: BIOS 4.

21 []
: mik

: 2008-04-01 00:34

: BIOS 4.21

BIOS BIOS

BIOS kernel BIOS

.
[ mik 2008-4-21 01:35 ]
: mik

: 2008-04-01 00:40

1BIOSex38dq6.f2IntelX38MCH+ICH9
BIOSma79xds4.f4AMD790X+SB600
2cbromBIOScbrom182
3lha2.55LHA
4awdbeditawardbios
5hexworkshop
6IDAIDA5.2

1
2

3x86IntelAMD
4ISA/PCIISA/PCISpecification
5north/southbridgeIntelMCHnorthbridgeICHsouthbridgedatasheet
[ mik 2008-4-1 00:41 ]
: mik

: 2008-04-01 00:51

(1)0~9_FFFFDOSMCHDRAM
(2)A_0000~B_FFFFDevice2Device1PCIExpress
ICHDev2/Dev1/ICH
SMMSMMMCHDRAM
(3)C_0000~F_FFFF256KBPAEProgramedAttributeMemory4

DisableRead/WriteReadOnlyWriteOnlyDRAMICH
DisableICHBIOSBOOTLOCK
shadowmemory
(4)E_0000~E_FFFFBIOSE_Segment
(5)F_0000~F_FFFFLPCBIOSHighBIOSdisableMCH
ICHF_Segment
(6)F0_0000~FF_FFFF1MISADRAMICH
(7)TOLUDTopOfLowUsableDRAMHostBridgeRegistersDRAMmemory
TOLUDTSEG1M2M8MprocessorSMMDRAM

(8)IGDMCHGraphicsDeviceMCHDevice21M~64M
(9)E000_0000~EFFF_FFFFPCIExpressHostBridgeDev0
PCIEXBARPciExpressBaseAddress0_E000_0000256MDevice
Functon4KPCI256BytePCIExpress4K
PCIExpressBus256BusBus0~Bus255Bus32Device0~Device31
8FunctionFunction0~Function7
PCIExpress2563284096=256M
(10)FEC0_0000~FEC7_FFFFIOAPICICH

(11)FEC8_0000~FECF_FFFFAPICPCIExpressAPIC
FEC0_0000~FECF_FFFFICH
(12)FEDA_0000~FEDB_FFFFHSEGSMMA_0000~B_FFFF

(13)FEE0_0000~FEEF_FFFFFSBPCIExpressICH
FSBDRAM
(14)FFE0_0000~FFFF_FFFFBIOS2MICH

PCIBus
1PCIBus32DualAddressCycle64
2PCIMCHNorthBridgeCONFIG_ADDRESSCONFING_DATA
CF8H~CFBH32CONFIG_ADDRESSCFCH~CFFH
32CONFIG_DATA
3PCI
31

30~24

23~16

15~11

10~8

7~0

Bus

Device

Function

Offset

4
moveax,80000090h
movdx,CF8h
outdx,eax
movdx,CFCh
ineax,dx

: address_map.jpg (2008-04-01 00:51, 94.91 KB) / 118

http://bbs.chinaunix.net/attachment.php?
aid=442246&k=b8689d1252bfa3ab574cd2a4eca1fc8e&t=1316068625&sid=4wqJ44

: mik

: 2008-04-02 01:14

()
I/O

164KIO0~FFFF
MCHhostbridgeICHICHCF8h~CFFh
MCHPCIConfigurationSpace
0~1FhICHDMA

2PCImemoryIOPCIconfigurationRegister
PCICMDIOSEIOIOBASEIOLIMITIO

MCHhostbridgeICH
ICHPCI-to-PCI bridge PCI-to-ISA bridgeUSB ControllerPCI Express PortsICHMCH
PCI-to-ISA bridgeLPC ControllerFirmware HubLPC bus

: MCH_ICH .jpg (2008-04-02 01:14, 96.83 KB) / 77

http://bbs.chinaunix.net/attachment.php?
aid=442260&k=7c60c243b1118e6785d14a7789a19253&t=1316068625&sid=4wqJ44

