Dump and disasm BIOS interrupt handlers -- I need help
Posted: Fri Jun 21, 2013 7:38 pm
Hello everybody,
I'm trying to dump the Bios interrupt handlers so I can disassemble them and use the code eg. set resolution, keyboard...
and to learn how my hardware works.I have a Fujitsu Siemens V5535 laptop with Phoenix First Bios.
I have written a dos .com program in assembly (NASM) to help me do this task.The problem is that the program wont go thru the bios code, it simply freezes the virtual machine or reboots.I wont go into lengths explaining this, I will post my code here.If anyone can help please write.
P.S. Yes I have read Pinczakko's guide and I have 5 years of experience in x86 assembly
I'm trying to dump the Bios interrupt handlers so I can disassemble them and use the code eg. set resolution, keyboard...
and to learn how my hardware works.I have a Fujitsu Siemens V5535 laptop with Phoenix First Bios.
I have written a dos .com program in assembly (NASM) to help me do this task.The problem is that the program wont go thru the bios code, it simply freezes the virtual machine or reboots.I wont go into lengths explaining this, I will post my code here.If anyone can help please write.
P.S. Yes I have read Pinczakko's guide and I have 5 years of experience in x86 assembly
Code: Select all
[bits 16]
org 0x100
mov al,0x10 ; number of the interrupt - int 10h
mov ah,0
call xint ;get vector from IVT
mov dword [intaddr+1],ebx ;store vector after the JMP so later we can do a far jump there
mov di,1 ;number of the interrupt - int 1h
mov bx,codex ;get handler's address (IP)
call setint ;set the IVT
pushf
mov bp,sp
or word [bp],0x0100 ;set trace flag
popf
;;;;;;;;;;;;;;;;;;;
;test code here
mov ax,0x11 ;int 10h function 0 - set video mode 11h
;int 0x10
pushf ;-+ --+
push cs ; |- prepare the stack for IRET |
push here ;-= + = int 10h
intaddr: ; |
jmp 0x0:0x0 ;our vector gets copied here then far jump--+
;;;;;;;;;;;;;;;;;;;
here:
mov ax,0x3c00
mov dx,filename
mov cx,0
int 0x21 ;open file finction
jc err
mov bx,ax
mov ax,0x4000
mov word cx,[bcount]
mov dx,codebuffer
int 0x21 ;write file function
jc err
endd:
xor ax,ax
int 0x20 ;return to DOS
err:
mov ah,0x09
mov dx,errorx
int 0x21
jmp endd
filename db "int.bin",0
errorx dw 0x0d0a,"ERROR!",0x0d0a,"$"
codex:
push bp
push cx
push di
push si
push bx
push ds
push es
back_here:
mov bx,cs
mov es,bx ;set segment registers to this segment
mov ds,bx
mov bp,sp
mov word cx,[bp+14] ;get IP from stack
cmp word [first],1 ;is this the first entry?
jne nextx ;if no jump, if yes continue
mov word [prevIP],cx ;save IP as previousIP
mov cx,codebuffer ;get storage buffer address
mov word [cbpointer],cx ;byte pointer to the storage buffer
mov word [first],0 ;set to 0 so next time no first entry
jmp endc
nextx:
xor edi,edi
xor esi,esi
mov di,[cbpointer] ;get our pointer
mov word bx,[prevIP] ;get previous IP
mov word [prevIP],cx ;save current IP as previous
sub cx,bx ;currentIP - previousIP=instruction size
js back ;if currentIP<previousIP jump ; sign flag=1
inc si ;to set sign flag 0
cmp cx,0x8 ;is instruction(s) 8 byte?
jge back ;jump if greater
add word [bcount],cx ;CX --> byte counter
mov si,bx
mov word bx,[bp+0x10] ;get previous CS - before this handler
mov ds,bx
rpt: ;copy instruction bytes
mov byte bl,[ds:si] ;from BIOS code segment
mov byte [es:di],bl ;to our buffer
inc di
inc si
dec cx
cmp cx,0
jne rpt
mov word [es:cbpointer],di ;save code buffer pointer
endc:
pop es
pop ds
pop bx
pop si
pop di
pop cx
or word [bp+6],0x0100 ;set trace flag
pop bp
iret ;return
back:
mov word [first],0x1 ;go first entry mode
jmp back_here
first dw 0x1 ;yes
prevIP dw 0
cbpointer dw 0
bcount dw 0
codebuffer db 0