flat assembler
Message board for the users of flat assembler.
Index
> Main > Option ROM loaded but no boot device added Goto page 1, 2 Next |
Author |
|
DJ Mauretto 01 Aug 2010, 14:42
_________________ Nil Volentibus Arduum |
|||
01 Aug 2010, 14:42 |
|
gabiz_ro 01 Aug 2010, 14:55
Thanks.
I already read it but doesn't light me. |
|||
01 Aug 2010, 14:55 |
|
gabiz_ro 20 Aug 2010, 00:43
In that particular case even if option ROM is loaded by BIOS into BIOS data area (at offset 0475h ) number of detected disk is not increased.
Could BIOS doesn't allow Option ROM to interact with int13 ? Is there any method to check how BIOS initialize option ROM? Since at that moment (during POST) I don't know a way to check this I think only way is to print on screen registers but I don't know how this could affect overall. |
|||
20 Aug 2010, 00:43 |
|
gabiz_ro 22 Aug 2010, 16:33
According to what I read in PnPBIOS datasheet BIOS must make a FAR CALL to a location pointed by PnP header.
BIOS will pass the following parameters when calling the Boot Connection Vector. AX 04h (which vector to hook,in may case INT13) ES:DI Pointer to System BIOS PnP Instalation check structure BX FFFFh (CSN for card,If not ISA PnP device parameter will b FFFFh) DX FFFFh (Read data port,If not ISA PnP device parameter will be FFFFh) Since in my case disks number in BIOS DATA AREA is not increased by option ROM and in disassembly of BCV seems that be done that way I think BIOS is not doing his job corectly. Let's say I build another option ROM and insert into BIOS and choose network as first boot device.Can this make what BIOS doesn't? Is possible to work or such thing is impossible? So can somebody help me with this? Code: mov ax, 04h mov bx, FFFFh mov dx, FFFFh ES:DI pointed to 000FE2D0h CALL FAR 0D000h:1391h ;note this could be wrong due to wrong calc by me or wrong segment:offset Here is some address suplementar info. Code: Begining of ROM Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000CE000 55 AA 24 E9 42 7A 53 49 4C 49 43 4F 4E 20 49 4D Uª$éBzSILICON IM PnP header Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000CF260 00 00 00 00 00 00 00 00 00 00 00 00 24 50 6E 50 ............$PnP 000CF270 01 02 00 00 00 B5 95 10 32 31 06 00 EA 15 01 00 .....µ•.21..ê... 000CF280 00 44 91 33 00 00 00 00 00 00 00 00 24 50 6E 50 .D‘3........$PnP ;000CF282 is BCV 3391h PnP Installation check Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000FE2D0 24 50 6E 50 10 21 01 00 BC B4 04 00 00 F1 E2 00 $PnP.!..¼´...ñâ. Boot connection vector disassembly by IDA seg000:D1391 ; --------------------------------------------------------------- seg000:D1391 mov ax, 0 seg000:D1394 push ds seg000:D1395 pushf seg000:D1396 push bx seg000:D1397 mov bx, ax seg000:D1399 mov ax, 0 seg000:D139C mov ds, ax seg000:D139E cmp large ds:byte_475, 0 seg000:D13A6 jnz short near ptr unk_13AD seg000:D13A8 nop seg000:D13A9 nop seg000:D13AA call loc_D57 seg000:D13AD cmp cs:byte_59, 0 seg000:D13B3 jnz short near ptr unk_13DB seg000:D13B5 nop seg000:D13B6 nop seg000:D13B7 shl bl, 1 seg000:D13B9 call loc_1594 seg000:D13BC call loc_1556 seg000:D13BF mov al, 80h ; 'Ç' seg000:D13C1 add al, large ds:byte_475 seg000:D13C8 mov cs:byte_5E, al seg000:D13CC mov di, cs:[bx+18Ch] seg000:D13D1 mov cs:[di+74h], al seg000:D13D5 call loc_D87 seg000:D13D8 jmp short loc_13F9 seg000:D13D8 ; --------------------------------------------------------------- Maybe I do calc wrong? Boot Connection Vector contain an offset from the start of the option ROM header to a routine that will hook INT13 but if need to be called with one parameter in AX why first instruction in is mov ax, 0 ? I read some about segment addressing but even if in theory I understand how is done but I can't put it in practice.And at ES:DI pointer to PnP instalation check I'm completly lost. |
|||
22 Aug 2010, 16:33 |
|
DJ Mauretto 22 Aug 2010, 17:07
Hello,
I wrote a little tool to help you with option rom.... _________________ Nil Volentibus Arduum |
|||
22 Aug 2010, 17:07 |
|
gabiz_ro 22 Aug 2010, 19:44
Thanks DJ Mauretto
I did some tests and after calling BCV in BIOS data area number of disks increased.but after that computer hangs. can you tell me how to have in ES:DI pointer to 000FE2D0h |
|||
22 Aug 2010, 19:44 |
|
DJ Mauretto 23 Aug 2010, 05:27
Quote: can you tell me how to have in ES:DI pointer to 000FE2D0h Code: MOV AX,0F000H MOV ES,AX MOV DI,0E2D0H ; ES:DI = F000:E2D0 ; Phisical = (F000H*10H)+ E2D0H = FE2D0H You must test your code in Real Mode, do not worry if the first attempts are not successful, you will find the right way _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 05:27 |
|
gabiz_ro 23 Aug 2010, 07:40
First I was using
Code: xor ax, ax mov ax, 0FE00h mov es, ax mov di, 02D0h then Code: mov eax, [es:di] mov ecx, eax and some code to print ecx on screen mov eax, [es:di] could be wrong because before I get 506E5024 and now with yours example same 506E5024. |
|||
23 Aug 2010, 07:40 |
|
DJ Mauretto 23 Aug 2010, 08:02
What are you trying to do?