: mik

: 2008-04-03 02:17

FirstInstructionExecuted
Processor

1CR0.PE=0
2RIP=FFF0h
3CS.Base=FFFF_0000h
4CS.Base+RIP=FFFF_FFF0h

MCHNorthBridge
FFFF_FFF0hProcessorMCHMCHHighBIOSMCH
DMIICH
MCH

ICHSouthBridge
1ICHMCH
2ICHFFFF_FFF0FFF8_0000~FFFF_FFFFhLPC
FrimwareHubLPCPCItoISABIOSLPCbusBIOS
3ICHFirmwareHubIDSELFFF8_0000~FFFF_FFFFLPCB#0,
D#30,F#0FirmwareHubDecodeEnablebit151FFF8_0000~FFFF_FFFFFirmware
HubFFFF_FFF0LPCbus
ICH

FFFF_FFF0farjmpjmpfarptr0F000h:0E05BhBIOS
FE05BCS.SelectorCS.BaseEIP Intel :

The first instruction that is fetched and executed following a hardware reset is

located at physical address FFFFFFF0H. This address is 16 bytes below the

processors uppermost physical address. The EPROM containing the software initialization

code must be located at this address.

The address FFFFFFF0H is beyond the 1-MByte addressable range of the processor

while in real-address mode. The processor is initialized to this starting address as

follows. The CS register has two parts: the visible segment selector part and the

hidden base address part. In real-address mode, the base address is normally

formed by shifting the 16-bit segment selector value 4 bits to the left to produce a

20-bit base address. However, during a hardware reset, the segment selector in the

CS register is loaded with F000H and the base address is loaded with FFFF0000H. The

starting address is thus formed by adding the base address to the value in the EIP

register (that is, FFFF0000 + FFF0H = FFFFFFF0H).

IntelprocessorFFFFFFF0HBIOS

MCHICH

FFFF_FFF0farjmpcmddebug
C:>debug
dF000:FFF0
F000:FFF0EA5BE000F030322F32372F303800FC
EA5BE000F0 jmpfarptrF000:E05BFE05B BIOS BOOTBLOCK

[ mik 2008-4-3 02:21 ]

: mik

: 2008-04-04 00:51

FirstInstructionExecuted

BIOS

1FFE0_0000~FFFF_FFFF2MBIOS
BIOSBIOSDRAM
2BIOSC_0000~F_FFFFPAMProgrammedAttibuteMemory
4disablereadonlywriteonlyread/writeICH
DRAMDisableDRAMDMIICH
BIOSDRAM
3C_0000~F_FFFF FFFC_0000~FFFF_FFFFC_0000~F_FFFF
FFFC_0000~FFFF_FFFF
AMD
AccessestoBIOSspaceinthelowmegabyte(between000C_0000hand000F_FFFFh)aremappedtothetopmegabyte
(betweenFFFC_0000handFFFF_FFFFh)ontheLPCbustheOARlocksfortheseapplytotheseaccessesbasedon
theremappedaddressatthetopmegabyte.

