Find Boot Code

I just starting to write assembly code again :), but now i lost some information about when the BIOS is done with checking the system ect...
and jumps to a interrupt vector to search for a bootdrive!
What for interrupt is placed in the BIOS to jump for the boot code?
I know that Int 19h is used for a warm reboot, so when i look for this interrupt in the BIOS image, i find nothing.

Thanks!

Comments

  • : I just starting to write assembly code again :), but now i lost some information about when the BIOS is done with checking the system ect...
    : and jumps to a interrupt vector to search for a bootdrive!
    : What for interrupt is placed in the BIOS to jump for the boot code?
    : I know that Int 19h is used for a warm reboot, so when i look for this interrupt in the BIOS image, i find nothing.
    :
    : Thanks!
    :
    The BIOS (at least phoenix bios) does call INT 19h as the last thing it does before an o/s is loaded. You might not find it in a BIOS image because that code is more than likely compressed until it's needed at the end of post.

    -jeff!
  • : : I just starting to write assembly code again :), but now i lost some information about when the BIOS is done with checking the system ect...
    : : and jumps to a interrupt vector to search for a bootdrive!
    : : What for interrupt is placed in the BIOS to jump for the boot code?
    : : I know that Int 19h is used for a warm reboot, so when i look for this interrupt in the BIOS image, i find nothing.
    : :
    : : Thanks!
    : :
    : The BIOS (at least phoenix bios) does call INT 19h as the last thing it does before an o/s is loaded. You might not find it in a BIOS image because that code is more than likely compressed until it's needed at the end of post.
    :
    : -jeff!

    Is the decompressing done at hardware level or software level?
    If software?, when the PC starts-up a piece of code will be loaded in RAM that will decompress all the code that is loaded in the F000 segment?

  • : : : I just starting to write assembly code again :), but now i lost some information about when the BIOS is done with checking the system ect...
    : : : and jumps to a interrupt vector to search for a bootdrive!
    : : : What for interrupt is placed in the BIOS to jump for the boot code?
    : : : I know that Int 19h is used for a warm reboot, so when i look for this interrupt in the BIOS image, i find nothing.
    : : :
    : : : Thanks!
    : : :
    : : The BIOS (at least phoenix bios) does call INT 19h as the last thing it does before an o/s is loaded. You might not find it in a BIOS image because that code is more than likely compressed until it's needed at the end of post.
    : :
    : : -jeff!
    :
    : Is the decompressing done at hardware level or software level?
    : If software?, when the PC starts-up a piece of code will be loaded in RAM that will decompress all the code that is loaded in the F000 segment?

    I only know Phoenix bios at this level, but I can only assume AMI is similar. As the BIOS is initializing and testing hardware, it will decompress modules of code that it needs, execute the uncompressed code, then overwrite it with other modules as they are needed, since once a piece of hardware has been initialized, that code will likely not be needed again, so it can be overwritten. This keeps the overall runtime BIOS (runtime meaning the resident stuff after INT 19 is executed) smaller to not eat up so much of the E000 segment, which leaves more upper memory blocks available.

    So, the BIOS is very modular. Modules, such as the interactive setup menu, are decompressed on the fly as they are needed, and thrown away if they are not needed after boot.

    It's a huge struggle to fit all the stuff into the BIOS that is required by today's machines: APM, ACPI, DMI, USB boot, CD-ROM boot, setup, plus all the legacy code. The only way to make these things fit was to either break backwards compatibility or use tricky compression methods to make it all fit.

    -jeff!



