flat assembler
Message board for the users of flat assembler.
![]() Goto page Previous 1, 2, 3 Next |
Author |
|
Feryno 04 Jun 2012, 07:59
So according my experiments, I recommend to use LOAD command only for drivers (EFIBOOT, EFIRUNTIME).
For EFI just directly execute the program. About problems in header: Seems imagebase doesn't matter (no need the "... at 400000h" in the header) and the problem is only in the word following the EFI/EFIBOOT/EFIRUNTIME (5Ch bytes after 'PE'), the word should be 0 (5Eh bytes after 'PE'). Use the method suggested by Tomasz to force it to be 0, or recompile the FASM as I wrote few posts ago, or use older FASM version which always emits this word as 0. If it helps you I made a video about my experiments with a tremor in my hand (as you can see) and my family around me (as you can hear). http://www.metacafe.com/w/8600850 here you can download working sample and fasm.exe used to compile it http://fdbg.x86asm.net/fasm_uefi_OK.zip BTW relocs are not necessary if your program doesn't need them (then empty relocs section is only a waste of space) but the cleared IMAGE_FILE_RELOCS_STRIPPED seems to be necessary then in the header anyway. |
|||
![]() |
|
XVilka 04 Jun 2012, 11:21
even if i remove last line, with
Code:
section '.reloc' fixups data discardable
It still produce invalid image (which can't be loaded in uefi shell with "load" cmd, and if converted into rom (with efirom utility) and flashed inside card). Sources + produced efi file attached
|
|||||||||||
![]() |
|
Feryno 04 Jun 2012, 12:14
XVilka, stop using the load command, it is only for drivers (requires EFIBOOT, EFIRUNTIME flag)
running program from uefi shellx64 requires flag EFI (word 5Ch bytes after 'PE' is 0Ah) and running it directly as shown for the a00 in the video I posted the link so no this: load hello.efi but use this: hello the word 5Eh bytes after 'PE' should be 0 that seems to be essential to produce valid uefi program (you had that word 40h in first hello.efi, now in your last hello.efi it is correctly 0000) try to run the a00 from the archive I posted the link does the a00 from the zip run well at your PC? (it only prints message and waits for keystroke) can you recompile the same binary file (value at word 5Eh bytes after 'PE' = 0) ? if you are still producing files with 40h at word 5Eh bytes after 'PE' then reread my previous post how to do programs with that word = 0 don't convert anything to rom and even flush into chips the solution seems to be much more easier later edit: in your last hello.efi I found another problem: the value at word 16h bytes after 'PE' must be 202Eh, you have there 202Fh try to use the fasm.exe from the archive I posted the link and use this header: Code: format PE64 dll EFI because you still have 0Bh at word 5Ch bytes after 'PE' which means EFIBOOT = driver be patient, after you produce programs (EFI) then you continue with drivers (EFIBOOT, EFIRUNTIME) Last edited by Feryno on 04 Jun 2012, 12:32; edited 1 time in total |
|||
![]() |
|
Tomasz Grysztar 04 Jun 2012, 12:32
Feryno wrote: the word 5Eh bytes after 'PE' should be 0 |
|||
![]() |
|
Feryno 04 Jun 2012, 12:44
Hi Tomasz, that seems to be a problem specific only for UEFI
the fdbg for UEFI has quite huge relocations (0664h bytes) but the word 16h bytes after 'PE' is 202Eh (because I compiled it with changed FASM), I'm guessing that if I change it to 202Fh then the program won't run. I'll try that at home and let you know tomorrow. BTW all programs compiled with UEFI Development Kit have IMAGE_FILE_RELOCS_STRIPPED flag even all of them contain relocs seems UEFI ignores this flag (better to say UEFI does only problems when this flag is set) |
|||
![]() |
|
XVilka 04 Jun 2012, 12:48
Feryno: yes, it works, if I manually change 0x56 byte from 0x2F to 0x2E. Though it doesnt work as driver, if change EFI to EFIboot and use efirom.exe to produce rom and flash it inside network card (while C code works ok)
Last edited by XVilka on 04 Jun 2012, 12:54; edited 1 time in total |
|||
![]() |
|
Tomasz Grysztar 04 Jun 2012, 12:53
Feryno wrote: Hi Tomasz, that seems to be a problem specific only for UEFI You only get 2Fh if you do not include fixups and thus create the base-dependent image. |
|||
![]() |
|
XVilka 04 Jun 2012, 13:09
Yes, if i just change this line latest fasm produce 0x2E instead of 0x2F
Code:
section '.data' data readable writeable
Code:
section '.data' data readable writeable fixups
But! It still invalid uefi image. See attached file.
|
|||||||||||
![]() |
|
Tomasz Grysztar 04 Jun 2012, 13:24
That is not what I meant when writing about using "data fixups" construction. This is what I had in mind:
Code: section '.data' data readable writeable ; some regular data align 16 data fixups end data |
|||
![]() |
|
Feryno 04 Jun 2012, 13:31
good!
saw the last hello.efi, and now the last thing to fix and I guess your program will run: the word 5Eh after 'PE' must be 0 it is offset 9Eh in your file Last edited by Feryno on 04 Jun 2012, 13:32; edited 1 time in total |
|||
![]() |
|
XVilka 04 Jun 2012, 13:32
Now it works! (At least for UEFI application)
Attached working sources and produced valid UEFI image.
|
|||||||||||
![]() |
|
Feryno 04 Jun 2012, 13:34
great!
|
|||
![]() |
|
XVilka 04 Jun 2012, 13:57
Though setting up event hook doesnt work, if run from card flash chip. It starts ok uefi_main, but something wrong with CreateEventEx()
|
|||
![]() |
|
Feryno 05 Jun 2012, 05:10
maybe setting up event hook requires driver (EFIBOOT, EFIRUNTIME) and loading it using the load command ?
|
|||
![]() |
|
XVilka 05 Jun 2012, 05:18
Yes, of course i'm using EFIBOOT. You can check it by yourself, if do load from UEFI shell, then exit from shell with "exit". Hook must start after.
|
|||
![]() |
|
Feryno 05 Jun 2012, 13:56
aha...