C_0000~F_FFFFFFFC_0000~FFFF_FFFFLPCbusFFFC_0000~FFFF_FFFF

Intel

AMD Intel

: mik

: 2008-04-06 17:46

BIOS

IntelBIOSAMDBIOSBIOSX38
ex38dq6.f2BIOSBIOSma79xds4.f4AMD7790X

ex38dq6.f2BIOS

1Ex38dq6.f2AwardBiosBIOSawdbeditBIOS
2BIOScbromcbrom182cbrom182BIOS
Cbrom182ex38dq6.f2/D
********ex38dq6.f2BIOScomponent********
No.ItemNameOriginalSizeCompressedSizeOriginalFileName
================================================================================
0.SystemBIOS20000h(128.00K)15478h(85.12K)ex38dq6.BIN
1.XGROUPCODE0FC40h(63.06K)0B0ECh(44.23K)awardext.rom
2.ACPItable04E16h(19.52K)0193Ch(6.31K)ACPITBL.BIN
3.EPALOGO0168Ch(5.64K)0030Dh(0.76K)AwardBmp.bmp
4.GROUPROM[18]031D0h(12.45K)0225Ah(8.59K)ggroup.bin
5.YGROUPROM0C180h(48.38K)066E4h(25.72K)awardeyt.rom
6.GROUPROM[0]08210h(32.52K)0303Dh(12.06K)_EN_CODE.BIN
7.PCIROM[A]10000h(64.00K)09DBEh(39.44K)ICH9RAID.BIN
8.PCIROM03600h(13.50K)02553h(9.33K)ICH8AHCI.BIN
9.PCIROM[C]07A00h(30.50K)04479h(17.12K)JMB59.BIN
10.MINIT08220h(32.53K)0824Fh(32.58K)DDR2_MRC.X38
11.PCIROM[D]0C800h(50.00K)079FDh(30.50K)rtegrom.lom
12.LOGO1ROM00B64h(2.85K)00520h(1.28K)dbios.bmp
13.LOGOBitMap4B30Ch(300.76K)07EEEh(31.73K)x48dq6.bmp
14.GV301EFDh(7.75K)00B66h(2.85K)PPMINIT.ROM
15.OEM0CODE028ABh(10.17K)01E1Bh(7.53K)SBF.BIN
(SP)NCPUCODE1D000h(116.00K)1D000h(116.00K)NCPUCODE.BIN
Totalcompresscodespace=E5000h(916.00K)
Totalcompressedcodesize=75C8Dh(471.14K)
Remaincompresscodespace=6F373h(444.86K)
2.1
ex38dq6.f21M16NCPUCODE.BIN
awdbedit15
234ex38dq6.f21
ex38dq6.bin128K85.12K
FE000~FFFFFfarjmp
ex38dq6.BINBIOS
awardext.romawardeyt.romBIOS
ACPITBL.BINACPI
PCIROMPCI

BMP

3cbrom182:
Cbrom182ex38dq6.f2/XGROUPextractawardext.rom
Cbrom182ex38dq6.f2/ACPIextractACPITBL.BIN
SYSTEMBIOSex38dq6.bin

4BIOS
BIOSawdbeditawdbeditex38dq6.f2
[Actions]>[ExtractAll]

BIOS
1ex38dq6.f21MBIOSFF00

2LZHlh52D6C68352D
BIOS
seg000:0000
seg000:0010
seg000:0020
seg000:0030
seg000:0040
seg000:0050
seg000:0060
seg000:0070
seg000:0080
: mik

24 F7 2D 6C 68 35 2D 50
00 00 50 20 01 0B 65 78
4E 24 D3 20 00 00 2D 20
7F 33 33 37 37 4D 07 73
85 B7 54 49 34 52 21 0E
B1 2A 66 A0 DD 5B BB BA
FB DD BC AC AD 34 F1 55
2A CF 42 B5 DC 53 52 22
7F FE 66 83 37 77 79 E7

54 01 00 00 00 02 00 00 $?lh5-PT
...
..
33 38 64 71 36 2E 42 49 ..P
ex38dq6.BI
8F 77 BF 74 89 29 BB AA N$?..- ?
55 45 55 78 35 91 D5 66
3 377M
sUEUx5f
9B A5 10 91 11 BC 1D 28 TI4R!

??(
9C 0D 51 0C C5 17 AA F2 ?f[?Q
?
DB 53 CC 03 DD A6 86 30 ???
43 F0 75 84 66 40 00 77 *SR"C@.w
9E BC F6 FF BD 7A FD EE ?wy

: 2008-04-17 23:28

BIOS

1IBMIBM PCBIOSBIOSIBMIBM PCIBM PC

BIOSBIOS
2BIOSAMIAwardPhoenix
3BIOS
POST
DRAM
COMS RAM BIOS
BIOS

1BIOSBIOSDOSDOSDOS
INT 21h
2
Interrupt Handler = IDTR.base + vector vector size
X86 256FF
RESET 16 real modeIDTR.base 0
BIOS DOS 0 + 0 4 ~ 0 + FF 16 0 ~ 3FFh
3BIOSDOS0 ~ 3FF

00
0000
01
0004
02
0008
03
000C
04
0010
05
0014
06
0018
07
001C
08
0020
09
0024
0A
0028
0B
002C
0C
0030
0D
0034
0E
0038
0F
003C
10
0040
11
0044
12
0048
13
004C

BIOS

IRQ0
IRQ1
IRQ2
IRQ3 COM2
IRQ4 COM1
IRQ5 LPT2
IRQ6
IRQ7 LPT1
BIOS
BIOS
BIOS
BIOS

14
15
16
17
18
19
1A
1B
1C
1D
1E
1F
20
21
22
23
24
25
26
27
28
29
2A
2B ~
2E
2F
30
31
32
33
34 ~
3F
40
41
42
43
44
45
46
47 ~
4A
4B ~
67
68 ~
70
71
72
73
74
75
76
77
78 ~

