#include "CrystalRidge.h"
//
// CrystalRidge - UEFI Module (Regenerated from IDA)
// Total functions: 13
//
// Function: Memset @ 0xffd685fc (0x15 bytes)
// Index: 1/13
void *__cdecl Memset(void *buf, unsigned int count, char value)
{
memset(buf, value, count); /*0xffd68609*/
return buf; /*0xffd6860f*/
}
// Function: SetMem32Strided @ 0xffd6861c (0x1f bytes)
// Index: 2/13
int __cdecl SetMem32Strided(int Buffer, int Index, int ValueLo, int ValueHi)
{
do /*0xffd68635*/
{
*(_DWORD *)(Buffer + 8 * Index - 8) = ValueLo; /*0xffd6862d*/
*(_DWORD *)(Buffer + 8 * Index-- - 4) = ValueHi; /*0xffd68631*/
}
while ( Index ); /*0xffd68635*/
return Buffer; /*0xffd68639*/
}
// Function: Memset32 @ 0xffd6863c (0x15 bytes)
// Index: 3/13
void *__cdecl Memset32(void *buf, unsigned int count, int value)
{
memset32(buf, value, count); /*0xffd68649*/
return buf; /*0xffd6864f*/
}
// Function: Memmove @ 0xffd6865c (0x3f bytes)
// Index: 4/13
char *__cdecl Memmove(char *dst, char *src, unsigned int count)
{
unsigned int count_1; // edx
char *dst_1; // edi
char *src_1; // esi
count_1 = count; /*0xffd68666*/
if ( src < dst && &src[count - 1] >= dst ) /*0xffd68674*/
{
src_1 = &src[count - 1]; /*0xffd68688*/
dst_1 = &dst[count - 1]; /*0xffd6868a*/
}
else
{
count_1 = count & 3; /*0xffd68678*/
qmemcpy(dst, src, 4 * (count >> 2)); /*0xffd68681*/
src_1 = &src[4 * (count >> 2)]; /*0xffd68681*/
dst_1 = &dst[4 * (count >> 2)]; /*0xffd68681*/
}
qmemcpy(dst_1, src_1, count_1); /*0xffd68691*/
return dst; /*0xffd68698*/
}
// Function: _ModuleEntryPoint @ 0xffd686bc (0x5 bytes)
// Index: 5/13
// (too small: 0x5 bytes)
// Function: GenerateSwSmiForNonceRestore @ 0xffd686c1 (0x1c bytes)
// Index: 6/13
// EndOfPei callback: print debug message, trigger SW SMI 0xFB via IO port 0xB2 to restore nonce
int GenerateSwSmiForNonceRestore()
{
CrystalRidgeDebugPrint(0x80000000, "[CR] (PEI) Generating SW SMI for Nonce restoration\n"); /*0xffd686cb*/
__outbyte(0xB2u, 0xFBu); /*0xffd686d9*/
return 0; /*0xffd686dc*/
}
// Function: CrystalRidgePeimEntry @ 0xffd686dd (0x7a bytes)
// Index: 7/13
// PEIM entry: registers EndOfPei notify for CrystalRidge nonce restoration. On production systems locates CrystalRidge PPI and triggers SW SMI (0xB2/0xFB) for nonce restore.
int CrystalRidgePeimEntry()
{
int Status; // esi
int PeiServicesTable; // eax
int PeiServices; // eax
int NotifyStatus; // eax
int CrystalRidgePpi; // eax
int BootMode; // [esp+8h] [ebp-4h] BYREF
Status = 0; /*0xffd686ed*/
CrystalRidgeDebugPrint(0x80000000, "[CR] (PEI) Register EndOfPei Notify for Nonce restoration\n"); /*0xffd686f0*/
PeiServicesTable = GetPeiServicesTable(); /*0xffd686f5*/
(*(void (__cdecl **)(int, int *))(*(_DWORD *)PeiServicesTable + 40))(PeiServicesTable, &BootMode); /*0xffd68701*/
if ( BootMode == 17 ) /*0xffd6870b*/
{
PeiServices = GetPeiServicesTable(); /*0xffd6870d*/
NotifyStatus = (*(int (__cdecl **)(int, void *))(*(_DWORD *)PeiServices + 36))( /*0xffd6871a*/
PeiServices,
&gCrystalRidgeNotifyDescriptor);
Status = NotifyStatus; /*0xffd6871d*/
if ( NotifyStatus < 0 ) /*0xffd68723*/
{
CrystalRidgeDebugPrint(0x80000000, "\nASSERT_EFI_ERROR (Status = %r)\n", NotifyStatus); /*0xffd6872c*/
CrystalRidgePpi = LocateCrystalRidgePpi(); /*0xffd68734*/
if ( CrystalRidgePpi ) /*0xffd6873b*/
(*(void (__cdecl **)(const char *, int, const char *))(CrystalRidgePpi + 4))( /*0xffd68749*/
"e:\\hs\\PurleySktPkg\\Pei\\CrystalRidge\\CrystalRidgePeim.c",
109,
"!EFI_ERROR (Status)");
}
}
return Status; /*0xffd6874f*/
}
// Function: LocateCrystalRidgePpi @ 0xffd68757 (0x31 bytes)
// Index: 8/13
int LocateCrystalRidgePpi()
{
int PeiServicesTable; // eax
_BYTE InterfaceBuffer[4]; // [esp+0h] [ebp-8h] BYREF
int PpiInterface; // [esp+4h] [ebp-4h] BYREF
PeiServicesTable = GetPeiServicesTable(); /*0xffd6875c*/
if ( (*(int (__cdecl **)(int, struct EFI_GUID *, _DWORD, _BYTE *, int *))(*(_DWORD *)PeiServicesTable + 32))( /*0xffd6877b*/
PeiServicesTable,
&gCrystalRidgeGuid,
0,
InterfaceBuffer,
&PpiInterface) >= 0 )
return PpiInterface; /*0xffd68781*/
else
return 0; /*0xffd6877d*/
}
// Function: CrystalRidgeDebugPrint @ 0xffd68788 (0x2a bytes)
// Index: 9/13
int CrystalRidgeDebugPrint(int ErrorLevel, char *[CR]_(PEI)_Generating_SW_SMI_for_Nonce_restoration_n, ...)
