How to Read BIOS ROM
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: How to Read BIOS ROM

  1. #1
    Join Date
    Aug 2008
    Posts
    9

    Question How to Read BIOS ROM

    I have one and only one application (coded in Visual C++) running on a Windows XP Embedded system. That application needs to read several bytes of data from the BIOS ROM. Can someone please suggest a method for doing this?

    The data to be read will have been previously stored in the BIOS ROM at a known address when the chip was burned. I know that the BIOS is mapped to the upper 512K of the 4G address space (0xfff80000-0xffffffff) so it seems reasonable to read it directly from there using inline assembly code, but this naturally results in a C0000005 access violation.

    However, there must be a way to access that memory because I have found two independent programs (RW-Everything and HWDIRECT) which can dump memory from anywhere within the 4G address space, including the BIOS. If I could locate the relevant source code for one of these programs, that would certainly help to resolve the problem.

    An alternative approach might be to use a software interrupt to access a BIOS service routine to return the data I need, if such exists.

    Any suggestions or ideas would be greatly appreciated.

    Thanks,
    Bob.

  2. #2
    Join Date
    Nov 2003
    Posts
    1,786

    Re: How to Read BIOS ROM

    http://technet.microsoft.com/en-us/s.../bb897446.aspx

    See if PhysMem.exe can dump the data you're looking for.
    If so, here's the source: http://www.nah6.com/~itsme/cvs-xdade...nt-physmem.cpp

    gg

  3. #3
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Thanks for the links, CodePlug. Unfortunately, PhysMem returns an error "Could not map view of FFF80000".

    However, it is able to dump up to address 0xCFDFFFFF, so that is encouraging. I'll examine the code and see if I can modify it to do what I want.

    Thanks again,
    Bob.

    P.S.- I'm still looking for additional suggestions.

  4. #4
    Join Date
    Feb 2000
    Location
    San Diego, CA
    Posts
    10,354

    Re: How to Read BIOS ROM

    Just curious. Is the information available through SMBIOS? You can check out this article, not sure if it would be any help.. but.

    http://www.codeguru.com/cpp/misc/sam...le.php/c12347/

  5. #5
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Quote Originally Posted by kirants
    Just curious. Is the information available through SMBIOS? You can check out this article, not sure if it would be any help.. but.

    http://www.codeguru.com/cpp/misc/sam...le.php/c12347/
    Now, that's an idea. Thanks kirantz. I shall check it out. I suspect, however, that SMBIOS returns only specific information, but maybe there's a "user defined" section I can use.

  6. #6
    Join Date
    Nov 2003
    Posts
    1,786

    Re: How to Read BIOS ROM

    >> Is the information available through SMBIOS?
    I used the Physmem source code to read SM tables directly on an XPembedded platform with no WMI support.

    If you have WMI, that's an option for some SM data. But if you aren't comfortable with COM, then using WMI in C++ would probably be longer/harder than parsing the SM tables yourself.

    If the data you're looking for isn't in the SM tables (or not parsed by the driver), then WMI doesn't help. Enum/Get SystemFirmwareTable API's are Vista and above - so no use on XPe.

    >> I know that the BIOS is mapped to the upper 512K of the 4G address space
    It's my (limited) understanding that the BIOS is mapped to the upper 64K of the first MB of memory (F000h to FFFFh) on x86 architectures. Are you sure of your address ranges?

    What data are you looking for specifically?

    gg

  7. #7
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Quote Originally Posted by Codeplug
    >>
    It's my (limited) understanding that the BIOS is mapped to the upper 64K of the first MB of memory (F000h to FFFFh) on x86 architectures. Are you sure of your address ranges?

    What data are you looking for specifically?

    gg
    The data I need to retrieve from the BIOS chip is checksum-type information (MD5 Digest, CRC-32, etc. of the OS Compact Flash) that will have been previously stored there upon burning the chip. The idea is to be able to verify the integrity of the OS and all other files residing on the Compact Flash by periodically running a program which calculates these checksums and compares the results with the values stored on the BIOS chip.

