start
====== Differences ====== This shows you the differences between two versions of the page.
|
start [2013/06/16 09:17] xvilka |
start [2014/01/09 13:47] (current) xvilka |
||
|---|---|---|---|
| Line 59: | Line 59: | ||
| See example here http://xvilka.me/ami_bios.bin | See example here http://xvilka.me/ami_bios.bin | ||
| + | |||
| + | Download example from http://xvilka.me/asrock_p4i65g.bin and open it as usual. | ||
| + | Also you can download r2 database file with all mentioned stuff (and more) from http://xvilka.me/asrock_p4i65g.r2 (Just load ut after loading *.bin file using '.' command). | ||
| + | It is based on ICH5 southbridge, download datasheet here http://www.intel.com/content/dam/doc/datasheet/82801eb-82801er-io-controller-hub-datasheet.pdf | ||
| 4. Disassembly, set flag to this as bios_entry | 4. Disassembly, set flag to this as bios_entry | ||
| Line 313: | Line 317: | ||
| [f000:0b3c]> Cd 2 @ f000:0b46 | [f000:0b3c]> Cd 2 @ f000:0b46 | ||
| - | ==== Award ==== | + | ... [some reversing process]... |
| - | ==== Phoenix ==== | + | === SMBus === |
| - | Download example from http://xvilka.me/asrock_p4i65g.bin and open it as usual. | + | First, find SMB_BASE addr (see 14.1.8 from ICH5 pdf), it is 0x400 for our mainboard. Then find SMBus registers themselves: |
| - | ... [some reversing process]... | + | SMB_BASE + 0x1 - HST_STS (Host Status) |
| + | SMB_BASE + 0x2 - HST_CNT (Host Control) | ||
| + | SMB_BASE + 0x3 - HST_CMD (Host Command) | ||
| + | SMB_BASE + 0x4 - XMIT_SLVA (Transmit Slave Address) | ||
| + | SMB_BASE + 0x5 - HST_D0 (Host Data 0) | ||
| + | SMB_BASE + 0x6 - HST_D1 (Host Data 1) | ||
| + | SMB_BASE + 0x7 - HOST_BLOCK_DB (Host Block Data Byte) | ||
| + | ... | ||
| SMBus reading/writing. So, we've found some SMBus function, and we know, that 0x5786 - offset of **SMBus_ICH5_Reg_Write_Byte_SL** function, and 0x578e - offset of **SMBus_ICH5_Reg_Read_Byte_SL** function. | SMBus reading/writing. So, we've found some SMBus function, and we know, that 0x5786 - offset of **SMBus_ICH5_Reg_Write_Byte_SL** function, and 0x578e - offset of **SMBus_ICH5_Reg_Read_Byte_SL** function. | ||
| Line 367: | Line 378: | ||
| | | ||
| Also add these local labels: | Also add these local labels: | ||
| - | [f000:574d]> f SMB_Send_CMD 1 0xf000:0x5755 | + | [f000:574d]> f .SMB_Send_CMD @ 0xf000:0x5755 |
| - | [f000:574d]> f SMB_Prepare_Controller 1 0xf000:0x5762 | + | [f000:574d]> f .SMB_Prepare_Controller @ 0xf000:0x5762 |
| - | [f000:574d]> f SMB_Read_Data 1 0xf000:0x5779 | + | [f000:574d]> f .SMB_Read_Data @ 0xf000:0x5779 |
| - | [f000:574d]> f SMB_delay_loop 1 0xf000:0x576d | + | [f000:574d]> f .SMB_delay_loop @ 0xf000:0x576d |
| | | ||
| And here is what we have got (in VISUAL mode - **Vp** command to enter): | And here is what we have got (in VISUAL mode - **Vp** command to enter): | ||
| Line 424: | Line 435: | ||
| | f000:57a2 a4 movsb | | f000:57a2 a4 movsb | ||
| | f000:57a3 57 push di | | f000:57a3 57 push di | ||
| - | | f000:57a4 b87200 mov ax, 0x72 | + | | f000:57a4 b87200 mov ax, 0x72 |
| + | |||
| + | ==== Award ==== | ||
| + | |||
| + | ==== Phoenix ==== | ||
| + | |||
| + | | ||
| ==== HP BIOS ==== | ==== HP BIOS ==== | ||
start.1371374238.txt.gz · Last modified: 2013/06/16 09:17 by xvilka
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
