That's why I have suggested to search for 00 63 FF FF Location below (near to) RSDT string. If you don't get a hit, search without 00 byte and have a look what's nearest to RSDT string. Btw: Credits go to the Chinese modder and darwush2 who have realised /discovered the mod, I only tried to understand what was patched. Anyway a cold beer in buenos aires would be fine.
When you search for the sequence in front of you come to (also near to RSDT string): Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000130A0 66 B9 9C 71 9A BE 00 13 11 5F AB 84 f¹œqš¾..._«„ 000130B0 43 21 9A A4 60 01 B6 63 01 12 46 71 60 20 44 62 C!š¤`.¶c..Fq` Db converted to code there is an ARPL command 63 01: Code: seg000:130A9 mov si, 1300h seg000:130AC adc [bx-55h], bx seg000:130AF test [bp+di+21h], al seg000:130B2 call far ptr 0B601h:60A4h seg000:130B7 arpl [bx+di], ax seg000:130B9 adc al, [bp+71h] seg000:130BC pusha seg000:130BD and [si+62h], al seg000:130C0 add [bx+di-6Ah], si seg000:130C3 test [bp+di], ax seg000:130C5 pop ds I'm an noob regarding disassembly. I wonder if that command needs to be patched....
here is a copy of IDA disassembly after changing FF to FE in a 6910p bios mov ax, 1 push 0F389h call far ptr 0F000h:30E7h pop es assume es:nothing cld mov ecx, 9Ch ; 156 octets mov esi, 0FFFE6300h ; table address in NO protected zone mov edi, 0B874h rep movs byte ptr es:[edi], byte ptr [esi] cld mov ecx, 0B6h ; 182 octets mov esi, 0FFFE6200h ; marker table adress in NO protected zone mov edi, 0B910h rep movs byte ptr es:[edi], byte ptr [esi] mov ax, 0 push 0F389h call far ptr 0F000h:30E7h as you can see we are very lucky because changing one octet in a compress file can produce strange result. Here the result is perfect. This patch doesn't affect the burning algo but only the place where the SLIC table is read. Consequence: for each future bios update, we must patch it again. for those interest by IDA have a look in attach file.
probably better that way! i know it's off-topic - but is there a general way to load a dsdt table in win 7, like there is with chameleon bootloader for mac os?
HP6715/6515 version F.0E @SEBUS concerning HP6715/6515 version F.0E. once decompress the scheme is similar to others bios: push 0F389h call far ptr 0F000h:0EE63h pop es assume es:nothing cld mov ecx, 9Ch mov esi, 0FFFF1300h mov edi, 4384h rep movs byte ptr es:[edi], byte ptr [esi] cld mov ecx, 0B6h mov esi, 0FFFF1200h mov edi, 4420h rep movs byte ptr es:[edi], byte ptr [esi] mov ax, 0 push 0F389h call far ptr 0F000h:0EE63h pop es Unfortunately the Bios file doesn't contain the 13 FF FF expected sequence at the right place. The solution should be to decompress with ADDCC utility, patch the 02_POST_00020100_68YTT.dec resulting file, compressing it and re injecting the result in the Bios file. But as far as i know we don't have the compress utility. SEMI the creator of ADDCC utility, can probably help us.
Doing it by trial and error this way seems to throw the compression into pieces ... 02_POST_00020100_68YTT.dec has 13 FF FF only once at 489C The 13 corresponds to 13 in 68YTT.bin at 130AB, next byte is 11 (what could one need to change it to get FE, if at all it is possible...) sebus
HP 6715/6515 version F.07 If you change FF at 13110 in 68YTT.bin to FE, then you'll have your desired "13 FE FF" and "12 FE FF" opcode sequence in the right place as shown by the resultant decompressed 02_POST_00020100_68YTT.dec snippet below: Code: 00004980h: F0 07 FC 66 B9 9C 00 00 00 66 BE 00 13 FE FF 66 ; ð.üf¹œ...f¾..þÿf 00004990h: BF 74 44 00 00 F3 67 A4 FC 66 B9 B6 00 00 00 66 ; ¿tD..óg¤üf¹¶...f 000049a0h: BE 00 12 FE FF 66 BF 10 45 00 00 F3 67 A4 B8 00 ; ¾..þÿf¿.E..óg¤¸. Please confirm this does enable SLIC 2.1 on your 6715/6515.
Or change notebook (which I am about to do), or stay with MAK key (which I do) But it is always fun to play with BIOS... sebus
The disassembled code makes now sense (even to me). Trying to convert compressed data into code was no good idea...... An expert for compression is apokrif. He developed a compressor / decompressor for Dell bioses. It seems difficult to figure the decompression and write a compressor. The decompression routine is found at every bios.
Mod date Hi, Now that there is amod for slic 2.1 I want to try to flash a "correct" bios for my 6820s. apart from changing the slic I want to modify the date. The date of the bios is 11/04/08, so I hexedited the date to 11/04/10. I have decompressed the resultant bios and the only diff is the date in 19_FFF65366_ROMBLOCK_ROM.bin file. So it seems to be doable, what scared me is the name of the file... I'm afraid of modifying the romblock. As I might get a non recoverable laptop, has someone tried it? thanks