post the entire code 506E5024 = PnP$ with your code you load in EAX string PnP$, you can print this string in this way: Code: eax = 506E5024 mov cx,0b800h mov fs,cx xor bx,bx @@: mov [fs:bx],al shr eax,8 add bx,2 test eax,eax jnz @b _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 08:02 |
|
gabiz_ro 23 Aug 2010, 15:51
What I'm trying to do.
I'm trying to boot from an PCI express card. On a Dell computer I put one SATA pci express card based on Sil3132. That card have their own bios so called "option ROM" Main BIOS seems to follow standard specifications and load card BIOS,I can enter into card setup,configure drives,setup RAID. But BIOS doesn't allow to boot from this card. I suppose that :BIOS load option ROM but doesn't make all required jobs. One of this jobs is to make a call to Boot Connection Vector with some parameters then option ROM will hook int13 if there are disks connected then update in BIOS data area number of disk available in system Since in my case with or without this option ROM loaded by BIOS I have same value in BDA (BIOS data area) I suppose that BIOS doesn't make a call to BCV From PnP BIOS specifications I read that BIOS need to make a far call to BCV with this parameters in AX bit 2 is 1 for hook int13 others are 0 in ES:DI pointer to PnP installation check Now I;m trying using another option ROM inserted into main BIOS as PXE module and setting network boot first to add this device as bootable one. This is code part,without irelevant part for building option ROM Code: MAIN: pushfd push eax push ebx push ecx push edx push esi push edi push ax push bx push dx push si push ds push bp debug_step1: ;print int13 vector mov ebx,00000000h mov eax, [fs:ebx+4ch] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je debug_step2 ; Handle jne debug_step1 debug_step2: ;print disk number BDA mov ebx,00000000h mov eax, [fs:ebx+474h] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je ccc ; Handle jne debug_step2 ccc: ;set ES:DI to PnP install check mov ax, 0F000h mov es, ax mov di, 0E2D0h debug_step5: ;print ES:DI mov eax, [es:di] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je bbb ; Handle jne debug_step2 bbb: xor ax, ax mov ax, 04h CALL FAR 0D000h:1391h nop debug_step3: ;print int13 vector mov ebx,00000000h mov eax, [fs:ebx+4ch] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je debug_step4 ; Handle jne debug_step3 debug_step4: ;print disk number BDA mov ebx,00000000h mov eax, [fs:ebx+474h] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je zzz ; Handle jne debug_step4 zzz: ;choose exit type retf or int18 mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je ggg ; Handle jne ddd ggg: pop bp pop ds pop si pop dx pop bx pop ax pop edi pop esi pop edx pop ecx pop ebx pop eax popfd retf ddd: pop bp pop ds pop si pop dx pop bx pop ax pop edi pop esi pop edx pop ecx pop ebx pop eax popfd int 0x18 print_hex: ; DX = Row ; AX = Col ; ECX = NUMBER (Assuming 80x25 mode) pushad push es push $B800 pop es imul di, dx, 80 add di, ax shl di, 1 mov edx, ecx mov ecx, 8 mov ah, 7 ; GRAY FONT; BLACK BACKGROUND .writeNibble: rol edx, 4 mov si, dx and si, $F mov al, [cs:.lut+si] stosw loop .writeNibble pop es popad ret .lut db '0123456789ABCDEF' Now I can see in BDA number of disks increased as should be but at finish part if I press enter key for retf computer hangs if I press any other key restarts. Maybe i do something wrong regarding PnP instalation check part. I'll read more about this to check. |
|||
23 Aug 2010, 15:51 |
|
DJ Mauretto 23 Aug 2010, 16:16
Code: pushfd push eax push ebx push ecx push edx push esi push edi push ax push bx push dx push si push ds push bp Code: pushfd pushad push ds ......... your code pop ds popad popfd ret why you return with RETF ? Code:
ggg:
pop bp
pop ds
pop si
pop dx
pop bx
pop ax
pop edi
pop esi
pop edx
pop ecx
pop ebx
pop eax
popfd
retf
Where you take the address Code: CALL FAR 0D000h:1391h _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 16:16 |
|
gabiz_ro 23 Aug 2010, 16:49
How to return?
