Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes

Discussion in 'MDL Projects and Applications' started by andyp, Nov 26, 2009.

Page 108 of 216
  1. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2141 andyp, Sep 6, 2011 (OP)
  2. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2142 andyp, Sep 6, 2011 (OP)
    Yes
    One extra 'SLIC' string gets replaced with 'OEMX'. I am looking at why the tool doesn't do this.
    Andy

     
  3. haiduongbros

    haiduongbros MDL Addicted

    Apr 13, 2009
    504
    163
    30
    #2143 haiduongbros, Sep 6, 2011
    if you please spare specific guidance
     
  4. rameso

    rameso MDL Novice

    May 2, 2007
    2
    0
    0
    #2144 rameso, Sep 6, 2011
  5. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    18,827
    19,050
    340
    #2145 Tito, Sep 6, 2011
  6. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2146 andyp, Sep 6, 2011 (OP)
  7. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2147 andyp, Sep 7, 2011 (OP)
    b5 of the tool now does automatically
    Andy

     
  8. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2148 andyp, Sep 7, 2011 (OP)
  9. P3N3TRAT10N

    P3N3TRAT10N MDL Junior Member

    Nov 11, 2009
    62
    25
    0
    #2149 P3N3TRAT10N, Sep 7, 2011
    The phoenixtool191b5 produces an out of bounds error with the ASRock Fatal1ty 990FX Professional version 1.20 and 1.10 EFI files in the Windows 7 x64 OS and Windows XP VM guest environment. The error does not occur with phoenixtool191b4 using the same EFI files in the same OS and VM guest environment. The phoenixtool191b4 program can run completely, with No SLIC option enabled, to produce new versions of the 1.20 and 1.10 EFI files. I've attached a screenshot of the phoenixtool191b5 produced error and phoenixtool191b4 version 1.20 EFI SLIC Log.

    Update 00: The phoenixtool191b5 does not produce this error with the ASUS SABERTOOTH 990FX version 0402 EFI file in the Windows 7 x64 OS and Windows XP VM guest environment. The program can run completely, with No SLIC option enabled, to produce a new version 0402 EFI file.

    Update 01: The phoenixtool191b5 does not produce this error with the ASRock 890FX Deluxe5 version 1.20 EFI file in the Windows 7 x64 OS and Windows XP VM guest environment. The phoenixtool191b5 program can run completely, with No SLIC option enabled, to produce a new 1.20 EFI file. However, the phoenixtool191b5 reproduces the same error using the version 1.40 and 1.50 EFI files of the ASRock 890FX Deluxe5.

    Update 02: The phoenixtool191b5 does not produce this error with the ASUS Crosshair V Formula version 0506 and 0404 EFI files in the Windows 7 x64 OS and Windows XP VM guest environment. The program can run completely, with No SLIC option enabled, to produce new versions of 0506 and 0404 EFI files.

    Update 03: The phoenixtool191b5 reproduces this error with the ASRock 990FX Extreme4 version 1.00, 1.10, and 1.20 EFI files in the Windows 7 x64 OS and Windows XP VM guest environment.

    Update 04: The phoenixtool191b5 does not produce this error with the ASRock 890GX Extreme4 R2.0 version 1.10 and 1.20 EFI files in the Windows 7 x64 OS and Windows XP VM guest environment. The program can run completely, with No SLIC option enabled, to produce new versions of 1.10 and 1.20 EFI files. However, the phoenixtool191b5 reproduces the same error using version 1.40 EFI of the ASRock 890GX Extreme4 R2.0.
     
  10. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2150 andyp, Sep 7, 2011
    Last edited by a moderator: Apr 20, 2017
    (OP)
    OK folks... some progess looking into the mechanism of the NVRAM mod.
    I have found this code in the A7C6.... module

    Code:
    .text:000000000040D42C                 push    rbx
.text:000000000040D42E                 push    rbp
.text:000000000040D42F                 push    rsi
.text:000000000040D430                 push    rdi
.text:000000000040D431                 mov     r11, rsp
.text:000000000040D434                 sub     rsp, 28h
.text:000000000040D438                 mov     eax, 100h
.text:000000000040D43D                 xor     edi, edi
.text:000000000040D43F                 lea     rcx, [r11+28h]
.text:000000000040D443                 mov     [r11+38h], rax
.text:000000000040D447                 mov     [r11+30h], rax
.text:000000000040D44B                 mov     eax, cs:dword_4101FC
.text:000000000040D451                 mov     [rcx], eax
.text:000000000040D453                 mov     al, cs:byte_410200
.text:000000000040D459                 mov     dl, dil         ; DIL (lower 8 bits of RDI) is 0
.text:000000000040D45C                 mov     [rcx+4], al
.text:000000000040D45F                 mov     r8b, [r11+28h]
.text:000000000040D463                 lea     esi, [rdi+1]    ; ESI=1
.text:000000000040D466                 cmp     r8b, dil
.text:000000000040D469                 jz      short loc_40D47D
.text:000000000040D46B                 lea     rcx, [r11+28h]
.text:000000000040D46F
.text:000000000040D46F loc_40D46F:                             ; CODE XREF: sub_40D42C+4Fj
.text:000000000040D46F                 add     rcx, rsi        ; INC RCX
.text:000000000040D472                 add     dl, r8b
.text:000000000040D475                 mov     r8b, [rcx]
.text:000000000040D478                 cmp     r8b, dil
.text:000000000040D47B                 jnz     short loc_40D46F ; INC RCX
.text:000000000040D47D
.text:000000000040D47D loc_40D47D:                             ; CODE XREF: sub_40D42C+3Dj
.text:000000000040D47D                 mov     rcx, cs:qword_4B5490
.text:000000000040D484                 cmp     [rcx+0D2h], dl  ; Board specific flag
.text:000000000040D48A                 jnz     loc_40D616      ; Exit with RAX=1
.text:000000000040D490                 cmp     byte ptr [rcx+0D4h], 0FFh
    I can't figure out what is at r11+28 other than its on the stack and probably from a previous subroutine. But it seems to calculate a value that is compared against A01D2h in the NVRAM
    I wonder if an easier answer would by to NOP the jump at 404D48A.

