flat assembler
Message board for the users of flat assembler.

Index > Main > x64 UEFI support

Goto page Previous  1, 2, 3  Next
Author
Thread Post new topic Reply to topic
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 04 Jun 2012, 07:59
So according my experiments, I recommend to use LOAD command only for drivers (EFIBOOT, EFIRUNTIME).
For EFI just directly execute the program.
About problems in header:
Seems imagebase doesn't matter (no need the "... at 400000h" in the header) and the problem is only in the word following the EFI/EFIBOOT/EFIRUNTIME (5Ch bytes after 'PE'), the word should be 0 (5Eh bytes after 'PE').
Use the method suggested by Tomasz to force it to be 0, or recompile the FASM as I wrote few posts ago, or use older FASM version which always emits this word as 0.

If it helps you I made a video about my experiments with a tremor in my hand (as you can see) and my family around me (as you can hear).

http://www.metacafe.com/w/8600850

here you can download working sample and fasm.exe used to compile it
http://fdbg.x86asm.net/fasm_uefi_OK.zip

BTW relocs are not necessary if your program doesn't need them (then empty relocs section is only a waste of space) but the cleared IMAGE_FILE_RELOCS_STRIPPED seems to be necessary then in the header anyway.
Post 04 Jun 2012, 07:59
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 04 Jun 2012, 11:21
even if i remove last line, with
Code:
section '.reloc' fixups data discardable
    

It still produce invalid image (which can't be loaded in uefi shell with "load" cmd, and if converted into rom (with efirom utility) and flashed inside card).
Sources + produced efi file attached


Description: sources
Download
Filename: hello.7z
Filesize: 2.77 KB
Downloaded: 606 Time(s)

Post 04 Jun 2012, 11:21
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 04 Jun 2012, 11:43
Feryno wrote:
BTW relocs are not necessary if your program doesn't need them (then empty relocs section is only a waste of space) but the cleared IMAGE_FILE_RELOCS_STRIPPED seems to be necessary then in the header anyway.
You do not really have to create a separate section for it, you can use "data fixups"/"end data" and put it in one of the existing sections. If your program really does not need relocations, then this will simply generate 0-size data directory.

I would not recommend deciding "manually" whether your image needs relocations or not - you may every now and then overlook something.
Post 04 Jun 2012, 11:43
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 04 Jun 2012, 12:14
XVilka, stop using the load command, it is only for drivers (requires EFIBOOT, EFIRUNTIME flag)
running program from uefi shellx64 requires flag EFI (word 5Ch bytes after 'PE' is 0Ah) and running it directly as shown for the a00 in the video I posted the link
so no this:
load hello.efi
but use this:
hello
the word 5Eh bytes after 'PE' should be 0
that seems to be essential to produce valid uefi program (you had that word 40h in first hello.efi, now in your last hello.efi it is correctly 0000)
try to run the a00 from the archive I posted the link
does the a00 from the zip run well at your PC? (it only prints message and waits for keystroke)
can you recompile the same binary file (value at word 5Eh bytes after 'PE' = 0) ?
if you are still producing files with 40h at word 5Eh bytes after 'PE' then reread my previous post how to do programs with that word = 0
don't convert anything to rom and even flush into chips
the solution seems to be much more easier

later edit:
in your last hello.efi I found another problem:
the value at word 16h bytes after 'PE' must be 202Eh, you have there 202Fh
try to use the fasm.exe from the archive I posted the link
and use this header:
Code:
format PE64 dll EFI    

because you still have 0Bh at word 5Ch bytes after 'PE' which means EFIBOOT = driver

be patient, after you produce programs (EFI) then you continue with drivers (EFIBOOT, EFIRUNTIME)


Last edited by Feryno on 04 Jun 2012, 12:32; edited 1 time in total
Post 04 Jun 2012, 12:14
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 04 Jun 2012, 12:32
Feryno wrote:
the word 5Eh bytes after 'PE' should be 0
that seems to be essential to produce valid uefi program (you have that word 40h in hello.efi)
(...)
the value at word 16h bytes after 'PE' must be 202Eh, you have there 202Fh
Once again: this is because fasm was told not to generate relocations, and it appears their presence is essential for UEFI. Put at least the "data fixups" there, and please do not try enforcing these values manually because this way you may fix the problem just for now, but get other problems later.
Post 04 Jun 2012, 12:32
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 04 Jun 2012, 12:44
Hi Tomasz, that seems to be a problem specific only for UEFI
the fdbg for UEFI has quite huge relocations (0664h bytes) but the word 16h bytes after 'PE' is 202Eh (because I compiled it with changed FASM), I'm guessing that if I change it to 202Fh then the program won't run.
I'll try that at home and let you know tomorrow.
BTW all programs compiled with UEFI Development Kit have IMAGE_FILE_RELOCS_STRIPPED flag even all of them contain relocs
seems UEFI ignores this flag (better to say UEFI does only problems when this flag is set)
Post 04 Jun 2012, 12:44
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 04 Jun 2012, 12:48
Feryno: yes, it works, if I manually change 0x56 byte from 0x2F to 0x2E. Though it doesnt work as driver, if change EFI to EFIboot and use efirom.exe to produce rom and flash it inside network card (while C code works ok)


