OSDev.org

As a side note to this, ram is stored for up to 30 seconds after power off, so it would be posable to have a program on another OS that can dump ram to disk as a graphic file format.
I made a program like this for my OS, to dump whats in ram when powering off windows.
You need to turn the pc power switch off, as reboot code does not work as well.

Its also possable to get passwords using this method.

More info here: http://www.mcgrewsecurity.com/tools/msramdmp/

Hi,

Dex wrote:As a side note to this, ram is stored for up to 30 seconds after power off, so it would be posable to have a program on another OS that can dump ram to disk as a graphic file format.
I made a program like this for my OS, to dump whats in ram when powering off windows.
You need to turn the pc power switch off, as reboot code does not work as well.

Once upon a time I was planning to store "kernel panic" information in RAM and then check for this information during reboot (so that I could tell the user what caused the problem if everything goes badly wrong). What I discovered is that even for a simple reset (e.g. triple fault) the BIOS completely wipes the contents of all RAM on most of the computers I tested. I'd assume turning power off would be worse, due to the BIOS's memory testing during POST.


Cheers,

Brendan

Brendan wrote:What I discovered is that even for a simple reset (e.g. triple fault) the BIOS completely wipes the contents of all RAM on most of the computers I tested.

Are these not predominantly old ones, that still count/verify all the memory on startup? Wiping 4GB of RAM takes more time than my (relatively modern) computer needs to pass the POST.


JAL

A lot of systems no longer do that "rolling" memory check by default, as mentioned by jal.. it takes a long time and people are very impatient these days.

Setting your BIOS to fast boot, helps if you want to dump ram. I have also notest that on triple fault etc, the rebooted PC does not alway work as it would normaly and need to be turn off and wait some secords, for the OS to work as normal, this is the same on hobby OS's or window/linux etc.

Hi,

jal wrote:

Brendan wrote:What I discovered is that even for a simple reset (e.g. triple fault) the BIOS completely wipes the contents of all RAM on most of the computers I tested.

Are these not predominantly old ones, that still count/verify all the memory on startup? Wiping 4GB of RAM takes more time than my (relatively modern) computer needs to pass the POST.

At the time I did my testing it would've been Intel Pentium 4 and older CPUs (mixture of 80486 to P6, with some Cyrix and AMD). Probably about 6 years ago now. I'm not too sure how thorough I was though (I may have only tested a few machines and realised my "panic dump in RAM" idea wouldn't work).

I did get curious and I've done a little research into the latest AMD and Intel CPUs (with hypertransport and QPI, and inbuilt memory controllers).

For AMD CPUs, the inbuilt memory controller has a "hardware memory clear" function, where the memory controller fills all RAM with zeros. For "family 0x0F" CPUs RAM is filled with zeros at power on or reset. For "family 0x10" and "family 0x11" CPUs RAM is also filled with zeros at power on or reset, but the BIOS can also request it any time it likes.

Then I looked at the "Intel Xeon Processor 5500 Series" datasheet. They're amazing.

These CPUs have support RAM chip mirroring (just like RAID-1 for RAM), "once per 24 hour of operation RAM patrolling", lots of logging for all sorts of errors (corrected 1-bit and 2-bit errors, per rank error counters, "loss of redundancy" status registers, etc), RAM speed throttling (and temperature sensors), etc.

More importantly, there's complete RAM testing circuitry built directly into the memory controller, with a test pattern generator and a "do 'n' passes" ability. I couldn't figure out if the inbuilt memory controller can fill the RAM with zeros or not; but the BIOS can tell the memory controller to do 1 (or more) passes of RAM testing during boot (or whenever it likes).

I'd assume that in both cases (AMD and Intel), the memory controller talks to all channels in parallel (with no real CPU involvement needed); and the only thing that limits speed is the bandwidth between the memory controller and the RAM chips it controls (hypertransport or quickpath link speeds and CPU speeds don't matter).

I didn't look at older chipset datasheets (e.g. "Core 2") to see if the north-bridge does something similar to fill or test the RAM chips. I might take a look tomorrow (later today to be honest - I got carried away looking at the "5500 series" datasheet and lost track of time - sunrise is getting close).

Note: I also took a look at the DDR3 specifications (thinking that it'd make perfect sense for the RAM chips to do their own "fill with zero" during reset, or at least support a "fill the entire page with zero" command). There's nothing too interesting in there though (no "set all bits to zero" commands and no required/defined behaviour for the state of bits during/after reset and initialisation).


Cheers,

Brendan