    As for the BIOS memory addresses, I was informed by a BIOS engineer about the upper 512K of the 4G address space. Apparently the BIOS has resided there on all systems using an FWH (firmware hub) since the 386. I'm not sure if it is the actual BIOS ROM that is mapped to that area or if it is an imaged copy. However, I suspect the latter as it is supposedly used by some BIOS flashing programs. (This is also documented by Intel http://download.intel.com/design/chi...s/29065804.pdf page 11). In any case, both the RW-Everything and the HWDIRECT programs can dump the entire region 0xfff80000-0xffffffff and I have verified that it matches the BIOS chip.

    Looking at the PhysMem program, it looks like the undocumented NtMapViewOfSection() function is the key. It normally returns a status of 0, but for 0xfff80000 it returns c00000f4.

    Thanks again for your help. If and when I get this resolved, I'll post the result here. Additional help would, of course, still be appreciated.

    Bob.

  8. #8
    Join Date
    Nov 2003
    Posts
    1,786

    Re: How to Read BIOS ROM

    c00000f4 is "bad 6th parameter" - which is the address.

    You may have to do this from a device driver. Or another device driver (for flashing?) may already "own" that memory - preventing it from being mapped.

    If you go through device manager, on the resources tab, look for drivers using that range and see if you can disable it. Then try physmem.

    gg

  9. #9
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Quote Originally Posted by Codeplug
    You may have to do this from a device driver.
    gg
    Yes, I was advised that I would need to write a kernel mode driver to manipulate the PAM (Programmable Attribute Map) registers as described in http://www.intel.com/assets/pdf/datasheet/252525.pdf pages 59-61.

    However, since RW-Everything and HWDIRECT have no problem reading the entire 4GB address space without any extra drivers, it seems reasonable to just find out how they do it.

    Thanks again,
    Bob

  10. #10
    Join Date
    Nov 2003
    Posts
    1,786

    Re: How to Read BIOS ROM

    HWDIRECT does: hwdirect.sys. I suspect the other does too.

    gg

  11. #11
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Quote Originally Posted by Codeplug
    HWDIRECT does: hwdirect.sys. I suspect the other does too.

    gg
    Your are right. There is an HWDIRECT.SYS; I made the mistake of looking only in the WINDOWS\SYSTEM32 directory and its subdirectories. I'm not sure whether it runs in kernel mode or not though.

    Well I guess I could just use HWDIRECT.SYS if I can figure out how it should be called. Alternatively, I have TVicHW32 already installed, so maybe I can use that -- if I can find documentation on how to interface with it.

    Thanks again for your help,
    Bob.

  12. #12
    Join Date
    Aug 2008
    Posts
    9

    Re: How to Read BIOS ROM

    Quote Originally Posted by pdp8
    If and when I get this resolved, I'll post the result here.
    Well, thanks to Codeplug's ideas and suggestions, I finally have a resolution. There is a general purpose device driver called TVicHW32 which, among many other things, makes it easy to map any physical memory into the current address space, thereby making the BIOS memory accessible.

    TVicHW32 had been installed in our system years ago, but the documentation on what it could do and how to use it was no longer available. (Even its existence was almost a secret.) Anyway, I managed to find downloadable documentation here http://www.freefunfiles.com/software.../tvichw32.html and now all is well.

    Thanks Codeplug,
    Bob/pdp8

  13. #13
    Join Date
    May 2012
    Posts
    2

    Re: How to Read BIOS ROM

    Hey

    How did you used this driver ?
    Did you manage to read and write from the BIOS EEPROM ? OR from the mapped windows memory ? meaning : did you get the ability to flash the EEPROM form windows , the same way BIOS update program dose ?
    If so , could you share your code ?

    Thank you

    Avi .

  14. #14
    Join Date
    Jan 2002
    Location
    Houston, TX
    Posts
    1,421

    Re: How to Read BIOS ROM

    It's quite possible that he's forgotten in the past 4 years!

    Please don't resurrect ancient threads.
    Be sure to rate those who help!
    -------------------------------------------------------------
    Karl - WK5M
    PP-ASEL-IA (N43CS)
    PGP Key: 0xDB02E193
    PGP Key Fingerprint: 8F06 5A2E 2735 892B 821C 871A 0411 94EA DB02 E193

  15. #15
    Join Date
    May 2012
    Posts
    2

    Re: How to Read BIOS ROM

    But maybe others may know OR help ...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Azure Activities Information Page

Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center