  • : : : : I just starting to write assembly code again :), but now i lost some information about when the BIOS is done with checking the system ect...
    : : : : and jumps to a interrupt vector to search for a bootdrive!
    : : : : What for interrupt is placed in the BIOS to jump for the boot code?
    : : : : I know that Int 19h is used for a warm reboot, so when i look for this interrupt in the BIOS image, i find nothing.
    : : : :
    : : : : Thanks!
    : : : :
    : : : The BIOS (at least phoenix bios) does call INT 19h as the last thing it does before an o/s is loaded. You might not find it in a BIOS image because that code is more than likely compressed until it's needed at the end of post.
    : : :
    : : : -jeff!
    : :
    : : Is the decompressing done at hardware level or software level?
    : : If software?, when the PC starts-up a piece of code will be loaded in RAM that will decompress all the code that is loaded in the F000 segment?
    :
    : I only know Phoenix bios at this level, but I can only assume AMI is similar. As the BIOS is initializing and testing hardware, it will decompress modules of code that it needs, execute the uncompressed code, then overwrite it with other modules as they are needed, since once a piece of hardware has been initialized, that code will likely not be needed again, so it can be overwritten. This keeps the overall runtime BIOS (runtime meaning the resident stuff after INT 19 is executed) smaller to not eat up so much of the E000 segment, which leaves more upper memory blocks available.
    :
    : So, the BIOS is very modular. Modules, such as the interactive setup menu, are decompressed on the fly as they are needed, and thrown away if they are not needed after boot.
    :
    : It's a huge struggle to fit all the stuff into the BIOS that is required by today's machines: APM, ACPI, DMI, USB boot, CD-ROM boot, setup, plus all the legacy code. The only way to make these things fit was to either break backwards compatibility or use tricky compression methods to make it all fit.
    :
    : -jeff!
    :

    Ok. I`m using a AMI bios, well i assuming to, that it will work like the Phoenix.
    So it seems to be immpossible to put code in de BIOS image file and that you jump to that code, before the PC boots???
    Only if you know the compressing algorithm. Wich i think we will never know.
    Maybe someone have idea to do this?

    If i look in the 386 Manual at the "Reset chapter" the processor will begin to exucte code from adress: FFFFFFF0h. so ther is only space for a JUMP. So if i make a BIOS image file with on adress FFFFFFF0h a jump to my own code, this will work?
    And is this start adress, for every processor the same?

    thanks.




  • : So it seems to be immpossible to put code in de BIOS image file and that you jump to that code, before the PC boots???
    : Only if you know the compressing algorithm. Wich i think we will never know.
    : Maybe someone have idea to do this?

    You don't want to modify a BIOS image file and insert your own code.
    Images are checksummed and if the checksum doesn't work out properly, your system will refuse to boot at all. It's quite dangerous and can make your motherboard inoperable.


    :
    : If i look in the 386 Manual at the "Reset chapter" the processor will begin to exucte code from adress: FFFFFFF0h. so ther is only space for a JUMP. So if i make a BIOS image file with on adress FFFFFFF0h a jump to my own code, this will work?

    That will work, except you will then be executing your code before any of the hardware has been initialized by the BIOS. That means NO memory access, which means no PUSH, POP, CALL or RET.

    The code at the start of any BIOS will be uncompressed, since there is no memory initialized to decompress it to. You should be able to replace any of that code with your own, just be careful!

    : And is this start adress, for every processor the same?

    Yes. Well, not 8086/8088 processors, but I don't think you're working with them. ;)

    -jeff!



  • [b][red]This message was edited by diehard at 2004-4-28 11:37:4[/red][/b][hr]
    : : So it seems to be immpossible to put code in de BIOS image file and that you jump to that code, before the PC boots???
    : : Only if you know the compressing algorithm. Wich i think we will never know.
    : : Maybe someone have idea to do this?
    :
    : You don't want to modify a BIOS image file and insert your own code.
    : Images are checksummed and if the checksum doesn't work out properly, your system will refuse to boot at all. It's quite dangerous and can make your motherboard inoperable.
    :
    :
    : :
    : : If i look in the 386 Manual at the "Reset chapter" the processor will begin to exucte code from adress: FFFFFFF0h. so ther is only space for a JUMP. So if i make a BIOS image file with on adress FFFFFFF0h a jump to my own code, this will work?
    :
    : That will work, except you will then be executing your code before any of the hardware has been initialized by the BIOS. That means NO memory access, which means no PUSH, POP, CALL or RET.
    :
    : The code at the start of any BIOS will be uncompressed, since there is no memory initialized to decompress it to. You should be able to replace any of that code with your own, just be careful!
    :
    : : And is this start adress, for every processor the same?
    :
    : Yes. Well, not 8086/8088 processors, but I don't think you're working with them. ;)
    :
    : -jeff!
    :
    Ok.
    Checksum, this mean that the image file will be compared with number?

