race condition (in the sample injected-code) has been addressed, whereas, further experiment don't say so. Thus, I've carried out further experiments last week to find out the problem and has come-up with a thoroughly tested solution, i.e. a reworked patch.
well, I'll just paste the relevant code here to clarify.
#The sample injected-code in the original article (nasm syntax):
;---------------- BEGIN TWEAK.ASM -------------------------------------------------------------- BITS 16 ;just to make sure nasm prefix 66 to 32 bit instructions, we're assuming the uP ;is in 16 bits mode up to this point (from the boot state) section .text start: pushf push eax push dx mov eax,ioq_reg ;patch the ioq register of the chipset mov dx,in_port out dx,eax mov dx,out_port in eax,dx or eax,ioq_mask out dx,eax mov eax,dram_reg ;patch the DRAM controller of the chipset, mov dx,in_port ;i.e. the interleaving part out dx,eax mov dx,out_port in eax,dx or eax,dram_mask out dx,eax mov eax,bank_reg ;Allow pages of different bank to be active simultanoeusly mov dx,in_port out dx,eax mov dx,out_port in eax,dx or eax,bank_mask out dx,eax mov eax,tlb_reg ;Activate Fast TLB lookup mov dx,in_port out dx,eax mov dx,out_port in eax,dx or eax,tlb_mask out dx,eax pop dx pop eax popf clc ;indicate that this POST routine successful retn ;return near to the header of the rom file section .data in_port equ 0cf8h out_port equ 0cfch dram_mask equ 00020202h dram_reg equ 80000064h ioq_mask equ 00000080h ioq_reg equ 80000050h bank_mask equ 20000840h bank_reg equ 80000068h tlb_mask equ 00000008h tlb_reg equ 8000006ch ;---------------- END TWEAK.ASM --------------------------------------------------------------This code causes the system to hang in certain circumstances.
#The reworked injected-code (fasm syntax)
;------------------------------ file: mem_optimize.asm ----------------------------------- use16 start: pushf cli mov cx, 0x50 ;patch the ioq register of the chipset call Read_PCI_Bus0_Byte or al, 0x80 mov cx, 0x50 call Write_PCI_Bus0_Byte mov cx, 0x64 ;DRAM Bank 0/1 Interleave = 4-way call Read_PCI_Bus0_Byte or al, 2 mov cx, 0x64 call Write_PCI_Bus0_Byte mov cx, 0x65 ;DRAM Bank 2/3 Interleave = 4-way call Read_PCI_Bus0_Byte or al, 2 mov cx, 0x65 call Write_PCI_Bus0_Byte mov cx, 0x66 ;DRAM Bank 4/5 Interleave = 4-way call Read_PCI_Bus0_Byte or al, 2 mov cx, 0x66 call Write_PCI_Bus0_Byte mov cx, 0x67 ;DRAM Bank 6/7 Interleave = 4-way call Read_PCI_Bus0_Byte or al, 2 mov cx, 0x67 call Write_PCI_Bus0_Byte mov cx, 0x68 ;Allow pages of different bank to be active simultanoeusly call Read_PCI_Bus0_Byte or al, 0x44 mov cx, 0x68 call Write_PCI_Bus0_Byte mov cx, 0x69 ;Fast DRAM Precharge for Different Bank call Read_PCI_Bus0_Byte or al, 0x8 mov cx, 0x69 call Write_PCI_Bus0_Byte mov cx, 0x6C ;Activate Fast TLB lookup call Read_PCI_Bus0_Byte or al, 0x8 mov cx, 0x6C call Write_PCI_Bus0_Byte popf clc ;indicate that this POST routine successful retn ;return near to the header of the rom file ;-- Read_PCI_Byte__ -- ;in: cx = dev_func_offset_addr ;out: al = reg_value Read_PCI_Bus0_Byte: mov ax, 8000h shl eax, 10h mov ax, cx and al, 0FCh mov dx, 0CF8h out dx, eax mov dl, 0FCh ; '?' mov al, cl and al, 3 add dl, al in al, dx retn ;-- Write_Bus0_Byte -- ;in: cx = dev_func_offset addr ;al = reg_value to write Write_PCI_Bus0_Byte: xchg ax, cx shl ecx, 10h xchg ax, cx mov ax, 8000h shl eax, 10h mov ax, cx and al, 0FCh mov dx, 0CF8h out dx, eax add dl, 4 or dl, cl mov eax, ecx shr eax, 10h out dx, al retn ;------------------------------ file: mem_optimize.asm -----------------------------------This new patch (injected-code) is working flawlessly during the "patch-integrity" test, i.e. more than a hundred boot-reboot cycle
sorry for the inconvenience.
greetz,
Pinczakko