(06-29-2012, 02:45 AM)jkbuha Wrote: [ -> ]hey ryan - good to have you on board this project as well!
Not sure I have SetupBrowser module in my Dell BIOS - where did you look?
Also - why would you think this would contain any menu templates - have you seen something like this happening elsewhere?
I found it in the main bios file before you extract F33... .rom to get to the rest of the modules. I don't know that it would have any templates, but perhaps it would have code that could lead to understanding why some menus are shown, and why some aren't. I could be way off.. I'm still just learning how the specification works.
Interesting. I have a similar module, though mine is called:
10f020 UserInterface (SystemFlashUpdateDriverDxe.efi) - Size 66
What is your machine?
(06-29-2012, 05:45 AM)jkbuha Wrote: [ -> ]Interesting. I have a similar module, though mine is called:
10f020 UserInterface (SystemFlashUpdateDriverDxe.efi) - Size 66
What is your machine?
Dell L702x (non-3D) I'm working with bios revision A17
Sorry, I meant the physical file, not the firmware volume. My BIOS has three FV's at the top level, two of which have the same GUID. The {F33...}.rom module and SystemFlashUpdateDriverDxe are together in one, and SetupBrowser is found in the other.
(06-29-2012, 05:51 AM)ryan_975 Wrote: [ -> ]Sorry, I meant the physical file, not the firmware volume. My BIOS has three FV's at the top level, two of which have the same GUID. The {F33...}.rom module and SystemFlashUpdateDriverDxe are together in one, and SetupBrowser is found in the other.
I only have one (I think) - when I extract BIOS1.WPH I get the F33.. ROM, a couple of padding ROMs and a final ROM (C8AB... .ROM) which both mmtool and PhoenixDell tools tell me is corrupt.
Out of interest, from BIOS A01 to A17, did you notice any menu changes? If so we could start looking at the difference in BIOS structures between any two versions with different menu items.
(06-29-2012, 06:37 AM)jkbuha Wrote: [ -> ] (06-29-2012, 05:51 AM)ryan_975 Wrote: [ -> ]Sorry, I meant the physical file, not the firmware volume. My BIOS has three FV's at the top level, two of which have the same GUID. The {F33...}.rom module and SystemFlashUpdateDriverDxe are together in one, and SetupBrowser is found in the other.
I only have one (I think) - when I extract BIOS1.WPH I get the F33.. ROM, a couple of padding ROMs and a final ROM (C8AB... .ROM) which both mmtool and PhoenixDell tools tell me is corrupt.
Out of interest, from BIOS A01 to A17, did you notice any menu changes? If so we could start looking at the difference in BIOS structures between any two versions with different menu items.
I started with A12, but going to A17 I noticed no differences.
Oh and I figured out what I was doing wrong. I was opening the executable as a whole not realizing there were multiple firmware images embeded within it. After extracting the WinFlash folder from the .exe, I see BIOS1.WPH and FvRecovery.fd. SetupBrowser.efi is in FvRecovery.
(06-29-2012, 06:44 AM)ryan_975 Wrote: [ -> ]I started with A12, but going to A17 I noticed no differences.
Oh and I figured out what I was doing wrong. I was opening the executable as a whole not realizing there were multiple firmware images embeded within it. After extracting the WinFlash folder from the .exe, I see BIOS1.WPH and FvRecovery.fd. SetupBrowser.efi is in FvRecovery.
No worries - got me excited there for a minute
You did get me thinking about something else though - what if the table is stored in another module? If so that would mean that the PlatformSetupAdvancedDxe module would have to call this module separately. I cannot find any traces in the setup module that loads up another module (apart from itself, which is weird). Unless I'm missing something that is.
Some interesting sounding modules in the Dell BIOS (which could have some clues into the menu options) are:
SystemSetup2Dxe
SystemKeyDescDxe
SystemOsb
PlatformSetup
DellVariableInitDxe
SystemFormBrowser2Dxe
SystemFormBrowserLayoutDxe
SystemSetupMainDxe
DellHddPwdVariableInitDxe
Problem is - I'm not sure what to look for...
From what I understand, modules don't call other modules (except for the Pei and Dxe foundations). They publish interfaces and protocols to the various services tables provided by UEFI, and can use interfaces and protocols already published. For modules with dependencies on other module's interfaces, one of the files dumped by Phoenix Tool will contain a dependency expression. A dependency expression is just single byte opcodes and 16-byte GUID's. I'm thinking that it might be possible to track down the actual menu display routine by following the dependencies. From there it should be easy enough to see how it decides which menu options get shown, and which don't.
If that's the case, and if I understand you correctly, there would be a series of bytes, followed by a series of GUIDs? How large would you expect the file to be, as there a significant number of smaller files in the entire BIOS?
If you have a sample file (or an example of how this could look) it would be greatly appreciated
Depexes are postfix, so you push the GUIDs you want to work with onto a stack, then perform the desired operation on them(which pops the GUIDs off the stack). The result is pushed onto the stack and the process repeated until the END opcode is reached. If the entire depex evaluates to true, the module is loaded and executed. if not, the module is pushed back into the queue to try again later.
Depexes (if there are any) are usually in the _2_ file. Most of the ones I've looked at begin with the byte 0x02 (the PUSH opcode) and all of them so far have ended with the byte 0x08 (the END opcode).
A couple examples:
The file 6CDF9BAA-0934-43C2-A85F-286386097604_2_1156.rom (SystemHddPwdSmm.efi) contains the following depex:
Code:
02 4D 95 90 13 95 DA 27 42 93 28 72 82 C2 17 DA
A8 02 73 B7 41 E5 11 DD 0C 42 B0 26 DF 99 36 53
F8 BF 03 02 5F 8A 18 69 BD 6B C7 46 9C 16 55 F1
94 BE FC DF 03 02 68 D6 B3 D0 CF 16 EB 4F 95 F5
1C A3 69 3C FE 56 03 02 67 45 23 01 AB 89 EF CD
01 23 45 67 89 AB CD EF 03 08
breaking it down you get
02 : push
4D 95 90 13 95 DA 27 42 93 28 72 82 C2 17 DA A8 : GUID
02 : push
73 B7 41 E5 11 DD 0C 42 B0 26 DF 99 36 53 F8 BF : GUID
03 : and
02 : push
5F 8A 18 69 BD 6B C7 46 9C 16 55 F1 94 BE FC DF : GUID
03 : and
02 : push
68 D6 B3 D0 CF 16 EB 4F 95 F5 1C A3 69 3C FE 56 : GUID
03 : and
02 : push
67 45 23 01 AB 89 EF CD 01 23 45 67 89 AB CD EF : GUID
03 : and
08 : end
(I don't know if the GUID are in little endian or not)
In the file 1C6B2FAF-D8BD-44D1-A91E-7321B4C2F3D1_2_23.rom (SystemBootScriptSaveDxe.efi) you see
which breaks down to
06 : true
08 : end
So basically, this module has no dependencies and will always load when it's discovered by the DXE dispatcher.
I hope all that makes sense.
Yes, except that I cannot find any of the GUID files that are referenced from the push statement
for instance, push 73 B7 41 E5....8F
I can't find a 73B7....ROM, or a B773....ROM, or any combination, big or little-endian.
Do you know how variables in the stack are dimensioned (single byte, double, quad etc)?