0050
BIOS
0054
BIOS
0058
BIOS
005C
BIOS
0060
ROM BASIC
0064

0068
BIOS /RTC
006C
BIOS Ctrl-Break
0070
Int 8h
0074

0078

007C

0080
DOS
0084
DOS
0088
DOS
008C
DOS Ctrl-Break
0090
DOS
0094
DOS
0098
DOS
009C
DOS TSR
00A0
DOS
00A4
DOS
00A8

2D
00AC ~ 00B4

00B8
DOS Shell
00BC
DOS
00C0

00C4
DOS
00C8

00CC

3E
00D0 ~ 00F8

00FC

0100

0104
1
0108
EGA
010C
EGA
0110
EGA
0114

0118
2
49
011C ~ 0124

0128
CMOS/RTC
66
012C ~ 0198

019C

6F
01A0 ~ 01BC

01C0
IRQ8 CMOS/RTC
01C4
IRQ9 Int 0A
01C8
IRQ10 PnP
01CC
IRQ11 PnP
01D0
IRQ12 PS/2USB
01D4
IRQ13
01D8
IRQ14 IDE
01DC
IRQ15 IDE
FF
01E0 ~ 03FC

4
1
Interrupt Vector Table IDTRProcessor IDTR.base = 00
LIDT DOS
2
Interrupt Vector Table Interrupt Descriptor Table

3
13 #GPGeneral Protection

4
BIOS
Linux 80h
system call

CMOS

CMOS RTCRAMCMOS RAM

1CMOS RAM

CMOS RAM I/O IO SpaceCMOS RAM 128 0 ~ 7Fh

70h CMOS RAM

Bit7 NMI Disable 1 Disable NMI

Bit6 ~ 0CMOS RAM 0 ~ 7Fh
71h 71h
72h 71h256Bit7
73h 72h 72
zx_wing .

72h 70h256Bit7
73h 71h 72
2CMOS RAM

00 ~ 09h

0A

Bit70- 1-
Bit6 ~ 4
Bit3 ~ 0

0B

Bit70- 1-
Bit60-Disable 1- Enable
Bit50 Disable 1-Enable
Bit41- 0-Disable
Bit3 0 Disable 1-Enable
Bit2/ 0 BCD 1- Binary
Bit1 0- 12
1- 24
Bit0 0-Disable 1-Enable

0C

Bit7IRQ
Bit6
Bit5
Bit4
Bit3~0

0D

Bit7CMOS RAM0
Bit6~00

0E

Bit7CMOS/RTC 0 1
Bit6CMOS RAM CheckSum 0 1
Bit5CMOS RAM 0 1
Bit4CMOS RAM 0 1
Bit3C 0Boot 1Boot
Bit2 0 1
Bit1~00

0F

00
01/RESETRESET
02/RESET
03/RESET
04INT 19h Boot
05EOI40:67
06RESET40:67
07RESET
08POST
09BIOS INT1
0A40:67
0BIRET40:67
0CRET40:67

0D~FF

1-

10h ~ 2Fh

ISA

30h ~ 3Fh

BIOS

40h ~ 7Fh

BIOS
1BIOS400h ~ 600h 512 BIOS
BIOS

2 BIOS BIOS BIOS BIOS [0472] 1234H

3BIOS 01Eh 32

.
[ mik 2008-4-30 19:13 ]
: mik

: 2008-04-21 01:33

farjmp?
IDAproex38dq6.BINBIOSfarjmpBIOS

1jmpfarptrF000:E05BF000:F46C
2F000:F46C

seg000:FF46Ccli
seg000:FF46Dcld
seg000:FF46Exchgbx,bx
seg000:FF470smswax
seg000:FF473testal,1
seg000:FF475jzshortnearptr0F480h
seg000:FF477cli
seg000:FF478moval,0FEh'?
seg000:FF47Aout64h,alATKeyboardcontroller8042.
seg000:FF47AResendthelasttransmission
seg000:FF47Ccli
seg000:FF47Dhlt

