BIOS Disassembly
pa...@gcs.com.au
it. Eg. I don't know where BIOS routines reside, how much sapce is allocated
to the BIOS, etc.
I know there is a product called "Sourcer" (BIOS pre-processor) that can do it
for me, but it apparently costs $250 odd from v-com. Besides which I feel I
will learn more by doing it my self.
Any help is greatly appreciated.
Paul
-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
John S. Fine
> I know there is a product called "Sourcer" (BIOS pre-processor) that can do it
> for me, but it apparently costs $250 odd from v-com. Besides which I feel I
> will learn more by doing it my self.
Doing it yourself? As in without a disassembler, or just without
a smart disassembler? Even with a smart disassembler, you are
talking about a long tedious difficult project. Sourcer's "do it
for you" is a gross exageration. Without a smart disassembler
don't even frustrate youself by starting.
My copy of Sourcer is several years old, so it may have improved
a lot since then. I was so disgusted with the high price,
exagerated claims, horrid user interface and rotten results of the
old one that I would not consider giving a new version a chance.
I expect that the professional version of IDA (also expensive)
is the best disassembler out there. I am fairly sure there is
still a freeware version of IDA. The freeware IDA I have used
goes way beyond anything the old version of Sourcer had. (Though
IDA also has a user interface that seems designed to provoke
maximum frustration and slowest learning).
If you really expect to disassemble a modern BIOS (not the
trivial thing on an old IBM AT, that the source code was
published for anyway), it will be worth your trouble to
learn to use IDA. (Check Dejanews for back messages in
CLAX, URLs for IDA have been posted several times, or look
in Altvista for free IDA and find lots of places where it
used to be and maybe even someplace where it still is).
BTW, NDISASM in the NASM package is a simple to use dumb
disassembler, if you really want to poke around with one
of those. It is free and so simple there is nothing to
"learn".
--
http://www.erols.com/johnfine/
http://www.geocities.com/SiliconValley/Peaks/8600/
Dark Fiber
wrote:
>
> My copy of Sourcer is several years old, so it may have improved
>a lot since then. I was so disgusted with the high price,
>exagerated claims, horrid user interface and rotten results of the
>old one that I would not consider giving a new version a chance.
yeah. i remember using old sourcer. it was sooo easy to confuse
even "tracing" jumps it still plowed right through much of the code.
> I expect that the professional version of IDA (also expensive)
>is the best disassembler out there. I am fairly sure there is
>still a freeware version of IDA. The freeware IDA I have used
>goes way beyond anything the old version of Sourcer had. (Though
>IDA also has a user interface that seems designed to provoke
>maximum frustration and slowest learning).
i found ida to be very cool since you can change it as you
disassemble. and the "I" in ida is very much alive and working.
the only thing i noticed was again it often can get "confused"
as well and give you large tracts of "db" statements you have to
manually set to code etc. still quite an improvement over sourcer ;)
what i fail to see is why anyone wants a disassembly of a modern bios
anyway? afaik bios is compressed.. well my bios upgrades seem to be
(award) LHA/LHarc compressed and often spanning more than 64kb.
it seems to burn 128kb (from memory.. its been ages)...
best bet would be to decompress the bios image before burning
and disass that.. i still fail to see a valid reason for doing so but
i guess they would not have queried disassemblers if there was not a
need to do it....
-df
Dark Fiber <ent...@ihug.com.au>
http://homepages.ihug.com.au/~entropy
Sazan Aisu Fanfiction Archive co-ordinator
http://www.geocities.com/Tokyo/Ginza/7478/
Write ya own OS FAQ
http://homepages.ihug.com.au/~entropy/os/
neph...@gmx.net
to a compressed bin-file. Does anyone know how to decompress the bin-file (or
where to find infos about it) and write the data into the flash-BIOS ?
Thanxxxxxx
;>Nephrose
tomst...@my-dejanews.com
Debug: U FFFF:0000
Tom
Flint
ones, you won't get much out of this exercise.
A Modern BIOS is composed of multiple, separately compressed modules.
There's just enough uncompressed code (in the actual flash image) to do some
chipset initialization, cache and memory sizing. The each module is
decompressed into low memory as needed, executed, and overwritten with the
next one. At OS boot time, less than 20% of the BIOS code remains resident -
the interrupt handlers (including SMI# handler in SMRAM) and some 32-bit
interfaces the OS can use to query ESCD and other PnP structures.
