WIND0WS 7 PreInfo about D4700A10.rom microcode updete: Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00079140 1E 00 87 9B 64 6F 43 75 ‡›doCu segment offset Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00079B80 66 B9 26 00 00 00 66 BE 00 f¹& f¾ 00079B90 00 F9 FF 26 67 80 7E 02 14 74 10 66 67 0F B7 06 ùÿ&g€~ t fg · 00079BA0 66 83 C0 03 66 03 F0 E2 EA EB 51 66 83 C6 03 66 fƒÀ f ðâêëQfƒÆ f 00079BB0 8B FE 66 B8 01 00 00 00 0F A2 66 26 67 0F B7 0E ‹þf¸ ¢f&g · 00079BC0 66 83 C6 02 26 67 3B 06 74 11 66 83 C6 08 E2 F4 fƒÆ &g; t fƒÆ âô 00079BD0 66 B8 78 78 78 55 66 E7 E0 EB 21 66 26 67 8B 46 f¸xxxUfçàë!f&g‹F 00079BE0 04 66 E7 E0 66 8B C7 66 26 67 0F B7 56 02 66 03 fçàf‹Çf&g ·V f 00079BF0 C2 66 B9 79 00 00 00 66 33 D2 0F 30 E9 Âf¹y f3Ò 0é *** disassembled code uCod F000:9B87 ; --------------------------------------------------------------------------- F000:9B87 mov ecx, 26h ; '&' F000:9B8D mov esi, 0FFF90000h ; start address from ROM 00010000? F000:9B93 F000:9B93 loc_79B93: Calc address of jump ; CODE XREF: F000:9BA7j F000:9B93 cmp byte ptr es:[esi+2], 14h F000:9B99 jz short loc_79BAB F000:9B9B movzx eax, word ptr [esi] F000:9BA0 add eax, 3 F000:9BA4 add esi, eax F000:9BA7 loop loc_79B93 F000:9BA9 jmp short loc_79BFC F000:9BAB ; --------------------------------------------------------------------------- F000:9BAB F000:9BAB loc_79BAB: Get procID ; CODE XREF: F000:9B99j F000:9BAB add esi, 3 F000:9BAF mov edi, esi F000:9BB2 mov eax, 1 F000:9BB8 cpuid F000:9BBA movzx ecx, word ptr es:[esi] F000:9BC0 add esi, 2 F000:9BC4 F000:9BC4 loc_79BC4: ; CODE XREF: F000:9BCEj F000:9BC4 cmp ax, es:[esi] F000:9BC8 jz short loc_79BDB F000:9BCA add esi, 8 F000:9BCE loop loc_79BC4 F000:9BD0 mov eax, 55787878h F000:9BD6 out 0E0h, eax; Dell Indicator "Uxxx" F000:9BD9 jmp short loc_79BFC F000:9BDB ; --------------------------------------------------------------------------- F000:9BDB F000:9BDB loc_79BDB: Start microcode update ; CODE XREF: F000:9BC8j F000:9BDB mov eax, es:[esi+4] ; F000:9BE1 out 0E0h, eax F000:9BE4 mov eax, edi F000:9BE7 movzx edx, word ptr es:[esi+2] F000:9BEE add eax, edx ; start address in eax F000:9BF1 mov ecx, 79h ; 'y' F000:9BF7 xor edx, edx F000:9BFA wrmsr F000:9BFC F000:9BFC loc_79BFC: ; CODE XREF: F000:9BA9j F000:9BFC ; F000:9BD9j F000:9BFC jmp loc_79303; return to calc address routing
WIND0WS 7 Result: Code: D4700A10.rom Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00047970 12 00 24 0F 92 00 30 42 57 $ ’ 0BW 00047980 4E 27 0F 62 08 31 43 57 4E 29 0F 32 10 31 44 57 N' b 1CWN) 2 1DW 00047990 4E 25 0F 02 18 30 4D 57 4E 13 0F D2 1F 30 45 4C N% 0MWN Ò 0EL 000479A0 43 30 0F A2 27 30 41 43 50 31 0F 72 37 30 42 43 C0 ¢'0ACP1 r70BC 000479B0 50 32 0F 42 47 31 42 43 50 33 0F 12 4F 30 43 43 P2 BG1BCP3 O0CC 000479C0 50 37 0F E2 56 31 43 43 50 34 0F B2 5E 30 44 43 P7 âV1CCP4 ²^0DC 000479D0 50 41 0F 82 7A 30 45 43 50 49 0F 52 8E 31 47 43 PA ‚z0ECPI RŽ1GC 000479E0 50 60 0F 22 96 30 41 4D 43 61 0F F2 9D 30 42 4D P` "–0AMCa ò 0BM 000479F0 43 62 0F C2 A5 31 42 4D 43 43 0F 92 AD 30 4E 52 Cb Â¥1BMCC ’*0NR 00047A00 49 4A 0F 62 B5 30 52 52 49 IJ bµ0RRI *** Numbers of updates 12h=18dec. ProcID It's Value that is should be added to 00047977 ... data -2000 bytes 00052ED0 C7 BC 07 1B 65 CE 9C Ǽ eÎœ 00052EE0 22 89 6D 94 E3 AA 8E 8A 36 97 41 8A 8B 64 86 04 "‰m”㪎Š6—AŠ‹d† 00052EF0 2E 28 89 07 48 AE 49 A7 0A 15 92 EE 1C 85 04 91 .(‰ H®I§ ’î … ‘ 00052F00 22 24 08 03 3D F8 61 CB 15 "$ =øaË ..... Some comments; * Address FFF90000 is alias ROM address 00010000 FFFA0000 - 00020000 FFFB0000 - 00030000 i.t.c. * For ProcID with 0Fxx the size of microcode can be equal to 16kB Apokrif I'll be glad if you find errors!
