flat assembler
Message board for the users of flat assembler.

Index > Main > accessing bios memory

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
ive tried finding strings from my bios ('exit and discard', 'password', 'multipler', etc) in memory dump taken from /device/physicalmemory section.

didnt found all of them, only some, displayed at boot time.
i didnt found any of it (that blue screen with yellow letters and red cursor).

i belive this memoy isnt in address space, just like cmos.

how do i access bios.


second question is why i cant map 0x4000 and 0x5000 from /device/physicalmemory section? im getting invalid address error.
Post 01 Aug 2010, 16:44
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Could it be that the BIOS is compressed?
Post 02 Aug 2010, 15:07
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
are you sure /device/physicalmemory maps ROM? For example linux's memory device doesn't.

At what physical address are you looking for BIOS code?
Post 02 Aug 2010, 19:18
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
vid wrote:
are you sure /device/physicalmemory maps ROM? For example linux's memory device doesn't.

At what physical address are you looking for BIOS code?


i have dumped all memory.
perhaps memory containing it was swapped out, but somehow i dont think so.

bios should be in lowest 1mb of memory, so real mode programs could access it.

something is there, but not all.


my question is if bios code reside in normal address space, or somewere else and what i see on screen is just dma.
Post 03 Aug 2010, 00:09
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 465
Location: Czech republic, Slovak republic
Feryno
bios typically holds more packed modules (setup, ACPI tables, RAID, LAN diagnostic ...)
if you press the setup key during boot, then module for bios setup is unpacked and executed
extract the binary of bios from eeprom or download the bios file from intrernet and unpack what do you need - look for tools for extracting modules and unpacking them
usually most of bios parts are compressed and only small part of bios isn't
strings you are looking for seem to be part of bios setup so you can't find them in RAM (they are in memory only during executing bios setup)
newer systems use UEFI instead of BIOS
Post 03 Aug 2010, 05:51
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
Feryno wrote:
bios typically holds more packed modules (setup, ACPI tables, RAID, LAN diagnostic ...)
if you press the setup key during boot, then module for bios setup is unpacked and executed
extract the binary of bios from eeprom or download the bios file from intrernet and unpack what do you need - look for tools for extracting modules and unpacking them
usually most of bios parts are compressed and only small part of bios isn't
strings you are looking for seem to be part of bios setup so you can't find them in RAM (they are in memory only during executing bios setup)
newer systems use UEFI instead of BIOS



you are still not answering my question. you go to details, when i need basics.

my question was is the bios code mapped into physical address space?
and if it is not, how can i access it, if i can.
Post 03 Aug 2010, 09:00
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 713
Location: Adelaide
sinsi
Feryno answered you.

>is the bios code mapped into physical address space
All of it is when you use the BIOS setup, then most of it is unmapped (being useless for normal use), leaving the usual 64/128KB.

>and if it is not, how can i access it, if i can.
Get the BIOS update from the board maker which contains the whole 256/512KB ROM.

How many accounts are you going to make here, once you start saying "answer my question" we know who you are
Post 03 Aug 2010, 09:15
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
b1528932 wrote:
i have dumped all memory.

Are you sure "all memory" mapped by "/Device/PhysicalMemory" includes ROM modules?

Quote:
bios should be in lowest 1mb of memory, so real mode programs could access it.

Nay. ROM BIOS code is mapped at top of physical address space (eg. FFF00000-FFFFFFFF with 1MB ROM on 32-bit machine).

Parts of BIOS ROM code are copied to lower 1 MB during boot, but not all of BIOS code, and not all of this code survives until boot time.

IIRC someone at this forum advised me to use this utility to grab BIOS code, and it worked.


Last edited by vid on 03 Aug 2010, 09:21; edited 1 time in total
Post 03 Aug 2010, 09:17
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
b1528932 wrote:
you are still not answering my question. you go to details, when i need basics.
Hehe, way to go. Good skillz at saying thanks for your efforts.
b1528932 wrote:
my question was is the bios code mapped into physical address space?
Answer: Yes. Of course. Else your computer will never boot.
b1528932 wrote:
and if it is not, how can i access it, if i can.
Grab a boot sector (there are lots of them on this board) and read whatever memory you want from RM.
Post 03 Aug 2010, 09:19
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
Get the BIOS update from the board maker which contains the whole 256/512KB ROM.