These modules aren't even necessarily compressed using the same algorithm,
so decompressing them is not very straightforward. Furthermore, the BIOS is
self-modifying after shadowing (which is obviously now required - can't run
compressed).
If you're only interested in the runtime BIOS image, you'll need a decent
disassembler. Unlike others here, I enjoy using Sourcer, now that I've been
learning it forever.
Flint
pa...@gcs.com.au wrote in message <7aqg8p$gf5$1...@winter.news.rcn.net>...
>I want to create a disassembly of my BIOS, but I'm not quite sure how to do
>it. Eg. I don't know where BIOS routines reside, how much sapce is
allocated
>to the BIOS, etc.
>
>I know there is a product called "Sourcer" (BIOS pre-processor) that can do
it
>for me, but it apparently costs $250 odd from v-com. Besides which I feel
I
>will learn more by doing it my self.
>
>Any help is greatly appreciated.
>
> Paul
>
>
>
Pierre Vandevenne
>I am fairly sure there is still a freeware version of IDA.
Yes, it is on simtel, in the disassembler directory.
>IDA also has a user interface that seems designed to provoke
>maximum frustration and slowest learning).
Actually it is some sort of IQ test ;-). Hopefully this will improve in the
near future.
Pierre
Pierre Vandevenne
www.datarescue.com, the home of the IDA Pro Disassembler
Version 3.8 now available - www.datarescue.com/idanew.htm
Moritz Mertinkat
just disassembled the Award 4.51 BIOS and removed the
master password (j262, 589589,...).
Now it is really safe!
But, I myself have a Advanced/EV (also known as Endeavour)
AMI-BIOS which is compressed in a way I don't know!
Is there anybody who has information about this BIOS?
And: Are all AMI BIOS types are compressed the same
way?
Byebye,
Moritz
bp jendrissek
: disassembler, if you really want to poke around with one
: of those. It is free and so simple there is nothing to
: "learn".
BTW are there plans to improve ndisasm, at least a bit?
Just let me hijack the discussion at this point. I have started a disasm
of my own (given up for now) and my brain started looking in its crystal
ball to see what was waiting for me. I wondered what features would be
"good" and what "bad" in a "useful" disassembler. Also what the best
algorithms would be to implement features, etc.
Now it strikes me that while there is much literature on assemblers and
compilers and other "constructive" things, I have never seen any formal
mention of disassemblers beyond one of existence. Are these analytical
tools seen as taboo, maybe as something only crackers like? Or can
anybody allay my fears and direct me to a site (or book)?
Bernd Jendrissek
Pierre Vandevenne
>Now it strikes me that while there is much literature on assemblers and
>compilers and other "constructive" things, I have never seen any formal
>mention of disassemblers beyond one of existence. Are these analytical
>tools seen as taboo, maybe as something only crackers like? Or can
>anybody allay my fears and direct me to a site (or book)?
Search for Cifuentes and you'll see the light. There are a couple of links and
some information on our site. As far as books are concerned, I am not aware of
any.
Nephrose
> master password (j262, 589589,...).
> Now it is really safe!
Please explain me, how you disassembled your BIOS
--- NEPHROSE
TK - TBD
BIOS
> to a compressed bin-file. Does anyone know how to decompress the bin-file
(or
> where to find infos about it) and write the data into the flash-BIOS ?
Try a program called UNAWARD, use http://ftpsearch.lycos.com to search for
it.
About the topic, don't even try it. You'll only end up confused and sad.
There's just
too much stuff. Try disassembling WINWORD.EXE???
You can of course learn something from tracing into INT handlers and
looking at
what goes on... but a complete disassembly, Naahh. Get a job with a BIOS
company,
and you can play around with the source code for your own enjoyment.
--
Regards,
TK - TBD
-= feel free to visit my old homepage @ home.c2i.net/tkjoerne =-
wbinvd
|> I've noticed when updating the BIOS the awdflash utility backups the old
|BIOS
|> to a compressed bin-file. Does anyone know how to decompress the bin-file
|(or
|> where to find infos about it) and write the data into the flash-BIOS ?
|
|Try a program called UNAWARD, use http://ftpsearch.lycos.com to search for
|it.
|
|About the topic, don't even try it. You'll only end up confused and sad.
|There's just
|too much stuff. Try disassembling WINWORD.EXE???