I'm sorry but a lot of this makes little sense to me. Where'd that D4700A10.rom come from? Is it the same as D4700A10.hdr or is it a module that'd be in the DUMP folder? You said to change "12 00" at 00047977 to "62 B5"? Won't that change the Number of updates though? Do I need to modify the Header of microcode at all? Should I use the app(s)/script(s) or w/e you're using to add/replace the CPU microcode safely? Can the CPU microcode for a single 0Fxx be 16000 bytes?
Hi!WIND0WS 7 I apologize for my English. answers 1 - rom file is compressed in memory chip bios (ROM) 2. hdr file is unpacked into memory (RAM) 3 To get the address of the beginning of the microcode in the chip bios (ROM), it is necessary to address the beginning 00047977 of the code add value B5 62 (00047977+B562=00052ED9) 4. 12h = 18 - number of micro-code updates to all of these processors (0f24, ... 0f4a) 5. Must be replaced old ProcID (0f4a) and himself microcode, remove the old and insert new at the same location and recalculate checksum.
Do you know where the 0f4a microcode starts in my .hdr? Is it 2000 bytes (7D0) from 3DC80-3E44F? At least it doesn't contain words like B562-BD31 does. Do I need to modify a Header?
WIND0WS 7 Don't worry! I'll understand process. As soon understand what was happening, then tell you specifically. I know no more of your. PS: There is my mystake!!I'm dummkopf(germ.)!: These updates is without headers, only the pure data! For D4700A10.hdr offset for 0F4A = 379CB+B562=42F2D=> Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00042F20 C7 BC 07 Ǽ 00042F30 1B 65 CE 9C 22 89 6D 94 E3 AA 8E 8A 36 97 41 8A eÎœ"‰m”㪎Š6—AŠ 00042F40 8B 64 86 04 2E 28 89 07 48 AE 49 A7 0A 15 92 EE ‹d† .(‰ H®I§ ’î ....
WTF is dummkopf(germ.)? Isn't that code the same as the Header of microcode 48 byte you posted earlier? Code: 00052ED0 C7 BC 07 1B 65 CE 9C Ǽ eÎœ 00052EE0 22 89 6D 94 E3 AA 8E 8A 36 97 41 8A 8B 64 86 04 "‰m”㪎Š6—AŠ‹d† 00052EF0 2E 28 89 07 48 AE 49 A7 0A 15 92 EE 1C 85 04 91 .(‰ H®I§ ’î… ‘ 00052F00 22 24 08 03 3D F8 61 CB 15 "$ =øaË So do I replace 2000 or 2048 bytes from 42F2D?
Code is same. There is no header into this fragment, ONLY DATA - 2000 byte =7D0h DUmmkopf(germ.)=stupid(eng.)
Okay, thank you very much for your help. I just have a couple more quick questions, can I edit just the D4700A10.hdr only and flash it, or should I edit that D4700A10.rom you created and does it open in Phoenix BIOS Editor Pro or just say No BCPs!? Could these modifications brick the board and/or BIOS?
In theory, the BIOS can be killed. The motherboard is not. You must follow the simple rules: 1. Move and paste the code byte by byte. The main thing is not to affect other code. 2. Be sure to recalculate the checksum of the BIOS and the module in which you make a modification. Microcode couldn't be flashed in the processor if it is not designed for this model, the processor will simply ignore it. There is easier to make a change in the file .hdr,I think. But I would have done so: Stuffed the hdr file to Phoenix BIOS Editor Pro, unpacked it, found a module that will change, has made a change, recalculate the checksum of the module, packed, recalculate the checksum of the all hdr file, flash it.
What do you mean by byte by byte? I can copy and paste the whole 2000 bytes and the other thing into the hex editor in full no? I'm not sure how to recalculate the checksums yet as I've never done it before. Are you saying the CPU itself gets flashed or reads CPU microcode? Doesn't it depend on the mainboards revision and/or chipset (+ the microcode) for the CPU support? It never lets me open the BIOS, it always gives error.
Yes. Use Apokrif tool (Split.exe)! (page#9 post#86) Motherboard (chipset) must support CPU revision. BIOS loader upload microcode from BIOS chip into CPU and CPU upgrate itself.
I meant board revision AND Chipset revision. By "CPU revision" do you mean the CPUID, sSpec number or stepping? This confuses me too lol, what BIOS loader and what do mean CPU upgrades itself?
I forgot to ask, the CPU I put in is an ES (engineering sample) final version CPU. Someone told me that ES CPUs have different numbers. Is it true that my ES final version CPU may have a different CPUID to its non-ES equivalent CPU ID 0F65?
Described early in this thread. Just search. Same thing. Use CPU-Z. Let me know what you get from CPU-Z, I'll try to do BIOS mod. But somebody else has to verify it before you flash.