Isn't retf used in options rom to pass controll back to BIOS? 000CE000h is start of option ROM in PnP header BCV is 91 33 -> 3391 bytes from begining of option ROM Your Option Rom Utility say too Boot Connection...:CE00:3391 CE000+3391=D1391 same thing don;t know if is problematic but since segments could overlap. I'm a newbie so I don;t know much in programming. I did a mistake I think ES:DI pointed to PnP installation check must be something else and I wrong pointed to header of this structure which is signature and in ASCI is $PnP I think ES:DI must contain segment:offset of real mode 16-bit entry point from this structure (this is at offsed 0Dh and 0Fh of this ,according to PNP BIOS specifications) Is that correct? Thanks for help DJ Mauretto! |
|||
23 Aug 2010, 16:49 |
|
DJ Mauretto 23 Aug 2010, 17:15
Use RET instead of RETF, let me know or post your full code,
ES:DI is OK, maybe add also BX = ffff dx = ffff Code: mov ax,0f000h mov es,ax mov di,0e2d0h mov bx,-1 mov dx,-1 mov ax,4 call far 0CE00h:3391h _________________ Nil Volentibus Arduum Last edited by DJ Mauretto on 23 Aug 2010, 17:39; edited 1 time in total |
|||
23 Aug 2010, 17:15 |
|
gabiz_ro 23 Aug 2010, 17:37
This is dummy option ROM which BIOS will load after Sil3132 option ROM.
This is build after your indications. In short time (I need to compress and insert into main BIOS to test) I'll post results. Code: ;--------------------------------------------------------------------------------- ;---------------------------------PCI ROM Header---------------------------------- ROM_SIZE_IN_BLOCK = 16 ; 4 means ROM size is 4 blocks (2024 bytes) ROM_SIZE_IN_BYTE = ROM_SIZE_IN_BLOCK * 512 VENDOR_ID equ 14E4h ; PCI Vendor ID (must match your ethernet vendor id) ; exp: 10ECh = Realtek DEVICE_ID equ 170Ch ; PCI Device ID (must match your ethernet devicie id) ; exp: 8167h = Biostar 965PT NIC ROMStart: db 0x055, 0x0AA ; ROM Header 55,AA -> Bootable rom db (ROMEnd - ROMStart)/512 ; ROM Size in 512byte jmp MAIN db 0 ; checksum, to be filled in later TIMES 18h-($-$$) DB 0 ; padding zeros to offset 18h DW PCIHDR ; pointer to PCI Header DW PNPHDR ; pointer to PnP Expansion Header PCIHDR: DB 'PCIR' ; PCI data structure signature DW VENDOR_ID ; vendor ID (must match real PCI device) DW DEVICE_ID ; device ID (must match real PCI device) DW 0 ; pointer to vital product data (0=none) DW 24 ; PCI data structure length [B] DB 0 ; PCI data structure revision (0=PCI 2.1) DB 2,0,0 ; PCI device class code (2=network ctrlr,0=eth.) DW ROM_SIZE_IN_BLOCK ; ROM size in 512B blocks DW 0 ; revision level of code DB 0 ; code type (0=x86 compitable) DB 80h ; last image indicator DW 0 ; reserved PNPHDR: DB '$PnP' ; PnP data structure signature DB 1 ; PnP structure revision DB 2 ; PnP structure length (in 16B blocks) DW 0 ; offset to next header (0-none) DB 0 ; reserved DB 33h ; PnP structure checksum DD 0 ; device identifier DW 0 ; pointer to manufacturer string DW 0 ; pointer to productname string DB 2,0,0 ; device class code (2=network ctrlr,0=eth.) DB 64h ; device indicators (64h - shadowable,cacheable,not ; only for boot,IPL device) DW 0 ; boot connection vector (0-none) DW 0 ; disconnect vector (0-none) DW 0 ; bootstrap entry vector (0-none) DW 0 ; reserved DW 0 ; static resource info vector (0-none) MAIN: pushfd pushad push ds debug_step1: ;print int13 vector mov ebx,00000000h mov eax, [fs:ebx+4ch] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je debug_step2 ; Handle jne debug_step1 debug_step2: ;print disk number BDA mov ebx,00000000h mov eax, [fs:ebx+474h] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je ccc ; Handle jne debug_step2 ccc: ;set ES:DI to PnP install check mov ax,0f000h mov es,ax mov di,0e2d0h mov bx,-1 mov dx,-1 mov ax,4 call far 0D000h:1391h debug_step3: ;print int13 vector mov ebx,00000000h mov eax, [fs:ebx+4ch] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je debug_step4 ; Handle jne debug_step3 debug_step4: ;print