I don't think that's a fair comparison. A BIOS has a lot more documented
functions than a normal app (a normal app has no documented funcs). And the
chipset specific code is easy too; just get the right manual (usually from intel)
and your MoBo's manual. A BIOS is mostly written in ASM and 99% of all Windows
apps are written in a HLL. (it's easier to understand disassembled code from
an ASM programmer than from a compiler)
|
|You can of course learn something from tracing into INT handlers and
|looking at
|what goes on... but a complete disassembly, Naahh. Get a job with a BIOS
|company,
|and you can play around with the source code for your own enjoyment.
:)
Tracing interrupts are best done with a good debugger that doesn't use the
operating system, like a HW debugger, SoftICE for DOS, or 386SWAT (free at
http://www.sudleyplace.com/ )
black_...@my-dejanews.com
> |> I've noticed when updating the BIOS the awdflash utility backups the old
> |BIOS
> |> to a compressed bin-file. Does anyone know how to decompress the bin-file
> |(or
> |> where to find infos about it) and write the data into the flash-BIOS ?
> |
> |Try a program called UNAWARD, use http://ftpsearch.lycos.com to search for
> |it.
> |
> |About the topic, don't even try it. You'll only end up confused and sad.
> |There's just
> |too much stuff. Try disassembling WINWORD.EXE???
Bass Demon, I bet you haven't done disassembling of huge Win32 files too
much. I needed to do so more than I'd like to and it's a lot easier that one
can think only considering its size. Don't forget that WINWORD.EXE, as any
other Win32 application, consists of relatively small code section, bigger
data section and huge part of various resources that are just binary data and
you don't need to disassemble them. I did disassembling with Soft-ICE, it's
pretty nice and resolves imported functions either with name or with address.
Any Win32 disassembler will do the same I think. Win32 program itself is just
a bunch of Win32 API calls, windows procedures and various callbacks with
relatively simple logic.
> I don't think that's a fair comparison. A BIOS has a lot more documented
> functions than a normal app (a normal app has no documented funcs). And the
> chipset specific code is easy too; just get the right manual (usually from
intel)
> and your MoBo's manual. A BIOS is mostly written in ASM and 99% of all Windows
> apps are written in a HLL. (it's easier to understand disassembled code from
> an ASM programmer than from a compiler)
Hell no! ;) BIOS is written with optimizations for size, sometimes very
heavy. It contains sometimes clever and not trivial code. A program written
in HLL is straight-forward: you can predict almost precisely how an HLL
construct will look like in assembly. After that comes optimizer that can mix
code somehow but not too much so you can still hold the thread.
> |You can of course learn something from tracing into INT handlers and
> |looking at
> |what goes on... but a complete disassembly, Naahh. Get a job with a BIOS
> |company,
> |and you can play around with the source code for your own enjoyment.
Well, what's the point of disassembling ALL the BIOS anyway? Only to fill a
collection?
-- Sclerosis cannot be healed but can be forgotten --
TK - TBD
<7bkam0$gep$1...@winter.news.rcn.net>...
> |About the topic, don't even try it. You'll only end up confused and sad.
> |There's just
> |too much stuff. Try disassembling WINWORD.EXE???
>
> functions than a normal app (a normal app has no documented funcs). And
the
> chipset specific code is easy too; just get the right manual (usually
from intel)
> and your MoBo's manual. A BIOS is mostly written in ASM and 99% of all
Windows
> apps are written in a HLL. (it's easier to understand disassembled code
from
> an ASM programmer than from a compiler)
Yes. My point is, the code is hardly understandable at all, when view in
its binary
final form in the ROM image.
This is the way the architecture works. Some BIOS'es are easier to
understand
than others. If you have a big 256k or 512k BIOS, first of all it's
normally
compressed up in 4GB, then run-time portition down in F000 is only a small
part of the entire BIOS.
As I said, try looking at interrupt handlers and API's and see what goes
on.
About the chipset stuff, yes it's fairly easy, just get the manual and play
with
it.
wbinvd
|> I don't think that's a fair comparison. A BIOS has a lot more documented
|> functions than a normal app (a normal app has no documented funcs). And the
|> chipset specific code is easy too; just get the right manual (usually from
|intel)
|> and your MoBo's manual. A BIOS is mostly written in ASM and 99% of all Windows
|> apps are written in a HLL. (it's easier to understand disassembled code from
|> an ASM programmer than from a compiler)
|
|heavy. It contains sometimes clever and not trivial code. A program written
|in HLL is straight-forward: you can predict almost precisely how an HLL
|construct will look like in assembly. After that comes optimizer that can mix
|code somehow but not too much so you can still hold the thread.
