flat assembler
Message board for the users of flat assembler.
Index
> Main > solved -write pci registers,need help with INT13 detect disk |
Author |
|
baldr 21 Feb 2010, 11:55
gabiz_ro,
Are there any troubles writing to physical 0xB8000? |
|||
21 Feb 2010, 11:55 |
|
gabiz_ro 21 Feb 2010, 15:25
I don't understand.
How will look 0xB8000? isn't that video memory? |
|||
21 Feb 2010, 15:25 |
|
baldr 21 Feb 2010, 17:23
gabiz_ro,
Yes, I'm talking about debug output. |
|||
21 Feb 2010, 17:23 |
|
gabiz_ro 21 Feb 2010, 19:05
I want to buil a custom PCI option rom to insert it into bios.
Here is a sample code,used by others to do some patch at memory timings. Code: ;--------------------------------------------------------------------------------- ;---------------------------PCI ROM Header---------------------------------------- ;--------------------------------------------------------------------------------- ROM_SIZE_IN_BLOCK = 1 ; 1 means ROM size is 1 block (512 bytes) ROM_SIZE_IN_BYTE = ROM_SIZE_IN_BLOCK * 512 VENDOR_ID equ 10DEh ; PCI Vendor ID (must match your ethernet vendor id) ; exp: 10DE = nVidia DEVICE_ID equ 0057h ; PCI Device ID (must match your ethernet devicie id) ; exp: 0057h = nforce4 CK804 NIC ROMStart: db 0x055, 0x0AA ; ROM Header 55,AA -> Bootable rom db (ROMEnd - ROMStart)/512 ; ROM Size in 512byte jmp MAIN db 0 ; checksum, to be filled in later TIMES 18h-($-$$) DB 0 ; padding zeros to offset 18h DW PCIHDR ; pointer to PCI Header DW PNPHDR ; pointer to PnP Expansion Header PCIHDR: DB 'PCIR' ; PCI data structure signature DW VENDOR_ID ; vendor ID (must match real PCI device) DW DEVICE_ID ; device ID (must match real PCI device) DW 0 ; pointer to vital product data (0=none) DW 24 ; PCI data structure length [B] DB 0 ; PCI data structure revision (0=PCI 2.1) DB 2,0,0 ; PCI device class code (2=network ctrlr,0=eth.) DW ROM_SIZE_IN_BLOCK ; ROM size in 512B blocks DW 0 ; revision level of code DB 0 ; code type (0=x86 compitable) DB 80h ; last image indicator DW 0 ; reserved PNPHDR: DB '$PnP' ; PnP data structure signature DB 1 ; PnP structure revision DB 2 ; PnP structure length (in 16B blocks) DW 0 ; offset to next header (0-none) DB 0 ; reserved DB 33h ; PnP structure checksum DD 0 ; device identifier DW 0 ; pointer to manufacturer string DW 0 ; pointer to productname string DB 2,0,0 ; device class code (2=network ctrlr,0=eth.) DB 64h ; device indicators (64h - shadowable,cacheable,not ; only for boot,IPL device) DW 0 ; boot connection vector (0-none) DW 0 ; disconnect vector (0-none) DW 0 ; bootstrap entry vector (0-none) DW 0 ; reserved DW 0 ; static resource info vector (0-none) MAIN: pushfd push eax push ebx push bx push dx push si push ds push bp mov eax,08000C28Ch ; copy register address DRAM Timing High mov ebx,000000300h ; copy register data for 200Mhz 15.6usec mov dx,0CF8h ; set port address out dx,eax ; send address through the port mov dx,0CFCh ; set port data in eax,dx and eax,0FFFFE0FFh ; set data in eax or eax,ebx ; increase data out dx,eax ; send data through port data mov eax,08000C294h ; copy register address DRAM Config High mov ebx,000000007h ; copy register data for Async Latency 7nsec mov dx,0CF8h ; set port address out dx,eax ; send address through the port mov dx,0CFCh ; set port data in eax,dx and eax,0FFFFFFF0h ; set data in eax or eax,ebx ; increase data out dx,eax ; send data through port data pop bp pop ds pop si pop dx pop bx pop ebx pop eax popfd retf ; return far to system bios routine times (ROM_SIZE_IN_BYTE-$) db 0 ; use 00h as the padding bytes until we reach the ROM size ; The last byte (512th) will be the patch_byte for the checksum ; patch_byte is calculated and automagically inserted below PREV_CHKSUM = 0 repeat $ load CHKSUM byte from %-1 CHKSUM = (PREV_CHKSUM + CHKSUM) mod 0x100 PREV_CHKSUM = CHKSUM end repeat store byte (0x100 - CHKSUM) at ($-1) ; store the patch_byte ROMEnd: I try to replace MAIN code to reflect what I need but all I get when power up laptop ,after first bios screen is just a blinking cursor. retf must redirect to bios but don't know why is freezing. That's why I need to see where is freezing. First to display some text then execute main code then display some text after that go to retf. Thanks. |
