flat assembler
Message board for the users of flat assembler.

Index > Main > entering SMM

Author
Thread Post new topic Reply to topic
b1528932



Joined: 21 May 2010
Posts: 287
b1528932 19 Jul 2010, 15:05
i have questions about smm mode.

where does its code is?
ive read thats in other memory, not avaiable for normal physical memory code.

i can enter it by triggering some io port, and cpu will execute handler, and return control.


how do i gain any control over it?

can i have really simple example in fasm?
i want to only set ax to some value, and read/write physical memory from locaiton.
Post 19 Jul 2010, 15:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20458
Location: In your JS exploiting you and your system
revolution 19 Jul 2010, 15:13
There is some SMM related posts and code already on this board.
Post 19 Jul 2010, 15:13
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 19 Jul 2010, 16:30
Once SMM mode is setup, access to it is locked - so once BIOS initialization has done it's job, you can't mess around with it.
Post 19 Jul 2010, 16:30
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20458
Location: In your JS exploiting you and your system
revolution 19 Jul 2010, 17:30
Some mobos allow access to the memory. A few special I/O port writes and it unlocks. IIRC bitRAKE posted some info a few years ago.
Post 19 Jul 2010, 17:30
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 19 Jul 2010, 19:00
f0dder,

I've just looked into SMRAMC register (B:D:F==0:0:0, reg. 9Dh) of my 82865PE MCH, it contains 0Ah, i.e. SMRAMC.D_LCK==0 (bit 4 locks SMM space if set). It means that I probably can use SMRAMC.D_OPEN bit to access SMRAM in 0A0000h…0BFFFFh range (SMRAMC.C_BASE_SEG, bits 2…0 of SMRAMC, are hardwired to 010b) right now (though I'm not ready for this yet Wink).
Post 19 Jul 2010, 19:00
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 19 Jul 2010, 19:09
baldr: interesting - I thought BIOSes would be locking access to SMM after initialization. I wonder how often it's left unlocked?
Post 19 Jul 2010, 19:09
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 19 Jul 2010, 21:39
f0dder,

Well, it's easy to check: get datasheet for your north bridge and use something like WPCREdit. My boxes (845G, 865PE and P965, all Gigabyte, latest BIOS) have this bit cleared. Plenty of room to experiment. Wink
Post 19 Jul 2010, 21:39
View user's profile Send private message Reply with quote
chaoscode



Joined: 21 Nov 2006
Posts: 64
chaoscode 20 Jul 2010, 16:41
well, there is the possebility to suppress a access to SMM,
for example to be safe against Rootkits. but it is Bios dependent whether it is set or not...(and maybe a Windows driver sets it.)
Post 20 Jul 2010, 16:41
View user's profile Send private message ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 20 Jul 2010, 18:00
Theory says BIOSes should lock access to SMRAM once set up, but I've read no one really did it before 2006 and I wouldn't wonder if many still wouldn't do it now.
Post 20 Jul 2010, 18:00
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 20 Jul 2010, 21:00
to enter SMM, an external pin of the CPU should be activated.
i don't remember wich one, but i am sure of it.
exactlly as A20 is activated via the chipset (the chipset is responsible of all the effects of CPU buses (data bus, address bus and control bus).
the only equipment on the mother board who have access to the pins of the CPU are the chipset and the power supply.

then, the pin for smm is connected to the chipset, and it is the chipset that will fire this pin under some conditions depending on the specs.
Post 20 Jul 2010, 21:00
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 20 Jul 2010, 23:15
edfed: it is possible to trigger SMM by write to an I/O port (good-old OUT instruction)
Post 20 Jul 2010, 23:15
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.