For example with my Intel UEFI board, the BIOS update image was in a custom (packed?) format and I failed to extract it.
Post 03 Aug 2010, 09:19
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
sinsi wrote:
How many accounts are you going to make here, once you start saying "answer my question" we know who you are
I know who you are thinking of, but this is not the same person. Just another of similar personality and traits.
Post 03 Aug 2010, 09:23
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 713
Location: Adelaide
sinsi
>I know who you are thinking of, but this is not the same person. Just another of similar personality and traits.
Ah, a family member then...Sad
Post 03 Aug 2010, 09:41
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
Quote:
Answer: Yes. Of course. Else your computer will never boot.

yes thank you.
this answers my question.

now i can start searching for it when i know where it is.

why you think pc woulnt boot if bios wouldnt be mapped into physical memory?
just it wouldnt be executed by cpu, just in/out instruction that would turn off cpu and start executing on other chip on mobo, wich would have access to video card via dma, and its own memory, and ofc CMOS to get config.
Post 03 Aug 2010, 11:44
View user's profile Send private message Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Quote:
my question was is the bios code mapped into physical address space?
and if it is not, how can i access it, if i can.

I answered already in the heap forums, each FWH (Firmware Hub flash ROM or EEPROM) behaves differently, you need the datasheet of your chip.
This is an example for the popular Intel 82802 FWH:
Code:

 MOV     ESI,0FFFF0000H          ; Intel Firmware Hubs Address
       MOV     AL,-1                   ; AL = Command - Reset/Read Array
   MOV     [ESI],AL
    

After you have initialized the chip with this code you can access individual memory banks (64Kb) providing the address and read the contents, but this is only for Intel 82802.
Note that you must check first if the banks are blocked read or write
Example:
Code:
     MOV     ESI,0FFBF0002H          ; Top Block Lock Register
   MOV     AL,[ESI]
    TEST    AL,100B                 ; Read Lock ?
       JNZ     @Locked
    

Have Fun With Bios....
I wrote a tool to erase Bios on many chip if you want try let me know Razz

_________________
Nil Volentibus Arduum Razz
Post 03 Aug 2010, 11:49
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
b1528932 wrote:
Quote:
Answer: Yes. Of course. Else your computer will never boot.

yes thank you.
this answers my question.

now i can start searching for it when i know where it is.

I already told you where it is.

Quote:
why you think pc woulnt boot if bios wouldnt be mapped into physical memory?

What code would be executed then?

Quote:
just it wouldnt be executed by cpu, just in/out instruction that would turn off cpu and start executing on other chip on mobo, wich would have access to video card via dma, and its own memory, and ofc CMOS to get config.

1. Where would the processor fetch that in/out instruction from?
2. What would be purpose of all this?
Post 03 Aug 2010, 12:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
b1528932 wrote:
ive tried finding strings from my bios
Which BIOS / mainboard is this?

vid wrote:
For example with my Intel UEFI board, the BIOS update image was in a custom (packed?) format and I failed to extract it.
I remember you working on EFI code, shame you never got to the bottom of it. It would have been interesting to see what you made of it.

DJ Mauretto wrote:
I wrote a tool to erase Bios on many chip if you want try let me know Razz
Please, I'd be very interested to try something like that. Smile
Post 04 Aug 2010, 15:06
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
I remember you working on EFI code, shame you never got to the bottom of it. It would have been interesting to see what you made of it.

I pretty much got over PEI (Pre-EFI Initialization) phase, wrote some helper tools to extract PEI modules and some heuristics helping a good deal in disasming them, and that's where I stopped.
Post 04 Aug 2010, 15:10
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
That's cool. Must be awkward though with so much of the BIOS shrouded in secrecy. Not sure why there seems to be so much information that needs to be under NDA such as the BIOS writers guide and then there's probably some more that doesn't come under that either. Sad

Haven't played with the BIOS for a while but have thought it might be cool to write some BIOS code. Nothing too extravagant, simple initializing and debug output maybe. At least I'd get a look at the CPU initial state. Shame my laptop doesn't have a serial port. Do you think this would be fairly easy? Would you have any recommendation for a suitable emulator for BIOS code?

Was hoping DJ would post that BIOS eraser code. If chip erase function can be sent then hopefully the other functions should work too such as sector read/erase/write which could be handy.
Post 09 Aug 2010, 15:21
View user's profile Send private message Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Quote:
Was hoping DJ would post that BIOS eraser code. If chip erase function can be sent then hopefully the other functions should work too such as sector read/erase/write which could be handy.


Note that first you have to know what kind of chip you have installed on your motherboard, then check the datasheet, but usually the various BIOS is protected, you need to go deeper and understand the operation of computers.
Usually the BIOS protection is reduced to 2 bits that you can find in GPIO (General Purpose IN / OUT).
Unfortunately there are stupid people who write viruses and I do not put malicious code on line ....
Have fun Smile

_________________
Nil Volentibus Arduum Razz
Post 09 Aug 2010, 16:14
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Fair enough DJ.

I know the SPI chip and can program it externally but it seems to go through the EC rather than directly to the SB.
Post 09 Aug 2010, 16:29
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.