|||
21 Feb 2010, 19:05 |
|
Dex4u 21 Feb 2010, 20:56
Try realmode
Code: push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'1' pop ax pop es ;some code push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'2' pop ax pop es ;some code push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'3' pop ax pop es ;some code Or Pmode Code: mov byte [es:0xB809E], "1" ;some code mov byte [es:0xB809E], "2" ;some code mov byte [es:0xB809E], "3" ;some code This will print 1 2 3 etc... |
|||
21 Feb 2010, 20:56 |
|
gabiz_ro 21 Feb 2010, 23:10
I tried realmode.Now is freezeng with a blinking cursor in upper left corner and 3 in upper righ corner.
Looks like retf don't return to bios. But if I insert other module (pxe boot ) then startup procedure continue so bios can handle normal pci option rom,this custom built pci rom work for others. Is there other method to exit and return to bios? Here is code used in sample pci option rom. Code: MAIN: push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'1' pop ax pop es ;------------------------------------------------------------------------------------------------ pushfd push eax push ebx push bx push dx push si push ds push bp mov eax,8000fa90h mov ebx,10150040h mov dx,0CF8h out dx,eax mov dx,0CFCh in eax,dx and eax,0FFFFFFFFh or eax,ebx out dx,eax pop bp pop ds pop si pop dx pop bx pop ebx pop eax popfd ;------------------------------------------------------------------------------------------------ push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'2' pop ax pop es ;---------------------------------------------------------------------------------------------- pushfd push eax push ebx push bx push dx push si push ds push bp mov eax,08000fa08h mov ebx,001060102h mov dx,0CF8h out dx,eax mov dx,0CFCh in eax,dx and eax,0FFFFFFFFh or eax,ebx out dx,eax pop bp pop ds pop si pop dx pop bx pop ebx pop eax popfd ;----------------------------------------------------------------------------------------------- push es push ax mov ax,0xB800 mov es,ax mov byte[es:0x9C],'3' pop ax pop es ;------------------------------------------------------------------------------------------------ retf ; return far to system bios routine |
|||
21 Feb 2010, 23:10 |
|
baldr 22 Feb 2010, 14:33
gabiz_ro,
You've mentioned notebook, so it's ICH7-M, b0:d31:f2 is SATA controller, 90h is MAP — Address Map Register. Your code ors previous value with 40h, so IDE mode becomes AHCI mode, and RAID mode becomes Reserved. Was that intended? To be sure that you're returning to BIOS, you may dump 16:16 return address on entry and before exit. Stack seems to be balanced (yet it's usage is horrible — remember, initialization works in very tight resource conditions). |
|||
22 Feb 2010, 14:33 |
|
Dex4u 22 Feb 2010, 16:03
What happens when you use this
Code: pushf push ax push bx push dx push si push ds push bp pop bp pop ds pop si pop dx pop bx pop ax popf |
|||
22 Feb 2010, 16:03 |
|
gabiz_ro 22 Feb 2010, 17:17
@ baldr
Yes that was my intention,to enable AHCI.I know there must be others values who need adjsutements but that's next step after I make this work. I'm not a experienced user,can you explain in detail how to do this? "To be sure that you're returning to BIOS, you may dump 16:16 return address on entry and before exit." @Dex4u Few days ago I've tried to put only push's and pop's with empty code between and result was just a blinking cursor. P.S. Notebook is a Dell Inspiron 9400 Later edit I used int 0x18 instead of retf and now is working,but now ar offset 90 I have value 42. If I change and eax,FFFFFFFFh with and eax,00000000h will this clear register and write my new value? |
|||
22 Feb 2010, 17:17 |
|
gabiz_ro 22 Feb 2010, 23:39
I can write few pci register ,even at offset 90 but especially bit 1 can't write.
