OSDev.org

The Place to Start for Operating System Developers
https://f.osdev.org/

i found a way to write to VMware's BiOS memory area 0xF000 ~ 0xFFFF (0xF0000xFFFFF)

https://f.osdev.org/viewtopic.php?t=57715

Page 1 of 1

i found a way to write to VMware's BiOS memory area 0xF000 ~ 0xFFFF (0xF0000xFFFFF)

Posted: Mon Apr 07, 2025 6:40 am
by ccya
use the following code to operate the Programmable Attribute Map (APM) register to unlock the memory in this area

Code: Select all

EB3CB:
mov ch,30h;或者11h或者10h
mov al,59h;这是pam号
call readpci
mov cl,30h;或者33h
not cl
and ah,cl
or ah,ch
call writepci
mov bx,0f000h
mov es,bx
mov es:[0],bx
jmp $



readpci:
mov     edi, eax
movzx   eax, al
bts     eax, 1Fh
and     al, 0FCh
mov     dx, 0CF8h
out     dx, eax                          ; PCI Configuration Space Address Register
                                         ; bits   7..0: configuration space offset
                                         ; bits  10..8: function number
                                         ; bits 15..11: device number
                                         ; bits 23..16: bus number
mov     eax, edi
mov     dl, al
or      dl, 0FCh
xchg    al, ah
in      al, dx
xchg    al, ah
ret


writepci:
mov     edi, eax
movzx   eax, al
bts     eax, 1Fh
and     al, 0FCh
mov     dx, 0CF8h
out     dx, eax                          ; PCI Configuration Space Address Register
                                         ; bits   7..0: configuration space offset
                                         ; bits  10..8: function number
                                         ; bits 15..11: device number
                                         ; bits 23..16: bus number
mov     eax, edi
mov     dl, al
or      dl, 0FCh
xchg    al, ah
out     dx, al
xchg    al, ah
ret

Re: i found a way to write to VMware's BiOS memory area 0xF000 ~ 0xFFFF (0xF0000xFFFFF)

Posted: Mon Apr 07, 2025 9:55 pm
by Octocontrabass
There are ways to do this on many PCs, both real and virtual. However, it's chipset-specific, and the firmware doesn't expect you to remove its write-protection, so I don't think this will be very useful for most OS developers.

Re: i found a way to write to VMware's BiOS memory area 0xF000 ~ 0xFFFF (0xF0000xFFFFF)

Posted: Mon Apr 07, 2025 10:22 pm
by ccya
Octocontrabass wrote: Mon Apr 07, 2025 9:55 pm There are ways to do this on many PCs, both real and virtual. However, it's chipset-specific, and the firmware doesn't expect you to remove its write-protection, so I don't think this will be very useful for most OS developers.
yes, all BiOS will lock this area, but unlock code are not common, so i think it is still of reference value.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited