flat assembler
Message board for the users of flat assembler.

Index > Main > solved -write pci registers,need help with INT13 detect disk

Author
Thread Post new topic Reply to topic
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 20 Feb 2010, 20:44
Hello
I want to make some modifications to some pci registers,this can be done by building a custom pci expansion rom.I have a sample code,I need just to insert real code part.
What I don't know how to write such code.
Who can help me?
How must be write values as hex value or as word hex value?
It's about ICH7M southbridge
pci adress is 8000faXX and xx is offset.
At offset 90 I want to write value 40
I try this code
Code:
   pushad
      pushfd

  mov eax,08000FA90h              ; copy register address
     mov ebx,000000040h              ; copy new register data 
   mov dx,0CF8h                    ; set port address
  out dx,eax                      ; send address through the port
     mov dx,0CFCh                    ; set port data
     in eax,dx                       ; fetch data
        and eax,0FFFFFFB0h              ; set data in eax (B0h = 10110000b)
 or eax,ebx                      ; increase data by 40h
      out dx,eax                      ; send data through port data

   popfd
       popad

    


but notebook freeze after bios initialization with a blinking cursor.
Also I want to see where it get stuck so will be easy if first display some text then write value to pci register then display some other text then return to bios.
In that way I can find where is freezing.

Can somebody help me?


Last edited by gabiz_ro on 07 Mar 2010, 13:46; edited 1 time in total
Post 20 Feb 2010, 20:44
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 21 Feb 2010, 11:55
gabiz_ro,

Are there any troubles writing to physical 0xB8000?
Post 21 Feb 2010, 11:55
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 21 Feb 2010, 15:25
I don't understand.
How will look 0xB8000? isn't that video memory?
Post 21 Feb 2010, 15:25
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 21 Feb 2010, 17:23
gabiz_ro,

Yes, I'm talking about debug output.
Post 21 Feb 2010, 17:23
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 21 Feb 2010, 19:05
I want to buil a custom PCI option rom to insert it into bios.
Here is a sample code,used by others to do some patch at memory timings.
Code:
;---------------------------------------------------------------------------------
;---------------------------PCI ROM Header----------------------------------------
;---------------------------------------------------------------------------------

        ROM_SIZE_IN_BLOCK = 1           ; 1 means ROM size is 1 block (512 bytes)
        ROM_SIZE_IN_BYTE = ROM_SIZE_IN_BLOCK * 512

        VENDOR_ID       equ 10DEh       ; PCI Vendor ID (must match your ethernet vendor id)
                                        ; exp: 10DE = nVidia
        DEVICE_ID       equ 0057h       ; PCI Device ID (must match your ethernet devicie id)
                                        ; exp: 0057h = nforce4 CK804 NIC

ROMStart:
        db 0x055, 0x0AA                 ; ROM Header 55,AA -> Bootable rom
        db (ROMEnd - ROMStart)/512      ; ROM Size in 512byte
        jmp MAIN

        db      0                       ; checksum, to be filled in later
        TIMES   18h-($-$$) DB 0         ; padding zeros to offset 18h
        DW      PCIHDR                  ; pointer to PCI Header
        DW      PNPHDR                  ; pointer to PnP Expansion Header

PCIHDR: DB      'PCIR'                  ; PCI data structure signature
        DW      VENDOR_ID               ; vendor ID                     (must match real PCI device)
        DW      DEVICE_ID               ; device ID                     (must match real PCI device)
        DW      0                       ; pointer to vital product data (0=none)
        DW      24                      ; PCI data structure length     [B]
        DB      0                       ; PCI data structure revision   (0=PCI 2.1)
        DB      2,0,0                   ; PCI device class code         (2=network ctrlr,0=eth.)
        DW      ROM_SIZE_IN_BLOCK       ; ROM size in 512B blocks
        DW      0                       ; revision level of code
        DB      0                       ; code type                     (0=x86 compitable)
        DB      80h                     ; last image indicator
        DW      0                       ; reserved

PNPHDR: DB      '$PnP'                  ; PnP data structure signature
        DB      1                       ; PnP structure revision
        DB      2                       ; PnP structure length          (in 16B blocks)
        DW      0                       ; offset to next header         (0-none)
        DB      0                       ; reserved
        DB      33h                     ; PnP structure checksum
        DD      0                       ; device identifier
        DW      0                       ; pointer to manufacturer string
        DW      0                       ; pointer to productname string
        DB      2,0,0                   ; device class code    (2=network ctrlr,0=eth.)
        DB      64h                     ; device indicators (64h - shadowable,cacheable,not 
                                        ; only for boot,IPL device)
        DW      0                       ; boot connection vector        (0-none)
        DW      0                       ; disconnect vector             (0-none)
        DW      0                       ; bootstrap entry vector        (0-none)
        DW      0                       ; reserved
        DW      0                       ; static resource info vector   (0-none)



MAIN:
        pushfd
        push    eax
        push    ebx
        push    bx
        push    dx
        push    si
        push    ds
        push    bp

        mov eax,08000C28Ch              ; copy register address DRAM Timing High
        mov ebx,000000300h              ; copy register data for 200Mhz 15.6usec
        mov dx,0CF8h                    ; set port address
        out dx,eax                      ; send address through the port
        mov dx,0CFCh                    ; set port data
        in eax,dx
        and eax,0FFFFE0FFh              ; set data in eax
        or eax,ebx                      ; increase data
        out dx,eax                      ; send data through port data
 
        mov eax,08000C294h              ; copy register address DRAM Config High
        mov ebx,000000007h              ; copy register data for Async Latency 7nsec
        mov dx,0CF8h                    ; set port address
        out dx,eax                      ; send address through the port
        mov dx,0CFCh                    ; set port data
        in eax,dx
        and eax,0FFFFFFF0h              ; set data in eax
        or eax,ebx                      ; increase data
        out dx,eax                      ; send data through port data

        pop bp
        pop ds
        pop si
        pop dx
        pop bx
        pop ebx
        pop eax
        popfd
        retf                            ; return far to system bios routine

        times (ROM_SIZE_IN_BYTE-$) db 0 ; use 00h as the padding bytes until we reach the ROM size

        ; The last byte (512th) will be the patch_byte for the checksum
        ; patch_byte is calculated and automagically inserted below
        PREV_CHKSUM = 0
        repeat $
        load CHKSUM byte from %-1
        CHKSUM = (PREV_CHKSUM + CHKSUM) mod 0x100
        PREV_CHKSUM = CHKSUM
        end repeat
        store byte (0x100 - CHKSUM) at ($-1)  ; store the patch_byte
ROMEnd:     


I try to replace MAIN code to reflect what I need but all I get when power up laptop ,after first bios screen is just a blinking cursor.

retf must redirect to bios but don't know why is freezing.
That's why I need to see where is freezing.
First to display some text then execute main code then display some text after that go to retf.
Thanks.
Post 21 Feb 2010, 19:05
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u 21 Feb 2010, 20:56
Try realmode
Code:
        push es
        push ax
       mov ax,0xB800
       mov es,ax
        mov byte[es:0x9C],'1'
        pop ax
        pop es
;some code
        push es
        push ax
    mov ax,0xB800
       mov es,ax
        mov byte[es:0x9C],'2'
        pop ax
        pop es
;some code
        push es
        push ax
    mov ax,0xB800
       mov es,ax
        mov byte[es:0x9C],'3'
        pop ax
        pop es
;some code
    

Or Pmode
Code:
       mov byte [es:0xB809E], "1"
;some code
      mov byte [es:0xB809E], "2"
;some code
      mov byte [es:0xB809E], "3"
;some code
    