Normal value of offset 90-93 is 00150002 if I try to write 10150040 value I get in the end 10150042. What can I do? Code: mov eax,8000fa90h mov ebx,10150040h mov dx,0CF8h out dx,eax mov dx,0CFCh in eax,dx and eax,0FFFFFFFFh or eax,ebx out dx,eax Last edited by gabiz_ro on 07 Mar 2010, 13:40; edited 1 time in total |
|||
22 Feb 2010, 23:39 |
|
gabiz_ro 27 Feb 2010, 11:22
I finally managed to write almost all pci registers,but i'm still having problems.
no hdd find at boot stage. can't boot from hdd,booting from usb even grub don't see my hdd. but if I boot into any linux distro I can see my hdd and get access to them,and is in AHCI mode, because hw id is changed. (ich7 change hw id,in ide compatible mode is 8086:27c4 in ahci mode is 8086:27c5). PCI register looks fine in my opinion,guided from ICH7 datasheet. Someone on notebookrewiev forums tells me bios don't support int13 functions. But maybe I just need to reinitialize hdd controller or maybe ich7 sata controller. Can somebody assist me? |
|||
27 Feb 2010, 11:22 |
|
baldr 27 Feb 2010, 16:57
gabiz_ro,
02h and 0FFh == 02h 02h or 40h == 42h This is invalid combination of MV (MAP[0:1]) and SMS (MAP[7:6]). Probably you've meant 02h and 3Ch or 40h == 40h? MV (Map Value) controls whether SATA ports are accessed via IDE or AHCI/RAID controller (I/O or memory address space). Only when it is 0 (not combined) SATA works in native mode (i.e. you can use SMS to select AHCI or RAID mode). Definitely there is more than that to switch controller mode. And you should provide int 13h functions regarding HDD access after the mode switch: BIOS still expects controller to be in previous mode (be it IDE or RAID). Some reverse engineering could probably provide you with method to force BIOS to switch mode itself (make/model/BIOS rev. specific: find the routine that executes when AHCI mode is set in NVRAM, then copy it to your code or execute in-place). Then the question arises: if your BIOS supports AHCI, why all this mess? |
|||
27 Feb 2010, 16:57 |
|
gabiz_ro 28 Feb 2010, 18:00
That was in early steps when can't write pci registers.
Now is ok MV is 0 offset 90 is 40 ,ABAR is set ,corectly I hope. Now is int 13h problems,like you say. Reverse engineering is below my knowledge for now. Bios is Dell one,proprietary bios,and doesn't allow me to switch from emulated ide to sata. |
|||
28 Feb 2010, 18:00 |
|
baldr 01 Mar 2010, 22:36
gabiz_ro,
Then stick with legacy mode. The only drawback, as I perceive, is that you have to access AHCI registers via [BAR]+10/14. Outline your problem. What are you trying to achieve? |
|||
01 Mar 2010, 22:36 |
|
gabiz_ro 02 Mar 2010, 16:40
I'm trying to enable real sata support on my dell inspiron since in normal mode that is not possible.There is no option in bios for that.
|
|||
02 Mar 2010, 16:40 |
|
gabiz_ro 07 Mar 2010, 13:54
How can I make bios redetect fixed disk in sata mode?
Is needed update of fixed disk table? At this moment bios is reporting disk as is was detected in legacy mode and can't boot from disk. Is there any bootloader which can detect disk in that case? Booting linux is fine,disk is detected and could be accessed.Pci registers are ok,ABAR is set,controller enabled. |
|||
07 Mar 2010, 13:54 |
|
Howesr1@yahoo.com 28 Apr 2011, 17:44
Hello gabiz_ro
I was wondering if you found a solution to this problem. I am trying to read sectors off a harddrive and copy them to ram and all int13 calls return carry flag set, which indicates an error. were you able to detect the HD? If I can detect the sata hard drive I can proceed. |
|||
28 Apr 2011, 17:44 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.