I remember that one time I saw the message ReadyToBoot() at my PC and then the PC stopped (had to push reboot button) I thought it was some bug in my UEFI (because the necessity of reboot and string I saw for the first time), now I know it was caused by your program, the stop was because of jmp .stuck instruction, it was not bug/problem. I didn't read your source code carefully, just ran your programs. The message ReadyToBoot() appeared when I exited uefi shell (after the command exit) later edit: sorry, the message was because of valid.efi not produced by hello.efi |
|||
![]() |
|
Feryno 06 Jun 2012, 05:44
hi, here working driver
ugly code, just disasm of the valid.efi and small changes to port it into FASM you should experimentate with the source and remove unnecessary balast again, no one FASM programmer would produce such terrible source code the string appeared after exit from uefi shell and then after exit from UEFI setup: http://www.metacafe.com/w/8611893 ready.asm: Code: format PE64 dll EFIboot section '.text' code executable readable entry $ var_18 = -18h var_10 = -10h arg_0 = 8 arg_8 = 10h arg_10 = 18h mov [rsp+arg_10], rbx push rdi sub rsp, 30h mov r10, [rdx+60h] mov rax, [rdx+58h] mov rdi, rdx mov rbx, rcx mov [qword_4B8], rcx mov [qword_4C0], rdx mov [rsp+38h+arg_0], rcx lea r8, [off_488] lea rdx, [unk_470] lea rcx, [rsp+38h+arg_0] xor r9d, r9d mov [qword_4C8], r10 mov [qword_4D0], rax call qword [r10+148h] mov rax, [rsp+38h+arg_0] mov [qword_4B0], rax lea rax, [rsp+38h+arg_8] lea r8, [sub_370] mov [rsp+38h+var_10], rax lea rax, [unk_460] mov r9, rdi mov [rsp+38h+var_18], rax mov rax, [qword_4C8] mov edx, 10h mov ecx, 200h mov [qword_4A8], rbx call qword [rax+170h] mov rbx, [rsp+38h+arg_10] add rsp, 30h pop rdi ret align 4 sub_36C: xor eax, eax ret align 10h sub_370: sub rsp, 28h mov rax, [qword_4C0] lea rdx, [aReadytoboot] mov r8, [rax+40h] mov rcx, r8 call qword [r8+8] loc_38D: jmp loc_38D section '.data' data readable writeable aReadytoboot du 'ReadyToBoot()',0Dh,0Ah,0 align 20h unk_460 db 0B3h db 8Fh db 0E8h db 7Ch db 0D7h db 4Bh db 79h db 46h db 87h db 0A8h db 0A8h db 0D8h db 0DEh db 0E5h db 0Dh db 2Bh unk_470 db 0ABh db 31h db 0A0h db 18h db 43h db 0B4h db 1Ah db 4Dh db 0A5h db 0C0h db 0Ch db 9 db 26h db 1Eh db 9Fh db 71h dq aReadytoboot off_488 dq sub_36C dq sub_36C dq sub_36C dq 0Ah qword_4A8 dq 0 qword_4B0 dq 0 qword_4B8 dq 0 qword_4C0 dq 0 qword_4C8 dq 0 qword_4D0 dq 0 ; !!!!!!!!!!!!!!!!!!!!!!! ; data fixups very important to set IMAGE_FILE_RELOCS_STRIPPED flag, which is needed for UEFI ; !!!!!!!!!!!!!!!!!!!!!!! ;align 16 ; ;data fixups ;end data ; but now we need relocs section '.reloc' fixups data discardable |
|||
![]() |
|
XVilka 06 Jun 2012, 17:23
Thx! I'll try redo this again. Already have disassembled valid.efi (btw, with nice tool - radare2 http://radare.org )
|
|||
![]() |
|
seppe 14 Apr 2015, 21:47
I made a small efi application named sd.efi to quickly shut down the computer.
It works fine on my Packerd Bell laptop, but gives a load error on my HP650. I figured out that the load error occured because the relocation section is empty. In stead of manipulating the PE header, I simply added an operation to force a relocation. See the attached source. Hope you appreciate . . . Code: ; sd.efi : a simple application to shutdown the computer format PE64 dll efi at 0 on 'nul' entry main section '.text' code readable executable main: mov rax,[rdx+0x58] ; rax = runtime services mov rcx,2 ; rcx = 2 = shutDown xor rdx,rdx ; rdx = status xor r8,r8 ; r8 = size of info buffer xor r9,r9 ; r9 = info buffer (none) push r9 r8 rdx rcx ; shadow params call qword[rax+0x68] ; SystemReset mov rax,main ; force a relocation ;---- useless but required section -----; section '.reloc' fixups data discardable ;--------------------------------------- _________________ Greetings from Seppe |
|||
![]() |
|
Goto page Previous 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.