    I have a old motherboard that im working on, and last week i had contact with a person who had the same BIOS chip for me. So now i can play with it, without to lose a good BIOS that doesn`t work. So when the BIOS code doesn`t work, i replace the bad one with the good one, and can reprogram the bad one! ;)
    So now i have placed a jump at the start adress in the image to some code that displays a "A" on the screen, without a result i see! Because i dont have memmory ;) And i dont have a good checksum.

    But if i place a jump at the end of the P.O.S.T. to my own code in the BIOS. Have this code to be compressed.
    And how can recalculate the checksum?

    thanks again jeff!








  • : Ok.
    : Checksum, this mean that the image file will be compared with number?

    yes. A simple checksum will add up all the bytes in a range of memory so that the end result is 0. By adding in the last byte, the checksum byte, the value overflows back to 0.

    Your current bios might do this in 8, 16 or 32bits, so you need to know where the checksum is stored and how it's calculated.

    It's easily fooled. If you add 1 to one byte, subtract 1 from another and the checksum will still be 0.


    :
    : I have a old motherboard that im working on, and last week i had contact with a person who had the same BIOS chip for me. So now i can play with it, without to lose a good BIOS that doesn`t work. So when the BIOS code doesn`t work, i replace the bad one with the good one, and can reprogram the bad one! ;)

    excellent. This is a pretty good way to work; at least you won't end up throwing your motherboard away.
    I suggest investing in one of these:

    http://www.pcengines.ch/test.htm

    These cards allow you to display the value written to I/O port 80h, which is the debug/diagnostic port. You write a new value to port 80 at the entry point of every module of your code, so then you can trace where it last hung up. Otherwise, you're working blind.


    : So now i have placed a jump at the start adress in the image to some code that displays a "A" on the screen, without a result i see! Because i dont have memmory ;) And i dont have a good checksum.

    and you haven't initialized the video card.

    The motherboard BIOS calls the BIOS (called an option ROM) that is on your video card so it can be set up and readied to display characters on the screen.

    Does your computer beep when you try executing your custom BIOS?
    On most modern computers, there is another tiny BIOS called the boot-block which allows you to recover a mis-flashed BIOS if the bootblock sees that the main BIOS checksum doesn't match. So, essentially, there are 2 BIOSes on your flash chip. The 1st one doesn't get flashed in when you upgrade your BIOS. This may or may not be affecting you, depending on your BIOS/vendor/motherboard age.


    :
    : But if i place a jump at the end of the P.O.S.T. to my own code in the BIOS. Have this code to be compressed.

    You'll have to experiment with where the best location to patch your code in. If you have a utility to disassemble the BIOS image file, you might find sections of code that are not compressed that you can hook into. You might even get lucky enough to make changes in areas that aren't checksummed. Trial and error is about the only way you're going to figure it out, but even that's easier than re-writing all the code to initialize your hardware.

    -jeff!
  • : : But if i place a jump at the end of the P.O.S.T. to my own code in the BIOS. Have this code to be compressed.

    There's a much easier way. Write your code as a BIOS extension. After the POST, the BIOS checks every (I think) 4K from A000:0000 upwards looking for BIOS extension ROMs, which have 55-AA as the first 2 bytes. If it finds one, it jumps to it, and whatever code is there has complete control of the machine - including whether or not to return to the BIOS. This is how your video card initializes itself. We use the scheme for running PC motherboards as diskless embedded systems. If you want to experiment, there's a particular format header you need at the beginning of the EPROM, to tell the BIOS where to jump and so forth; and most old network cards have a free EPROM socket, often addressed at B800:0000.