    Anyone with an ASUS K43/53 board that is happy to experiment??

    Andy
     
  11. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2151 andyp, Sep 7, 2011 (OP)
    Fixed. Thanks
    Andy

     
  12. P3N3TRAT10N

    P3N3TRAT10N MDL Junior Member

    Nov 11, 2009
    62
    25
    0
    #2152 P3N3TRAT10N, Sep 7, 2011
    @andyP

    This question may have been posed to you before, you've thought of it yourself, or it's not reasonable/possible to accomplish. Have you considered, planning, or are currently creating separate tools for Phoenix, InsydeH20, and EFI firmwares? I would believe the code is more organized, easier to maintain, among many other benefits to your work with these firmwares.
     
  13. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2153 andyp, Sep 7, 2011 (OP)
    Actually the tool was written the other way round... there are lots of shared routines - Insyde is effectively EFI anyway it turns out.
    At one point I thought of combining AMI and Award into this one as well - it's actually easier to maintain one tool.
    But given they are effectively dead now they wont be getting any further development so will be left as is.

    What may happen over the next year is Dell and Phoenix get stripped out, and an legacy version of the tool is left for those - I don't think i've touched them in ages and ages.
    And the tool then only moves forward with EFI.

    Andy

     
  14. P3N3TRAT10N

    P3N3TRAT10N MDL Junior Member

    Nov 11, 2009
    62
    25
    0
    #2154 P3N3TRAT10N, Sep 7, 2011
    Thanks for information. I didn't think about them sharing subroutines and I was aware that newer InsydeH20 were EFI or hybrid EFI firmwares. That is surprising it would be easier to maintain one tool, as opposed to, a tool per each genus of firmware. I would have thought that the shared subroutines would not change that often but the functions for reading the structure's headers/DXEs/PEs, compressing, and decompressing, changed more often. Anyways, you're doing great work and I've learned quite a bit more in the past year from MDL, RHCF, and Darmawan Salihun's (Pinczakko) blogs, posts, and books. BTW, you might be interested in some of the tutorials by this blogger. However, it may not be of any help if you're already familiar with it.

    hxxp://pete.akeo.ie/
     
  15. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,109
    14,065
    340
    #2155 Yen, Sep 8, 2011

    Well, what will happen with the tools also depends on windows 8 OA3.0.

    Your tools have started with the intention to add a SLIC and / or an SLP string.
    This was the one and only motivation for me to learn about BIOS / EFI at all.

    Recently I do not much biosmodding (busy with Android), but I am still interested in how your tools are developing.
    I am very happy that you are still around here at MDL and that you are updating your tool(s).

    Since official EFI tools seem not to leak (AMI BCP for EFI has been leaked though) your tool is the only one and the first that is able to decompose EFI and rebuilds it after modifications.

    You can be very proud of it. It is used by many people who want to mod their EFI (not implicit to SLIC it)

    If OA3.0 shouldn’t be implemented at BIOS / EFI anymore your tools still can be used for any module modifications. To ‘SLIC’ a EFI / BIOS would be just an additional option then.


    It seems there are more and more EFIs now replacing the BIOS. Only Award seem to stay at BIOS or at least at an hybrid.

    Looking forward to w8 and OA3.0....at the latest then I’ll start again.
    Keep it up!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2156 andyp, Sep 9, 2011 (OP)
  17. P3N3TRAT10N

    P3N3TRAT10N MDL Junior Member

    Nov 11, 2009
    62
    25
    0
    #2157 P3N3TRAT10N, Sep 9, 2011
    Tested phoenixtool191b6 with the ASRock Fatal1ty 990FX Professional EFI version 1.20 file, with No SLIC option enabled, and it produced the same output as phoenixtool191b4. Thanks for the update.
     
  18. mine

    mine MDL Novice

    Jul 9, 2010
    33
    26
    0
    #2158 mine, Sep 9, 2011
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2159 andyp, Sep 9, 2011 (OP)
    If the module you are trying to add is already compressed tick compressed. If it is not leave it unticked and the tool will compress automatically.
    So when adding slpsupport.mod manually, compressed should be ticked, as it is already compressed.
    What exactly are u trying to do that gets the module count mismatch (ie which efi, adding/replacing which module, compressed ticked/unticked)

    nvram method - it will automatically determine if the efi is x43SJ, x53SJ, x43E, x53E and use the appropriate 1d2h byte
    EDIT: Although it appears I broke this in b6. b7 soon. Good spot :)

    Andy

     
  20. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,570
    60
    #2160 andyp, Sep 9, 2011 (OP)
    But has the error you had gone?? It should have

    Andy
     
Page 108 of 216