[原创]phoenix bios逆向代码大家欣赏-¥付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [原创]phoenix bios逆向代码大家欣赏 0.00雪花

2010-1-11 13:15 1630

[旧帖] [原创]phoenix bios逆向代码大家欣赏 0.00雪花

hardwar

2010-1-11 13:15

1630

0:41BE postBiosReset:                         ; CODE XREF: BIOS_RESET_ENTRY_0j
seg000:41BE                cli
seg000:41BF                mov    ecx, cr0
seg000:41C2                and    ecx, 7FFAFFD1h
seg000:41C9                mov    cr0, ecx
seg000:41CC                xor    ecx, ecx
seg000:41CF                mov    cr3, ecx
seg000:41D2
seg000:41D2 debugReset:
seg000:41D2                jmp    $+3
seg000:41D5
seg000:41D5 debugResetReturn:
seg000:41D5                jmp    $+3
seg000:41D8
seg000:41D8 earlyResetReturn:
seg000:41D8                jmp    smbiosSecureMiserPresent
seg000:41DB ; ---------------------------------------------------------------------------
seg000:41DB
seg000:41DB hookBiosResetReturn:                   ; CODE XREF: OemBeforeStackInitReturn+4j
seg000:41DB                jmp    $+3
seg000:41DE
seg000:41DE forceResetOnWarmBootReturn:
seg000:41DE                jmp    bridgeReset
seg000:41E1 ; ---------------------------------------------------------------------------
seg000:41E1
seg000:41E1 bridgeResetReturn:                   ; CODE XREF: checkAcLossReturn+6j
seg000:41E1                jmp    $+3
seg000:41E4
seg000:41E4 nvsmanCmosResetReturn:
seg000:41E4                jmp    sioReset
seg000:41E7 ; ---------------------------------------------------------------------------
seg000:41E7 ; START OF FUNCTION CHUNK FOR sioReset
seg000:41E7
seg000:41E7 sioResetReturn:                      ; CODE XREF: sioReset+1Ej
seg000:41E7                jmp    csReset
seg000:41E7 ; END OF FUNCTION CHUNK FOR sioReset
seg000:41EA ; ---------------------------------------------------------------------------
seg000:41EA
seg000:41EA csResetReturn:                         ; CODE XREF: pbResetJReturn+6j
seg000:41EA                jmp    $+3
seg000:41ED
seg000:41ED cpuResetReturn:
seg000:41ED                jmp    mpReset
seg000:41F0 ; ---------------------------------------------------------------------------
seg000:41F0
seg000:41F0 mpResetReturn:                         ; CODE XREF: seg000:1B9Aj
seg000:41F0                jmp    acpiReset
seg000:41F3 ; ---------------------------------------------------------------------------
seg000:41F3
seg000:41F3 acpiResetReturn:                      ; CODE XREF: acpiReset+11j
seg000:41F3                                        ; acpiReset:acpiCsS4InitJBXReturnj ...
seg000:41F3                jmp    pmReset
seg000:41F6 ; ---------------------------------------------------------------------------
seg000:41F6
seg000:41F6 pmResetReturn:                         ; CODE XREF: pmIntelICHResetReturnj
seg000:41F6                                        ; pmIntelICHReset+137j
seg000:41F6                jmp    $+3
seg000:41F9
seg000:41F9 ; =============== S U B R O U T I N E =======================================
seg000:41F9
seg000:41F9
seg000:41F9 qbProgMtrResetReturn proc near
seg000:41F9
seg000:41F9 ; FUNCTION CHUNK AT seg000:4356 SIZE 00000006 BYTES
seg000:41F9
seg000:41F9                mov    al, 0BFh ; '?
seg000:41FB                out    70h, al       ; CMOS Memory:
seg000:41FB                                        ;
seg000:41FD                xor    al, al
seg000:41FF                jmp    $+3
seg000:4202
seg000:4202 csColdBootTestReturn:
seg000:4202                jz    short loc_F4222
seg000:4204
seg000:4204 postWarmStart:
seg000:4204                xor    bx, bx
seg000:4206                mov    al, bl
seg000:4208                mov    di, offset loc_F420E
seg000:420B                jmp    dfltJDI
seg000:420E ; ---------------------------------------------------------------------------
seg000:420E
seg000:420E loc_F420E:                            ; DATA XREF: qbProgMtrResetReturn+Fo
seg000:420E                or    al, al
seg000:4210                jnz    short loc_F4222
seg000:4212                mov    al, 1
seg000:4214                mov    dx, 2EBh