{
int PpiRawPtr; // eax
int (__cdecl **PpiFuncTable)(int, char *, char *); // esi
va_list va; // [esp+10h] [ebp+Ch] BYREF
va_start(va, [CR]_(PEI)_Generating_SW_SMI_for_Nonce_restoration_n);
PpiRawPtr = LocateCrystalRidgePpi(); /*0xffd68789*/
PpiFuncTable = (int (__cdecl **)(int, char *, char *))PpiRawPtr; /*0xffd6878e*/
if ( PpiRawPtr ) /*0xffd68792*/
{
PpiRawPtr = IsManufacturingMode(); /*0xffd68794*/
if ( (PpiRawPtr & ErrorLevel) != 0 ) /*0xffd6879f*/
return (*PpiFuncTable)(ErrorLevel, [CR]_(PEI)_Generating_SW_SMI_for_Nonce_restoration_n, (char *)va); /*0xffd687ab*/
}
return PpiRawPtr; /*0xffd687b0*/
}
// Function: CrystalRidgeDebugAssert @ 0xffd687b2 (0x1e bytes)
// Index: 10/13
int __cdecl CrystalRidgeDebugAssert(int PeiServices____((void__)_0), int PeiServicesVal, const char *Expression)
{
int LineNumber; // edx
int ParamExpression; // ecx
int LineNumber_1; // esi
int ParamExpression_1; // edi
int PpiInterface; // eax
LineNumber_1 = LineNumber; /*0xffd687b4*/
ParamExpression_1 = ParamExpression; /*0xffd687b6*/
PpiInterface = LocateCrystalRidgePpi(); /*0xffd687b8*/
if ( PpiInterface ) /*0xffd687bf*/
return (*(int (__cdecl **)(int, int, int))(PpiInterface + 4))( /*0xffd687c7*/
ParamExpression_1,
LineNumber_1,
PeiServices____((void__)_0));
return PpiInterface; /*0xffd687cd*/
}
// Function: IsManufacturingMode @ 0xffd687d0 (0x4f bytes)
// Index: 11/13
// Read CMOS 0x4A to detect manufacturing/debug mode. Returns:
// 0 = manufacturing mode
// -2147483644 (0x80000004) = debug mode
// -2147483578 (0x80000046) = unknown mode
// Checks memory at 0xFDAF0490 for override
int IsManufacturingMode()
{
unsigned __int8 CmosSave; // al
char ModeByte; // al
char ModeDecoded; // cl
CmosSave = __inbyte(0x70u); /*0xffd687d6*/
__outbyte(0x70u, CmosSave & 0x80 | 0x4A); /*0xffd687db*/
ModeByte = __inbyte(0x71u); /*0xffd687e2*/
ModeDecoded = ModeByte; /*0xffd687e3*/
if ( (unsigned __int8)ModeByte <= 3u ) /*0xffd687e8*/
{
LABEL_4:
if ( !ModeDecoded ) /*0xffd68803*/
return 0; /*0xffd68803*/
goto LABEL_5; /*0xffd68803*/
}
ModeDecoded = gManufacturingModeDetect; /*0xffd687ea*/
if ( !gManufacturingModeDetect ) /*0xffd687f2*/
{
ModeDecoded = MEMORY[0xFDAF0490] & 2 | 1; /*0xffd687fe*/
goto LABEL_4; /*0xffd687fe*/
}
LABEL_5:
if ( ModeDecoded != -1 )
return ModeDecoded != 1 ? -2147483578 : -2147483644;
return 0; /*0xffd6881b*/
}
// Function: GetPeiServicesTable @ 0xffd6881f (0x32 bytes)
// Index: 12/13
int GetPeiServicesTable()
{
int PeiServices; // esi
int PeiServicesAddr; // [esp+0h] [ebp-Ch]
_BYTE Idtr[6]; // [esp+4h] [ebp-8h] BYREF
ReadIdtr(Idtr); /*0xffd68828*/
PeiServices = *(_DWORD *)(*(_DWORD *)&Idtr[2] - 4); /*0xffd68830*/
if ( !PeiServices ) /*0xffd68835*/
CrystalRidgeDebugAssert((int)"PeiServices != ((void *) 0)", PeiServicesAddr, *(const char **)Idtr); /*0xffd68844*/
return PeiServices; /*0xffd6884c*/
}
// Function: ReadIdtr @ 0xffd68851 (0x23 bytes)
// Index: 13/13
// (decompile failed for ReadIdtr @ 0xffd68851)
Ajax Dong