This will print 1 2 3 etc...
Post 21 Feb 2010, 20:56
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 21 Feb 2010, 23:10
I tried realmode.Now is freezeng with a blinking cursor in upper left corner and 3 in upper righ corner.
Looks like retf don't return to bios.
But if I insert other module (pxe boot ) then startup procedure continue so bios can handle normal pci option rom,this custom built pci rom work for others.
Is there other method to exit and return to bios?
Here is code used in sample pci option rom.
Code:
MAIN:
  
    push es
     push ax
     mov ax,0xB800
       mov es,ax
   mov byte[es:0x9C],'1'
 pop ax
      pop es 

;------------------------------------------------------------------------------------------------

        pushfd
      push    eax
 push    ebx
 push    bx
  push    dx
  push    si
  push    ds
  push    bp

      mov eax,8000fa90h              
     mov ebx,10150040h              
     mov dx,0CF8h                   
     out dx,eax                    
      mov dx,0CFCh                  
      in eax,dx
   and eax,0FFFFFFFFh          
        or eax,ebx                    
      out dx,eax                    

  pop bp
      pop ds
      pop si
      pop dx
      pop bx
      pop ebx
     pop eax
     popfd
;------------------------------------------------------------------------------------------------
  push es
     push ax
     mov ax,0xB800
       mov es,ax
   mov byte[es:0x9C],'2'
 pop ax
      pop es 

;---------------------------------------------------------------------------------------------- 

 pushfd
      push    eax
 push    ebx
 push    bx
  push    dx
  push    si
  push    ds
  push    bp

      mov eax,08000fa08h              
    mov ebx,001060102h             
     mov dx,0CF8h                   
     out dx,eax                    
      mov dx,0CFCh                 
       in eax,dx
   and eax,0FFFFFFFFh          
        or eax,ebx                     
     out dx,eax                    

  pop bp
      pop ds
      pop si
      pop dx
      pop bx
      pop ebx
     pop eax
     popfd
;-----------------------------------------------------------------------------------------------
   
    push es
     push ax
     mov ax,0xB800
       mov es,ax
   mov byte[es:0x9C],'3'
 pop ax
      pop es 



;------------------------------------------------------------------------------------------------


    retf                            ; return far to system bios routine    
Post 21 Feb 2010, 23:10
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 22 Feb 2010, 14:33
gabiz_ro,

You've mentioned notebook, so it's ICH7-M, b0:d31:f2 is SATA controller, 90h is MAP — Address Map Register.
Your code ors previous value with 40h, so IDE mode becomes AHCI mode, and RAID mode becomes Reserved. Was that intended?

To be sure that you're returning to BIOS, you may dump 16:16 return address on entry and before exit. Stack seems to be balanced (yet it's usage is horrible — remember, initialization works in very tight resource conditions).
Post 22 Feb 2010, 14:33
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u 22 Feb 2010, 16:03
What happens when you use this
Code:
  pushf
       push ax
     push bx
     push dx
     push si
     push ds
     push bp



 pop bp
      pop ds
      pop si
      pop dx
      pop bx
      pop ax
      popf
    
Post 22 Feb 2010, 16:03
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 22 Feb 2010, 17:17
@ baldr
Yes that was my intention,to enable AHCI.I know there must be others values who need adjsutements but that's next step after I make this work.
I'm not a experienced user,can you explain in detail how to do this?
"To be sure that you're returning to BIOS, you may dump 16:16 return address on entry and before exit."


@Dex4u
Few days ago I've tried to put only push's and pop's with empty code between and result was just a blinking cursor.

P.S. Notebook is a Dell Inspiron 9400

Later edit
I used int 0x18 instead of retf and now is working,but now ar offset 90 I have value 42.
If I change
and eax,FFFFFFFFh
with
and eax,00000000h
will this clear register and write my new value?
Post 22 Feb 2010, 17:17
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 22 Feb 2010, 23:39
I can write few pci register ,even at offset 90 but especially bit 1 can't write.
Normal value of offset 90-93 is 00150002 if I try to write 10150040 value I get in the end 10150042.
What can I do?
Code:
 mov eax,8000fa90h              
     mov ebx,10150040h              
     mov dx,0CF8h                   
     out dx,eax                    
      mov dx,0CFCh                  
      in eax,dx
   and eax,0FFFFFFFFh          
        or eax,ebx                    
      out dx,eax                    
    