I've disassembled a lot of programs and I've never found an asm-only app
being difficult to understand (even BIOS code and other "difficult" apps).
In fact, when I started learning asm two years ago, I used TD whenever I
found an interesting app and traced through it (didn't have a disassembler
back then.). It was a lot easier after I wrote a disassembler.
(still prefer my disassembler over IDA)
Give me an asm app and I'll disassemble it any day (as long as it's an
interesting app)
Nephrose
>About the topic, don't even try it. You'll only end up confused and sad.
>There's just
>too much stuff. Try disassembling WINWORD.EXE???
>
>looking at
>what goes on... but a complete disassembly, Naahh. Get a job with a BIOS
>company,
>and you can play around with the source code for your own enjoyment.
Y not I just wanted to change the energy star - logo to another logo
--------------- Nephrose
Pierre Vandevenne
>Y not I just wanted to change the energy star - logo to another logo
start there - ready made programs to achieve this are available
Pierre
Pierre Vandevenne
www.datarescue.com, the home of the IDA Pro Disassembler
Version 3.83 soon available - Pentium III, Hitachi SH-4
Folding, Improved analysis, FLIRT and FLAIR, & much more...
black_...@my-dejanews.com
> |> I don't think that's a fair comparison. A BIOS has a lot more documented
> |> functions than a normal app (a normal app has no documented funcs). And the
> |> chipset specific code is easy too; just get the right manual (usually from
> |intel)
> |> and your MoBo's manual. A BIOS is mostly written in ASM and 99% of all
Windows
> |> apps are written in a HLL. (it's easier to understand disassembled code
from
> |> an ASM programmer than from a compiler)
> |
> | Hell no! ;) BIOS is written with optimizations for size, sometimes very
> |heavy. It contains sometimes clever and not trivial code. A program written
> |in HLL is straight-forward: you can predict almost precisely how an HLL
> |construct will look like in assembly. After that comes optimizer that can mix
> |code somehow but not too much so you can still hold the thread.
>
> I've disassembled a lot of programs and I've never found an asm-only app
> being difficult to understand (even BIOS code and other "difficult" apps).
That wasn't my point - that BIOS programs are too difficult. Rather, it was
that HLL programs are yet easier to understand. Try to write some short
programs with even weird constructs and see if you have any difficulty
understanding compiler-generated code.
> In fact, when I started learning asm two years ago,
Wondering what you've been doing before - WBINVD is out since 1989 ;)
> I used TD whenever I
> found an interesting app and traced through it (didn't have a disassembler
> back then.). It was a lot easier after I wrote a disassembler.
> (still prefer my disassembler over IDA)
That's only natural. When you write some tool you always are orienting on your
own preferences and comfort, whether you concern it or not.
wbinvd
|> |> apps are written in a HLL. (it's easier to understand disassembled code
|from
|> |> an ASM programmer than from a compiler)
|> |
|> | Hell no! ;) BIOS is written with optimizations for size, sometimes very
|> |heavy. It contains sometimes clever and not trivial code. A program written
|> |in HLL is straight-forward: you can predict almost precisely how an HLL
|> |construct will look like in assembly. After that comes optimizer that can mix
|> |code somehow but not too much so you can still hold the thread.
|>
|> I've disassembled a lot of programs and I've never found an asm-only app
|> being difficult to understand (even BIOS code and other "difficult" apps).
|
|That wasn't my point - that BIOS programs are too difficult. Rather, it was
|that HLL programs are yet easier to understand. Try to write some short
|programs with even weird constructs and see if you have any difficulty
|understanding compiler-generated code.
I don't think it's hard to understand compiler generated code, I meant
it's much easier to understand an ASM programmer's code. It's cleaner
code and (IMO) much easier to understand. Of course, the better the
compiler is, the easier it is to understand it. Compare old 16-bit code
with the latest compiler's code... (maybe you think older compiler's code
are easier to understand? :)
|
|> In fact, when I started learning asm two years ago,
|
|Wondering what you've been doing before - WBINVD is out since 1989 ;)
Nothing. BTW, to be exact, I started learning asm 2yrs and 3 or 4 months ago,
but who's counting? :)
Nephrose
>start there - ready made programs to achieve this are available
>
>http://www.ping.be/bios/
>
I haven't found a program to change the bios logo there - please tell me
where I should find it on wim's bios page
------------- Nephrose
Pierre Vandevenne
FAQ page, question 24