seg000:4217                mov    di, offset loc_F421D
seg000:421A                jmp    nvaWriteNmiOffJDI
seg000:421D ; ---------------------------------------------------------------------------
seg000:421D
seg000:421D loc_F421D:                            ; DATA XREF: qbProgMtrResetReturn+1Eo
seg000:421D                mov    bx, offset postShutdownZeroTable
seg000:4220                jmp    short postProcessShutdownTable
seg000:4222 ; ---------------------------------------------------------------------------
seg000:4222
seg000:4222 loc_F4222:                            ; CODE XREF: qbProgMtrResetReturn:csColdBootTestReturnj
seg000:4222                                        ; qbProgMtrResetReturn+17j
seg000:4222                mov    di, offset loc_F4228
seg000:4225                jmp    dfltJDI
seg000:4228 ; ---------------------------------------------------------------------------
seg000:4228
seg000:4228 loc_F4228:                            ; DATA XREF: qbProgMtrResetReturn:loc_F4222o
seg000:4228                mov    ax, 0
seg000:422B                jmp    short postRangeCheckShutdown
seg000:422D ; ---------------------------------------------------------------------------
seg000:422D
seg000:422D postGetShutdownCode:                   ; CODE XREF: seg000:loc_F43F4j
seg000:422D                mov    dx, 1FBh
seg000:4230                mov    di, offset loc_F4236
seg000:4233                jmp    nvaReadNmiOffJDI
seg000:4236 ; ---------------------------------------------------------------------------
seg000:4236
seg000:4236 loc_F4236:                            ; DATA XREF: qbProgMtrResetReturn+37o
seg000:4236                cmp    ax, 2
seg000:4239                jz    short postRangeCheckShutdown
seg000:423B                mov    si, ax
seg000:423D                xor    ax, ax
seg000:423F                mov    dx, 1FBh
seg000:4242                mov    di, offset loc_F4248
seg000:4245                jmp    nvaWriteNmiOffJDI
seg000:4248 ; ---------------------------------------------------------------------------
seg000:4248
seg000:4248 loc_F4248:                            ; DATA XREF: qbProgMtrResetReturn+49o
seg000:4248                mov    ax, si
seg000:424A
seg000:424A postRangeCheckShutdown:                ; CODE XREF: qbProgMtrResetReturn+32j
seg000:424A                                        ; qbProgMtrResetReturn+40j
seg000:424A                xor    ah, ah
seg000:424C                cmp    al, 0Bh
seg000:424E                jb    short loc_F4252
seg000:4250                xor    al, al
seg000:4252
seg000:4252 loc_F4252:                            ; CODE XREF: qbProgMtrResetReturn+55j
seg000:4252                shl    ax, 1
seg000:4254                add    ax, offset postShutdownTable
seg000:4257                mov    si, ax
seg000:4259                mov    bx, cs:[si]
seg000:425C                xor    al, al
seg000:425E                mov    dx, 2EBh
seg000:4261                mov    di, offset postProcessShutdownTable
seg000:4264                jmp    nvaWriteNmiOffJDI
seg000:4267 ; ---------------------------------------------------------------------------
seg000:4267
seg000:4267 postProcessShutdownTable:             ; CODE XREF: qbProgMtrResetReturn+27j
seg000:4267                                        ; seg000:loc_F4353j ...
seg000:4267                mov    ds, cs:segAddressBDA
seg000:426C                assume ds:nothing
seg000:426C
seg000:426C postSSLabel:
seg000:426C                mov    ax, 0
seg000:426F                mov    ss, ax
seg000:4271
seg000:4271 postESPLabel:
seg000:4271                mov    esp, 7C00h
seg000:4277                mov    di, offset loc_F427D
seg000:427A                jmp    dfltJDI
seg000:427D ; ---------------------------------------------------------------------------
seg000:427D
seg000:427D loc_F427D:                            ; DATA XREF: qbProgMtrResetReturn+7Eo
seg000:427D                mov    ax, 0
seg000:4280                mov    es, ax
seg000:4282                mov    ax, 0E846h
seg000:4285                mov    gs, ax
seg000:4287                assume gs:nothing
seg000:4287                mov    ax, 0E51Ch
seg000:428A                mov    fs, ax
seg000:428C                assume fs:nothing
seg000:428C                cmp    byte ptr cs:[bx], 0D5h ; '?
seg000:4290                jnz    short loc_F4296
seg000:4292                mov    bx, cs:[bx+4]
seg000:4296
seg000:4296 loc_F4296:                            ; CODE XREF: qbProgMtrResetReturn+97j
seg000:4296                or    al, 8
seg000:4298                mov    di, offset loc_F429E
seg000:429B                jmp    dfltJDI
seg000:429E ; ---------------------------------------------------------------------------
seg000:429E
seg000:429E loc_F429E:                            ; DATA XREF: qbProgMtrResetReturn+9Fo
seg000:429E                jz    loc_F4356
seg000:42A2                rol    edx, 10h
seg000:42A6                xor    al, al
seg000:42A8                mov    di, offset loc_F42AE
seg000:42AB                jmp    dfltJDI
seg000:42AE ; ---------------------------------------------------------------------------
seg000:42AE
seg000:42AE loc_F42AE:                            ; DATA XREF: qbProgMtrResetReturn+AFo
seg000:42AE                or    al, al
seg000:42B0                jz    short loc_F42BD
seg000:42B2                ror    edx, 10h
seg000:42B6                test word ptr cs:[bx], 400h
seg000:42BB                jmp    short loc_F42F3
seg000:42BD ; ---------------------------------------------------------------------------
seg000:42BD
seg000:42BD loc_F42BD:                            ; CODE XREF: qbProgMtrResetReturn+B7j
seg000:42BD                cmp    bx, offset postShutdownZeroTable
seg000:42C1                jb    short loc_F42C9
seg000:42C3                cmp    bx, offset postAutoNmiWorking
seg000:42C7                jnb    short loc_F42DA
seg000:42C9
seg000:42C9 loc_F42C9:                            ; CODE XREF: qbProgMtrResetReturn+C8j
seg000:42C9                mov    dx, 2EBh
seg000:42CC                mov    di, offset loc_F42D2
seg000:42CF                jmp    nvaReadNmiOffJDI
seg000:42D2 ; ---------------------------------------------------------------------------
seg000:42D2
seg000:42D2 loc_F42D2:                            ; DATA XREF: qbProgMtrResetReturn+D3o
seg000:42D2                mov    di, offset loc_F42D8
seg000:42D5                jmp    dfltJDI
seg000:42D8 ; ---------------------------------------------------------------------------
seg000:42D8
seg000:42D8 loc_F42D8:                            ; DATA XREF: qbProgMtrResetReturn:loc_F42D2o
seg000:42D8                jmp    short loc_F42E9
seg000:42DA ; ---------------------------------------------------------------------------
seg000:42DA
seg000:42DA loc_F42DA:                            ; CODE XREF: qbProgMtrResetReturn+CEj
seg000:42DA                mov    dx, 2EBh
seg000:42DD                mov    di, offset loc_F42E3
seg000:42E0                jmp    nvaReadJDI
seg000:42E3 ; ---------------------------------------------------------------------------
seg000:42E3
seg000:42E3 loc_F42E3:                            ; DATA XREF: qbProgMtrResetReturn+E4o
seg000:42E3                mov    di, offset loc_F42E9
seg000:42E6                jmp    dfltJDI
seg000:42E9 ; ---------------------------------------------------------------------------
seg000:42E9
seg000:42E9 loc_F42E9:                            ; CODE XREF: qbProgMtrResetReturn:loc_F42D8j
seg000:42E9                                        ; DATA XREF: qbProgMtrResetReturn:loc_F42E3o
seg000:42E9                ror    edx, 10h
seg000:42ED                inc    al
seg000:42EF                and    al, cs:[bx+1]
seg000:42F3
seg000:42F3 loc_F42F3:                            ; CODE XREF: qbProgMtrResetReturn+C2j
seg000:42F3                jz    short loc_F4356
seg000:42F5                mov    di, offset postTaskReturn
seg000:42F8                mov    ax, cs:[bx]
seg000:42FB                inc    bx
seg000:42FC                inc    bx
seg000:42FD                mov    cx, ax
seg000:42FF                or    al, al
seg000:4301                jz    short postPmtrCheckRet
seg000:4303                mov    cx, dx
seg000:4305                mov    dx, cs:postCodePortAddr
seg000:430A                out    dx, al       ; manufacture's diagnostic checkpoint
seg000:430B                mov    dx, cx
seg000:430D                mov    cx, ax
seg000:430F                jmp    quietBootPmtrCheck
seg000:430F qbProgMtrResetReturn endp
seg000:430F
seg000:4312 ; ---------------------------------------------------------------------------
seg000:4312 ; START OF FUNCTION CHUNK FOR quietBootPmtrCheck
seg000:4312
seg000:4312 postPmtrCheckRet:                      ; CODE XREF: quietBootPmtrCheck:loc_F1528j
seg000:4312                                        ; qbProgMtrResetReturn+108j
seg000:4312                jmp    $+3
seg000:4315
seg000:4315 postDebugRet:
seg000:4315                jmp    $+3
seg000:4318
seg000:4318 postHookDispatcherReturn:
seg000:4318                jmp    $+3
seg000:431B
seg000:431B postFeatHookDispatchReturn:
seg000:431B                mov    ax, cs:[bx]
seg000:431E                inc    bx
seg000:431F                inc    bx
seg000:4320                jmp    $+3
seg000:4323
seg000:4323 postSrvrSkipRet:
seg000:4323                shl    ebx, 10h
seg000:4327                mov    bx, offset loc_F432D
seg000:432A                jmp    dfltJBX
seg000:432A ; END OF FUNCTION CHUNK FOR quietBootPmtrCheck
seg000:432D ; ---------------------------------------------------------------------------
seg000:432D
seg000:432D loc_F432D:                            ; DATA XREF: quietBootPmtrCheck+2E93o
seg000:432D                shr    ebx, 10h
seg000:4331
seg000:4331 ; =============== S U B R O U T I N E =======================================
seg000:4331
seg000:4331
seg000:4331 postDoHook    proc near
seg000:4331                jmp    ax
seg000:4331 postDoHook    endp
seg000:4331
seg000:4333 ; ---------------------------------------------------------------------------
seg000:4333 ; START OF FUNCTION CHUNK FOR hookPcieInitJ
seg000:4333
seg000:4333 postHookReturn:                      ; CODE XREF: hookPcieInitJ+65j
seg000:4333                                        ; hookPrepareToBootJ+5j ...
seg000:4333                jmp    $+3
seg000:4336
seg000:4336 postFeatHookSkipReturn:
seg000:4336                mov    si, cs:[bx]
seg000:4339                test word ptr cs:[bx-4], 8000h
seg000:433F                jnz    short loc_F4343
seg000:4341                jmp    si
seg000:4343 ; ---------------------------------------------------------------------------
seg000:4343
seg000:4343 loc_F4343:                            ; CODE XREF: hookPcieInitJ+35CEj
seg000:4343                jmp    far ptr 5029h:2C0Ch
seg000:4343 ; END OF FUNCTION CHUNK FOR hookPcieInitJ
seg000:4348 ; ---------------------------------------------------------------------------
seg000:4348 ; START OF FUNCTION CHUNK FOR pmSMMInitJ
seg000:4348
seg000:4348 postTaskReturn:                      ; CODE XREF: seg000:loc_F0CDBj
seg000:4348                                        ; cpuPentiumCacheOffJ:loc_F0CF6j ...
seg000:4348                jmp    $+3
seg000:434B
seg000:434B AfterPostFeatHookDispatchJReturn:
seg000:434B                inc    bx
seg000:434C                inc    bx
seg000:434D                mov    di, offset loc_F4353
seg000:4350                jmp    dfltJDI
seg000:4350 ; END OF FUNCTION CHUNK FOR pmSMMInitJ
seg000:4353 ; ---------------------------------------------------------------------------
seg000:4353
seg000:4353 loc_F4353:                            ; DATA XREF: pmSMMInitJ+18B1o
seg000:4353                jmp    postProcessShutdownTable
seg000:4356 ; ---------------------------------------------------------------------------
seg000:4356 ; START OF FUNCTION CHUNK FOR qbProgMtrResetReturn
seg000:4356
seg000:4356 loc_F4356:                            ; CODE XREF: qbProgMtrResetReturn:loc_F429Ej
seg000:4356                                        ; qbProgMtrResetReturn:loc_F42F3j
seg000:4356                add    bx, 6
seg000:4359                jmp    postProcessShutdownTable

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

点赞・0

打赏