CR0CR0.PE1CPU
F000:F480

3F000:F480F000:E043
4F000:E043
seg000:FE043
seg000:FE045
seg000:FE045
seg000:FE047
seg000:FE049
seg000:FE04B
seg000:FE04D
seg000:FE04F

mov
out
out
in
out
or
jmp

al, 8Fh ; '? ; disable NMI# and get 0Fh offset register
70h, al
; CMOS Memory:
;
0EBh, al
al, 71h
; get OFh offset register data
0EBh, al
al, al
; is RESET ?
near ptr 0F483h

CMOSRAM0F10

5F000:54DEF000:3468

F000:54DE

proc_F54DE
seg000:F54DE
seg000:F54E1
seg000:F54E3
seg000:F54EA
seg000:F54EC
seg000:F54EE

mov
ax, 0
mov
es, ax
cmp
word ptr es:472h, 1234h
jnz
short near ptr 54F8h
mov
al, 8Fh ; '?
out
70h, al
; CMOS Memory:

seg000:F54EE
seg000:F54F0
seg000:F54F2
seg000:F54F4
seg000:F54F4
seg000:F54F6
seg000:F54F8
seg000:F54FB
seg000:F54FD
seg000:F54FD
seg000:F54FD
seg000:F54FD
seg000:F54FD
seg000:F54FD
seg000:F54FE
seg000:F5500
seg000:F5501
seg000:F5503
seg000:F5504
seg000:F5507

;
0EBh, al
al, 0AAh ; '?
71h, al
; CMOS Memory:
;
out
0EBh, al
mov
dx, 3C4h
mov
al, 1
out
dx, al
; EGA: sequencer address reg
; clocking mode. Data bits:
; 0: 1=8 dots/char; 0=9 dots/char
; 1: CRT bandwidth: 1=low; 0=high
; 2: 1=shift every char; 0=every 2nd char
; 3: dot clock: 1=halved
inc
dl
in
al, dx
; EGA port: sequencer data register
or
al, 20h
out
dx, al
; EGA port: sequencer data register
call near ptr 76FBh
retn
out
mov
out

1BIOS0472
seg000:F54E3cmpwordptres:472h,1234h
[0472]1234h1234hCTRL+ALT+DEL
[0472]1234h

2AACMOSRAM0F
3EGA
4proc_F76FB1
5proc_F2941

1write_pci_byteBIOSrontine
seg000:FF798
seg000:FF799
seg000:FF79D
seg000:FF79E
seg000:FF7A1
seg000:FF7A5
seg000:FF7A7
seg000:FF7A9
seg000:FF7AC
seg000:FF7AE
seg000:FF7B1
seg000:FF7B3
seg000:FF7B5
seg000:FF7B7
seg000:FF7BA
seg000:FF7BE
seg000:FF7BF

xchg
shl
xchg
mov
shl
mov
and
mov
out
add
mov
and
add
mov
shr
out
retn

ax, cx
; write_byte routine
ecx, 10h
ax, cx
ax, 8000h
; Bus 0
eax, 10h
ax, cx
al, 0FCh
dx, 0CF8h
; config_address register
dx, eax
dl, 4
; config_data register
al, cl
al, 3
dl, al
eax, ecx
eax, 10h
dx, al

routineC

voidwirte_pci_byte(intoffset_number,intmask)
{
if(number==1)
jmp_7666()
do_wirte_pci_byte(offset_number,mask)
}
routinePCIBus0,Device0,Function0offsetcxal
1
Bus0,Dev0,Fun0hostbrigeNorthBridgeDRAM
PCIPCIconfig_address_registerconfig_data_register
PCIPCIPCIE000_0000~
EFFF_FFFFPCI
2cx=95,al=33write_pci_byteOffset95,mask33Offset
95write_pci_byte94DRAMPAM4PAM4D_8000~D_FFFF
33read/write
DRAMROM
3Offset96offset95write_pci_byteoffset94
: zeushe

: 2011-04-18 16:03

!
: yuweixian4230

: eyeyech

: 2011-06-07 19:10

: 2011-06-25 16:34

~
: lixupenglinux

: 2011-06-30 22:38

: lovemychobits

: 2011-09-13 16:31

LZ ~

ChinaUnix.net (http://bbs.chinaunix.net/)

Powered by Discuz! 7.2