Jump to content

My Award BIOS hacking/patching Guide


Recommended Posts

thanks for the appreciation guys :D. BTW, I plan to make an article in the near future that reveal the inner working of your so called "ROMSIP Table". I'm just pretty busy now, when I have a spare time I'll do it. I've found a "quite similar table" within my BIOS though ;). Anyway, I keen to know how the "ROMSIP Table" name derived? I mean who name it and why it is named like that ?

Share this post

Link to post
Share on other sites

  • 3 weeks later...

Makes you wonder, all that effort and all they had to do was stick a couple K of static ram into the SuperIO chip to be stack/scratchpad pre-ram setup. The PC architecture is a hodgepodge of nonsense from a bunch of basically half-rate engineers stumbling through life.


When designers/manufacturers are paranoid over $.50... it gets ugly fast.


If they just did it right, and made a gazillion copies... it would have cost the same (or less) and been....DONE RIGHT :nod:


Hell even the Intel big/little endian thing is FK'd up. Motorola did it right (the 68000 was god btw) and IBM made the 2nd worst business decision in human history picking the 8086(88) over the 68000....all because of a $5/chip diffence at the time.


Moving to 64bit on Motorola architecture would be a ZERO cost issue, while on Intel architecture it has serious SW implications....little-endian stupidity...aka Hebrew and binary math dont mix.


Oh well, rants-r-us.


Oh, the 1st worst business decision in human history....letting Microsoft keep the ownership of DOS. Cost to IBM... minimum $1 TRILLION.

Share this post

Link to post
Share on other sites

you are right, from engineering point of view, x86 is a "complete kludge". But I just take this reverse engineering thing as a "brain exercise" for myself :nod: . We don't know for sure, but if the "sinking Itanium family" really hit the shelves as a "desktop chip" (which probably would never happen :( ), then we're gonna have a real hungry "number crunching beast" designed from the ground up. Anyway, I could only envy to the "cool" ARM architecture that is used in many embedded device today compared to our "x86 kludge machine". AFAIK, the only useful thing we got from this "kludge thing" today is the progress in optimizing compiler research and implementation which Intel pioneered ;)

Share this post

Link to post
Share on other sites

  • 9 months later...

to technically minded people


I've made a correction to the article in the PCI bus explanation section. I've made a very minor mistake there regarding the interpretation of the PCI protocol back then. Yeah, I was a newbie at that time. Sorry for the inconvenience.





Share this post

Link to post
Share on other sites

  • 5 weeks later...

Just revamped the article a bit :D




1. ToC improved for better navigation.

2. BIOS chip addressing improved.

3. Added new sections:

  • "Relocatable" Hardware Port explanation
  • Expansion ROM Handling explanation

  • IDA Pro introductory materialz

4. Better code interpretation :wink:

5. Compressed version of the article can be downloaded as well



ToC snippet provided below:



Table of Contents

  • 1. Foreword
  • 2. Prerequisite
    • 2.1. PCI BUS
    • 2.2. ISA BUS


    [*] 3. Some Hardware Peculiarities

    • 3.1. BIOS Chip Addressing
    • 3.2. Obscure Hardware Port
    • 3.3. "Relocatable" Hardware Port
    • 3.4. Expansion ROM Handling


    [*] 4. Some Software Peculiarities

    • 4.1. Call Instruction Peculiarity
    • 4.2. Retn Instruction Peculiarity


    [*] 5. Our Tools of Trade

    • 5.1. What do we need anyway?
    • 5.2. Intro to IDA Pro Techniques
      • 5.2.1. Introducing IDA Pro
      • 5.2.2. IDA Pro Scripting and Key Bindings


    [*] 6. Award BIOS File Structure

    • 6.1. The Compressed Components
    • 6.2. The Pure Binary Components
    • 6.3. The Memory Map In The Real System (Mainboard)


    [*] 7. Disassembling the BIOS

    • 7.1. Bootblock
      • 7.1.1 "Virtual Shutdown" routine
      • 7.1.2 Chipset_Reg_Early_Init routine
      • 7.1.3 Init_Interrupt_n_PwrMgmt routine
      • 7.1.4 Call To "Early Silicon Support" Routine
      • 7.1.5 Bootblock Is Copied And Executed In RAM
      • 7.1.6 Call to bios decompression routine and the jump into decompressed system bios


      [*] 7.2. System BIOS a.k.a Original.tmp

      • 7.2.1. Entry point from "Bootblock in RAM"
      • 7.2.2. The awardext.rom and Extension BIOS Components (lower 128KB bios-code) Relocation Routine
      • 7.2.3. Call to the POST routine a.k.a "POST jump table execution"
      • 7.2.4. The "segment vector" Routines
      • 7.2.5. "chksum_ROM" Procedure
      • 7.2.6. Original.tmp decompression routine for the "Extension_BIOS components"


    [*] 8. Closing


Share this post

Link to post
Share on other sites

  • 3 months later...

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...