Last edited by XVilka on 04 Jun 2012, 12:54; edited 1 time in total
Post 04 Jun 2012, 12:48
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 04 Jun 2012, 12:53
Feryno wrote:
Hi Tomasz, that seems to be a problem specific only for UEFI
the fdbg for UEFI has quite huge relocations (0664h bytes) but the word 16h bytes after 'PE' is 202Eh (because I compiled it with changed FASM), I'm guessing that if I change it to 202Fh then the program won't run.
I'll try that at home and let you know tomorrow.
BTW all programs compiled with UEFI Development Kit have IMAGE_FILE_RELOCS_STRIPPED flag even all of them contain relocs
seems UEFI ignores this flag (better to say UEFI does only problems when this flag is set)
Your post confuses me. The 202Eh is the one with IMAGE_FILE_RELOCS_STRIPPED cleared. You should get 2Eh there with any version of fasm if you have included fixups in your image.
You only get 2Fh if you do not include fixups and thus create the base-dependent image.
Post 04 Jun 2012, 12:53
View user's profile Send private message Visit poster's website Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 04 Jun 2012, 13:09
Yes, if i just change this line latest fasm produce 0x2E instead of 0x2F
Code:
section '.data' data readable writeable
    
to this:
Code:
section '.data' data readable writeable fixups
    

But! It still invalid uefi image. See attached file.


Description: uefi image
Download
Filename: hello.7z
Filesize: 392 Bytes
Downloaded: 530 Time(s)

Post 04 Jun 2012, 13:09
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 04 Jun 2012, 13:24
That is not what I meant when writing about using "data fixups" construction. This is what I had in mind:
Code:
section '.data' data readable writeable
  ; some regular data

  align 16

  data fixups
  end data    
Post 04 Jun 2012, 13:24
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 04 Jun 2012, 13:31
good!
saw the last hello.efi, and now the last thing to fix and I guess your program will run:
the word 5Eh after 'PE' must be 0
it is offset 9Eh in your file


Last edited by Feryno on 04 Jun 2012, 13:32; edited 1 time in total
Post 04 Jun 2012, 13:31
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 04 Jun 2012, 13:32
Now it works! (At least for UEFI application)
Attached working sources and produced valid UEFI image.


Description: Sample uefi stuff
Download
Filename: sample.7z
Filesize: 2.91 KB
Downloaded: 665 Time(s)

Post 04 Jun 2012, 13:32
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 04 Jun 2012, 13:34
great!
Post 04 Jun 2012, 13:34
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 04 Jun 2012, 13:57
Though setting up event hook doesnt work, if run from card flash chip. It starts ok uefi_main, but something wrong with CreateEventEx()
Post 04 Jun 2012, 13:57
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 05 Jun 2012, 05:10
maybe setting up event hook requires driver (EFIBOOT, EFIRUNTIME) and loading it using the load command ?
Post 05 Jun 2012, 05:10
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 05 Jun 2012, 05:18
Yes, of course i'm using EFIBOOT. You can check it by yourself, if do load from UEFI shell, then exit from shell with "exit". Hook must start after.
Post 05 Jun 2012, 05:18
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 05 Jun 2012, 13:56
aha...
I remember that one time I saw the message
ReadyToBoot()
at my PC and then the PC stopped (had to push reboot button)
I thought it was some bug in my UEFI (because the necessity of reboot and string I saw for the first time), now I know it was caused by your program, the stop was because of jmp .stuck instruction, it was not bug/problem. I didn't read your source code carefully, just ran your programs.
The message ReadyToBoot() appeared when I exited uefi shell (after the command exit)


later edit:
sorry, the message was because of valid.efi
not produced by hello.efi
Post 05 Jun 2012, 13:56
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 06 Jun 2012, 05:44
hi, here working driver
ugly code, just disasm of the valid.efi and small changes to port it into FASM
you should experimentate with the source and remove unnecessary balast
again, no one FASM programmer would produce such terrible source code
the string appeared after exit from uefi shell and then after exit from UEFI setup:
http://www.metacafe.com/w/8611893


ready.asm:
Code:
format PE64 dll EFIboot

section '.text' code executable readable

entry $
 
var_18                = -18h
var_10                = -10h
arg_0         = 8
arg_8            = 10h
arg_10         = 18h