  • : : : But if i place a jump at the end of the P.O.S.T. to my own code in the BIOS. Have this code to be compressed.
    :
    : There's a much easier way. Write your code as a BIOS extension. After the POST, the BIOS checks every (I think) 4K from A000:0000 upwards looking for BIOS extension ROMs, which have 55-AA as the first 2 bytes. If it finds one, it jumps to it, and whatever code is there has complete control of the machine - including whether or not to return to the BIOS. This is how your video card initializes itself. We use the scheme for running PC motherboards as diskless embedded systems. If you want to experiment, there's a particular format header you need at the beginning of the EPROM, to tell the BIOS where to jump and so forth; and most old network cards have a free EPROM socket, often addressed at B800:0000.
    :
    :

    Thanks! I was going to mention this option too, but didn't want to flood my replies with too much information to sort out. ;)

    Diehard will then either need an eeprom programmer or a flash upgradable network/scsi/video card to tinker with, certainly doable.

    The option rom header is pretty simple:

    Byte 0: 55h
    Byte 1: AAh
    Byte 2: size of rom in 512byte pages.
    Byte 3: code entry point

    The mainboard BIOS will probably checksum the option rom as well, same logic as in my previous post, most likely done on a single byte basis, so the checksum must sum up to an 8 bit value of 0.

    If the checksum fails, the option rom will be skipped.

    -jeff!
  • : : : : But if i place a jump at the end of the P.O.S.T. to my own code in the BIOS. Have this code to be compressed.
    : :
    : : There's a much easier way. Write your code as a BIOS extension. After the POST, the BIOS checks every (I think) 4K from A000:0000 upwards looking for BIOS extension ROMs, which have 55-AA as the first 2 bytes. If it finds one, it jumps to it, and whatever code is there has complete control of the machine - including whether or not to return to the BIOS. This is how your video card initializes itself. We use the scheme for running PC motherboards as diskless embedded systems. If you want to experiment, there's a particular format header you need at the beginning of the EPROM, to tell the BIOS where to jump and so forth; and most old network cards have a free EPROM socket, often addressed at B800:0000.
    : :
    : :
    :
    : Thanks! I was going to mention this option too, but didn't want to flood my replies with too much information to sort out. ;)
    :
    : Diehard will then either need an eeprom programmer or a flash upgradable network/scsi/video card to tinker with, certainly doable.
    :
    : The option rom header is pretty simple:
    :
    : Byte 0: 55h
    : Byte 1: AAh
    : Byte 2: size of rom in 512byte pages.
    : Byte 3: code entry point
    :
    : The mainboard BIOS will probably checksum the option rom as well, same logic as in my previous post, most likely done on a single byte basis, so the checksum must sum up to an 8 bit value of 0.
    :
    : If the checksum fails, the option rom will be skipped.
    :
    : -jeff!
    :
    This much easier yes, but i dont want to use a ISA/PCI card to complete this project.
    A pitty that it doesn`t work within the RAM.

    Well i will play further with this problem, hoppefully i will work it out.

    P.s. does someone have a good page about the BIOS(that goes deep)
    I allready google it, but maybe someone have something new for me.
  • [red]P.s. does someone have a good page about the BIOS(that goes deep)
    I allready google it, but maybe someone have something new for me[/red]

    Don't know if it's what your needing but here's a pretty good site on BIOS.

    http://www.bioscentral.com/

    also some other usefull info

    http://www.clipx.net/norton.php
  • : [red]P.s. does someone have a good page about the BIOS(that goes deep)
    : I allready google it, but maybe someone have something new for me[/red]
    :
    : Don't know if it's what your needing but here's a pretty good site on BIOS.
    :
    : http://www.bioscentral.com/
    :
    : also some other usefull info
    :
    : http://www.clipx.net/norton.php
    :

    I'd never seen bioscentral before. Cool! I'll have to dig into it a bit.

    And here's another tech info site:
    http://www.nondot.org/sabre/os/articles

    -jeff!
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories