[Repost] A method of embedding an application in BIOS and implementation

xiaoxiao2021-03-14  187

A method of embedding an application in the BIOS and implements a computer system BIOS developed by Award. This paper proposes a method of embedding an application. The basic principle applies to other brands of BIOS, just a little modification. . The author gives and discusses a complete example, the program has passed experimental verification. I. BIOS briefly, the BIOS said here refers to the BIOS on the computer motherboard. It is the key and soul of the entire computer. The computer is started to execute the BIOS program. It is responsible for powering self-test, initializing computing system, responding to the system configuration Modifications, record data into CMOS, and save the resident program (Runtime Program), providing to the system and application call, and finally transfer control to the operating system after a series of complex operations. At the beginning, the BIOS capacity is only 8K. With the improvement of computer complexity, and plug-and-play, advanced power management, etc., coupled with individual motherboard vendors, BIOS capacity increases rapidly, currently the main board The BIOS capacity is 256kB, some have reached 512KB, and there are often tens of KB remaining space in these BIOS, and because BIOS is used as a memory chip, it is easy to modify, which is for us to embed your own program in BIOS. Convenient. In the BIOS in the BIOS, there are many applications, and some motherboard manufacturers embed the anti-virus programs in BIOS, hard drive recovery wizards, overclocking tools, etc., improve the competitiveness of the product; Taiwan Winsheng Company and Elegent jointly developed embedded in BIOS The small browser operating system, the entire BIOS size is only 512KB, the computer can be surfed without the hard disk; some monitoring systems can be used in the BIOS due to the function of functionality, and it will automatically run the program. And it reduces the cost. On the other hand, the virus is embedded in the BIOS, and it can be done at all. The BIOS code is short, but the technical content is quite high. There are only several companies such as Award, Phoenix, AMI, ACER in the world, have the ability to develop BIOS systems (Award has been acquired by Phoenix), other motherboard manufacturers have direct purchase, some A small amount of functional extension is performed on the platform provided by several companies. As an occasion of individual applications, it is necessary to transform BIOS completely. II. Basic knowledge of embedded procedures requires several essential tools before working, one is the BIOS refresh tool of Award; another Award BIOS checks the modification tool CBROM; and one is Microsoft assembly tool MASM6.11; Finally, the author recommended binary text editor HEXWORKSHOP, these tools can be downloaded from the Internet, which is assumed below to use these tools, and the specific operation steps are no longer awkward. As mentioned earlier, the BIOS program is stored in the FlashROM chip. In fact it is compressed, then stored in, only a small amount of startup code and decompression program remains, the BIOS execution process is quite complicated, so we don't need to go Understand the detailed process, but a little clear that the BIOS program is actually a modular design idea, using CBROM to see the name, nature, compression ratio of each sub-module in the BIOS, and BIOS will be in the execution process. Unzip these modules into memory, verify the legality and correctness of the module, if the condition is met, it will be transferred to the entrance to the module.

This detailed mechanism and the origin need to refer to the PNPBIOS protocol, the PNPISA protocol, the PCI bus protocol, and the EISA bus agreement, and there is a wide variety of content. This article does not plan to do in-depth discussion. One module in the BIOS is an ISA module, from the ISA protocol, because the ISA protocol belongs to the early protocol, the content is relatively simple, the authentication of the BIOS is also simpler, easy to meet, we can make your own procedures into ISA modules In the BIOS, this machine is started, and our programs will start, and the operation of our program is to the operating system. III. Programming detailed steps 1. Preparing for the system inherently restrictions, the size of each module in the BIOS cannot exceed 64KB, here is the size before the compression, this is similar to the limit of the COM program under DOS, actually we When programming with MASM6.11, a template for a COM program is indeed generated by a compiler. However, it has the following points and the general COM files different: 1. First it has its own stack segment, the stack size is 1K, while the stack of the COM file is within 64K, the default is from the offset from the segment Start at 0FFFEH. 2. The COM file is initially executed, and the module starts at the beginning of the module head, stores information related to the module. The module executes the entry point of the code in the module. 3. After the COM file is executed, return to the operating system, usually returns to DOS through the interrupt INT21h of the subunit number 4ch, and the module is a remote call return, which means that Retf must be returned with RETF. 4. The last byte of the ISA module is the check code, all bytes must be 0, and the BIOS uses this to verify the correctness of an ISA module. The COM file does not require this. 5. When the COM file is executed, it is first configured to the interior offset 100H, and then execute, and the offset in the module cannot be determined, and some modules are 0. Therefore, the assembly instructions of the offset in the segment are involved, such as LEA, Offset should be careful. The table below is the format of the ISA module header, which lists only the most basic related fields. This is the content in the protocol. When we write the module head, we need to strictly follow the format of the following table: Offset length value Description 0h 1 55H Module Label Byte 11h 1 AAH Module Label Byte 22H 1 * Module Length (in 512 bytes) 3H 3 * Entit Point, BIOS is far a long adjustment, here often put a jump instruction 6h ~ 19h 20 * Reserved Table Module Head Format Usually a Bios Embedded programming The basic procedure is as follows, each step is critical, it is necessary to give a detailed description: 1. First use the compilation to write the COM program under DOS, you must notice the program is first The operating system is executed, so any DOS interrupt service cannot be called. In order for program transformation, do not use .code, .startup and other assembly of pseudo-instructions, try to use early assembly writing methods to strive for full control over the entire program structure. 2. After debugging, add the file header before the COM file, change the return command to RETF, the control file size is an integer multiple of 512 bytes, recompiles to generate a COM file. 3. Turn the original COM file in HEXWorkshop, use the check code of the checksum tool to generate the file, and then subtract the 8-bit check code after 100H to fill in the final one byte. Generate the check code of the file again, confirm that zero. 4. Use CBROM to embed the file as an ISA module into the BIOS, and the operations in this article "CBROM Save.bin / ISA Hello.com", where save is the BIOS file that is backed up in advance using the AWDFLASH.