           mov     [rsp+arg_10], rbx
           push    rdi
         sub     rsp, 30h
            mov     r10, [rdx+60h]
              mov     rax, [rdx+58h]
              mov     rdi, rdx
            mov     rbx, rcx
            mov     [qword_4B8], rcx
            mov     [qword_4C0], rdx
            mov     [rsp+38h+arg_0], rcx
                lea     r8, [off_488]
               lea     rdx, [unk_470]
              lea     rcx, [rsp+38h+arg_0]
                xor     r9d, r9d
            mov     [qword_4C8], r10
            mov     [qword_4D0], rax
            call    qword [r10+148h]
            mov     rax, [rsp+38h+arg_0]
                mov     [qword_4B0], rax
            lea     rax, [rsp+38h+arg_8]
                lea     r8, [sub_370]
               mov     [rsp+38h+var_10], rax
               lea     rax, [unk_460]
              mov     r9, rdi
             mov     [rsp+38h+var_18], rax
               mov     rax, [qword_4C8]
            mov     edx, 10h
            mov     ecx, 200h
           mov     [qword_4A8], rbx
            call    qword [rax+170h]
            mov     rbx, [rsp+38h+arg_10]
               add     rsp, 30h
            pop     rdi
         ret

             align 4
sub_36C:
             xor     eax, eax
            ret

             align 10h

sub_370:
               sub     rsp, 28h
            mov     rax, [qword_4C0]
            lea     rdx, [aReadytoboot]
         mov     r8, [rax+40h]
               mov     rcx, r8
             call    qword [r8+8]

loc_38D:
            jmp     loc_38D


section '.data' data readable writeable

aReadytoboot        du      'ReadyToBoot()',0Dh,0Ah,0

             align 20h
unk_460            db 0B3h
             db  8Fh
             db 0E8h
             db  7Ch
             db 0D7h
             db  4Bh
             db  79h
             db  46h
             db  87h
             db 0A8h
             db 0A8h
             db 0D8h
             db 0DEh
             db 0E5h
             db  0Dh
             db  2Bh
unk_470              db 0ABh
             db  31h
             db 0A0h
             db  18h
             db  43h
             db 0B4h
             db  1Ah
             db  4Dh
             db 0A5h
             db 0C0h
             db  0Ch
             db    9
             db  26h
             db  1Eh
             db  9Fh
             db  71h
             dq aReadytoboot
off_488              dq sub_36C
          dq sub_36C
          dq sub_36C
          dq  0Ah
qword_4A8    dq 0
qword_4B0       dq 0
qword_4B8       dq 0
qword_4C0       dq 0
qword_4C8       dq 0
qword_4D0       dq 0

; !!!!!!!!!!!!!!!!!!!!!!!
; data fixups very important to set IMAGE_FILE_RELOCS_STRIPPED flag, which is needed for UEFI
; !!!!!!!!!!!!!!!!!!!!!!!
;align 16
;
;data fixups
;end data

; but now we need relocs
section '.reloc' fixups data discardable    
Post 06 Jun 2012, 05:44
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
XVilka



Joined: 04 May 2011
Posts: 42
Location: Russia
XVilka 06 Jun 2012, 17:23
Thx! I'll try redo this again. Already have disassembled valid.efi (btw, with nice tool - radare2 http://radare.org )
Post 06 Jun 2012, 17:23
View user's profile Send private message Visit poster's website Reply with quote
seppe



Joined: 12 Apr 2015
Posts: 15
Location: Belgian in Tenerife
seppe 14 Apr 2015, 21:47
I made a small efi application named sd.efi to quickly shut down the computer.
It works fine on my Packerd Bell laptop, but gives a load error on my HP650.
I figured out that the load error occured because the relocation section is empty.
In stead of manipulating the PE header, I simply added an operation to force a relocation. See the attached source.
Hope you appreciate . . .
Code:
; sd.efi : a simple application to shutdown the computer
format PE64 dll efi at 0 on 'nul'
entry main
section '.text' code readable executable
main:   mov     rax,[rdx+0x58]          ; rax = runtime services
        mov     rcx,2                   ; rcx = 2 = shutDown
        xor     rdx,rdx                 ; rdx = status
        xor     r8,r8                   ; r8 = size of info buffer
        xor     r9,r9                   ; r9 = info buffer (none)
        push    r9 r8 rdx rcx           ; shadow params
        call    qword[rax+0x68]         ; SystemReset
        mov     rax,main                ; force a relocation
;---- useless but required section -----;
section '.reloc' fixups data discardable
;---------------------------------------    

_________________
Greetings from Seppe
Post 14 Apr 2015, 21:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.