disk number BDA mov ebx,00000000h mov eax, [fs:ebx+474h] mov ecx, eax mov dx, 25/2 mov ax, 80/2 - 8/2 call print_hex mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je zzz ; Handle jne debug_step4 zzz: ;choose exit type retf or int18 mov ah, 00h int 16h ;key press wait cmp al, 0dh ; Enter key je ggg ; Handle jne ddd ggg: pop ds popad popfd ret ddd: pop ds popad popfd int 0x18 print_hex: ; DX = Row ; AX = Col ; ECX = NUMBER (Assuming 80x25 mode) pushad push es push $B800 pop es imul di, dx, 80 add di, ax shl di, 1 mov edx, ecx mov ecx, 8 mov ah, 7 ; GRAY FONT; BLACK BACKGROUND .writeNibble: rol edx, 4 mov si, dx and si, $F mov al, [cs:.lut+si] stosw loop .writeNibble pop es popad ret .lut db '0123456789ABCDEF' ;__________________________________________________________________________________________________________________ times (ROM_SIZE_IN_BYTE-$) db 0 ; use 00h as the padding bytes until we ;reach the ROM size ; The last byte (512th) will be the patch_byte for the checksum ; patch_byte is calculated and automagically inserted below PREV_CHKSUM = 0 repeat $ load CHKSUM byte from %-1 CHKSUM = (PREV_CHKSUM + CHKSUM) mod 0x100 PREV_CHKSUM = CHKSUM end repeat store byte (0x100 - CHKSUM) at ($-1) ; store the patch_byte ROMEnd: |
|||
23 Aug 2010, 17:37 |
|
DJ Mauretto 23 Aug 2010, 18:00
I'm sorry but I did not understand what you do,
the last code that you wrote you must use RETF, ok ... one step at a time. .1 You have written a code to be included in the ROM chip? .2 You want to use a BCV of a ROM not written by you? OPTION .1 = use RETF and i need some times to remember PnP spec.. OPTION .2 = if you want call a bcv then use simply this Code: mov ax,0f000h mov es,ax mov di,0e2d0h mov bx,-1 mov dx,-1 mov ax,4 call far 0CE00h:3391h I think that you are complicating your life unnecessarily, if you use DOS then is sufficient the code above, you can do a simply .com file and run it , or write a little boot code to run the code above with some debug info.. not to assume anything, you must always look for different address it (PnP Header, Option ROM, and so on) into memory and perform the checksum of each structure before doing anything _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 18:00 |
|
gabiz_ro 23 Aug 2010, 18:36
1. Yes.
2. Yes. (but I don't have where to insert this code.) Dell BIOS loads his modules by id,no matter what option ROM I insert in place of network PXE rom if I choose network boot that module is loaded. I have also tried to insert Sil3132 option ROM in place of original Broadcom PXE ROM but with same result,I can access card configuration but no boot from card,also in BDA number of fixed disk is not changed. Sil3132 option ROM is loaded by BIOS itself because it find that PCI card.Is loaded but not handled right way. Now using this way to fool BIOS by loading my option ROM I can see INT13 vector is changed,number of fixed disk in BDA increased after calling BCV. With latest one posted before,computer stay at screen with debug_step4: ;print disk number BDA is not frozen (caps lock is working,same ctrl-alt-del) |
|||
23 Aug 2010, 18:36 |
|
DJ Mauretto 23 Aug 2010, 18:45
Usually you can resolve this problem with a BIOS UPDATE...
I saw that many users have the same problem (Google fo it) OK do you have a Floppy in your PC ? We can write a little Boot code to Test I hope that you will be able to copy an image on a floppy and boot it... _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 18:45 |
|
gabiz_ro 23 Aug 2010, 18:56
My bad luck no floppy
But if at this moment I'm unable to exit from where I'm when calling BCV and without calling BCV BIOS doesn't know about existence of that disk how will work? |
|||
23 Aug 2010, 18:56 |
|
DJ Mauretto 23 Aug 2010, 18:58
do you have a USB key ?
Are you able to write a image on usb key and boot from it _________________ Nil Volentibus Arduum |
|||
23 Aug 2010, 18:58 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.