Note that the previous one will be released before repeated operation, and the "CBROM Save.bin / ISA Release" is operated. 5. Burn the new BIOS file in FlashRom with AWDFlash. Lift the computer and inspect procedures. Before conducting the above experiment, it is best to have a programmer. If the computer does not start normally, it can also recover the BIOS if you can use the computer with a dual BIOS protection function. The following designs two simple Hello programs, two different ways, both programs display a line "Hello! Press F1 to Continue ...", when the F1 function key is pressed, the program exits, The computer continues to start. 2. The source code given in the Hello program is the file in the above process 2, so the file head has been added. The COM file generated after compiling is not executed under DOS. Please pay attention to the reader. In addition, since the program is simple, the file size here is limited to 512 bytes, and there will be some small changes to different sizes. All interrupt calls in the program are all BIOS interrupt service calls, and the specific call rules do not make a detailed description, please check the relevant information. Hello Source Procedure One Code Segmentassume CS: CODE, DS: CODESTART: SIGNATURE DB 55H, 0AHCOMLENGTH DB 01H; File length 512 byte JMP Near PTR Begin0ReServed DB 20 DUP (?) Begin0: MOV DI, 25MOV AH, 2MOV BH, 0MOV DX, DIMOV DH, 10; move the cursor to the screen INT 10h; 10 rows 25 column; offset string; add add si, 100hshowstr: MOV AH, 9MOV Al, [Si] and DOS Al, 0MOV BL, 0DAHMOV CX, 1INT 10H, MOV AH, 2MOV BH, 0INC DIMOV DX, DIMOV DH, 10INT 10HJMP Showstr; Output string Kbinput: MOV AH, 0INT 16HCMP AH, 3BH; Accept keyboard input JNE Kbinput; press F1 to execute MOV AX, 0; return parameter RETF; Remote call returns String DB 'Hello! Press F1 To Continue ...', 00h; 00h logo string ends ORG 511; File end Checksum DB? When the Code endsend start bullies the above program, when the first screen information is displayed, it will display an red bottom information in the center of the second screen, prompting to press the F1 button to continue, press the F1 button, BIOS continues below Startup step. Display the third screen start message, that is, the original second screen information, and finally load the operating system. The above programs assume that the BIOS will decompress the module to the first operation. The fact is true, but because you don't check the relevant information, you can't definitely always have this. This will be improved in the next Hello program. 3. Hello program two hello programs are running in the BIOS without initialization, so there is more restrictions on the program function, and some BIOS interrupt service does not have, any call to these services will not think about the results.

Considering that the BIOS actually uses INT 19h when the operating system is active, the Hello program is used to use the method of hook 19h interruption. Before the BIOS initialize, the BIOS is initialized, so that all the resources of the entire computer system can be fully utilized. . In addition, it must be pointed out that the module itself has a responsibility to maintain the checksum of the entire module is zero, that is, the ISA module cannot be removed after the memory, the BIOS will check the inspection and judgment module of the module after returning. The correctness, if it is wrong, it will be dead. The module can change the data within its segment during initial runtime, and after the BIOS is initialized, the module can no longer change its own data. Hello Source Procedure 2.Model Tiny.386Code Segmentassume CS: CODE, DS: CODESTART: SIGNATURE DB 55H, 0AHCOMLENGTH DB 01H; File length 512 byte JMP Near PTR Begin0ReServed DB 20 DUP (?) Begin0: Call getip; get module The offset in the start segment; saved in the parameter ipstart MOV AX, 0; hook 19h interrupt MOV ES, AX; saved the original entrance to MOV AX, ES: [64h]; Saveip and Savecsmov Saveip, Axmov AX, ES: [66h] Mov Savecs, Axmov AX, OFFSET Begin1Add AX, IPStartmov ES: [64H], AXMOV ES: [66H], CSMOV AX, 0; Recalculation Code MOV SI, 510; Be careful not to record the last byte Again: Add Ax, CS: [Si] DEC SIJNS AGAINNEG AL; change the last byte MOV CHECKSUM, Al; make the entire module check and zero MOV AX, 0RETF; Remote call returns begin1:; 19h interrupt entry STI; Interrupt PUSHAPUSH ESPUSH DS; Save Call Parameters MOV AX, CSMOV DS, AXMOV AX, 0; Restore the original 19H Interrupt Entry MOV ES, AXMOV AX, SaveIPMOV ES: [64H], AXMOV AX, SAVECSMOV ES: [66H], AX; Basically, the program is used; here is the conservation of space ... instead; ... Mov Si, Offset stringadd Si, IPStart; pay attention; ... Pop DSPOP EspopAint 19h; Inspire 19H interrupt IRETGETIP PROC; get the start Pop Ax of the module; Internal offset quantum program Push ax ax, 29; 29 = Module header plus 3MOV IPStart, Axretgetip endpstring db 'Hello! Press F1 To Continue ...', 00HSAVEIP DW? SAVECS DW? IPSTART DW? ORG 511CHECKSUM DB? CODE ENDSEND When the startHello2 program is executed, the last screen will start the screen. The row shows a black body "Hello! Press F1 To Continue ...", when F1 is pressed, the computer starts loading the operating system.

转载请注明原文地址:https://www.9cbs.com/read-129286.html

New Post(0)