Last edited by gabiz_ro on 07 Mar 2010, 13:40; edited 1 time in total
Post 22 Feb 2010, 23:39
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 27 Feb 2010, 11:22
I finally managed to write almost all pci registers,but i'm still having problems.
no hdd find at boot stage.
can't boot from hdd,booting from usb even grub don't see my hdd.
but if I boot into any linux distro I can see my hdd and get access to them,and is in AHCI mode, because hw id is changed. (ich7 change hw id,in ide compatible mode is 8086:27c4 in ahci mode is 8086:27c5).
PCI register looks fine in my opinion,guided from ICH7 datasheet.
Someone on notebookrewiev forums tells me bios don't support int13 functions.
But maybe I just need to reinitialize hdd controller or maybe ich7 sata controller.
Can somebody assist me?
Post 27 Feb 2010, 11:22
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 27 Feb 2010, 16:57
gabiz_ro,

02h and 0FFh == 02h
02h or 40h == 42h

This is invalid combination of MV (MAP[0:1]) and SMS (MAP[7:6]). Probably you've meant 02h and 3Ch or 40h == 40h?

MV (Map Value) controls whether SATA ports are accessed via IDE or AHCI/RAID controller (I/O or memory address space). Only when it is 0 (not combined) SATA works in native mode (i.e. you can use SMS to select AHCI or RAID mode).

Definitely there is more than that to switch controller mode. And you should provide int 13h functions regarding HDD access after the mode switch: BIOS still expects controller to be in previous mode (be it IDE or RAID).

Some reverse engineering could probably provide you with method to force BIOS to switch mode itself (make/model/BIOS rev. specific: find the routine that executes when AHCI mode is set in NVRAM, then copy it to your code or execute in-place).

Then the question arises: if your BIOS supports AHCI, why all this mess?
Post 27 Feb 2010, 16:57
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 28 Feb 2010, 18:00
That was in early steps when can't write pci registers.
Now is ok MV is 0 offset 90 is 40 ,ABAR is set ,corectly I hope.
Now is int 13h problems,like you say.
Reverse engineering is below my knowledge for now.
Bios is Dell one,proprietary bios,and doesn't allow me to switch from emulated ide to sata.
Post 28 Feb 2010, 18:00
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 01 Mar 2010, 22:36
gabiz_ro,

Then stick with legacy mode. The only drawback, as I perceive, is that you have to access AHCI registers via [BAR]+10/14.

Outline your problem. What are you trying to achieve?
Post 01 Mar 2010, 22:36
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 02 Mar 2010, 16:40
I'm trying to enable real sata support on my dell inspiron since in normal mode that is not possible.There is no option in bios for that.
Post 02 Mar 2010, 16:40
View user's profile Send private message Reply with quote
gabiz_ro



Joined: 20 Feb 2010
Posts: 66
gabiz_ro 07 Mar 2010, 13:54
How can I make bios redetect fixed disk in sata mode?
Is needed update of fixed disk table?
At this moment bios is reporting disk as is was detected in legacy mode and can't boot from disk.
Is there any bootloader which can detect disk in that case?
Booting linux is fine,disk is detected and could be accessed.Pci registers are ok,ABAR is set,controller enabled.
Post 07 Mar 2010, 13:54
View user's profile Send private message Reply with quote
Howesr1@yahoo.com



Joined: 28 Apr 2011
Posts: 13
Location: Las Vegas, NV
Howesr1@yahoo.com 28 Apr 2011, 17:44
Hello gabiz_ro
I was wondering if you found a solution to this problem. I am trying to read sectors off a harddrive and copy them to ram and all int13 calls return carry flag set, which indicates an error. were you able to detect the HD? If I can detect the sata hard drive I can proceed.
Post 28 Apr 2011, 17:44
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.