Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / NvdimmSmbusCommon / NvdimmSmbusCommon.md
@Ajax Dong Ajax Dong 2 days ago 4 KB Init
Raw Blame History

NvdimmSmbusCommon

Function Table

Address Name Description
sub_167C
sub_1584
sub_1590
sub_143C
ModuleEntryPoint
Global Data
EFI_HANDLE ImageHandle; // 0x3058
0x3048 EFI_BOOT_SERVICES *BootServices; // 0x3050
0x3060 UINT64 RuntimeServices_0; // 0x3068 - copy of RT
0x3080 - copy of BS
0x3070 UINT64 qword_3078; // 0x3078 - TPL notify event
0x3088 - debug port protocol ptr
0x3090 - HOB list ptr
0x3098 - gDS ptr
0x30A0 - debug level state
0x30B0 - SMM buffer struct
0x30B8 - SMM buffer address
GUID definitions (in .rdata section)
EFI_GUID gEfiDebugPortProtocolGuid = { 0xEBA4E8D2L, 0x3858, 0x41EC, { 0xA2, 0x81, 0x26, 0x47, 0xBA, 0x96, 0x60, 0xD0 } };
Validates parameters and calls sub_1000 to zero memory.
Reads a QWORD from an unaligned pointer with NULL validation.
Compares two GUIDs by reading them as two 64-bit values.
Searches SystemTable->ConfigurationTable for a matching GUID.
Check NumberOfTableEntries (SystemTable + 104 = 0x68, offset of
NumberOfTableEntries in EFI_SYSTEM_TABLE)
if ((UINT64 )(SystemTablePtr + 104) == 0) {
Walk ConfigurationTable array at SystemTable + 112 (= 0x70)
entries are 24 bytes each (GUID + pointer)
for (i = 0;
Table pointer is at offset 16 within each 24-byte entry
Locates and caches the HOB list pointer via the UEFI configuration table.
Sets BootServices_0 to 0. Registered via CreateEvent to track
boot services availability.
Runtime services cleanup for debug port protocol pointer.
Registered via CreateEventEx with EVT_NOTIFY_SIGNAL.
Locates and caches the EFI_DEBUGPORT_PROTOCOL for debug print output.
Uses BootServices->LocateProtocol if available; checks TPL first.
RaiseTPL to TPL_HIGH_LEVEL (31) via BootServices_0 + 24
Tpl = (*(UINT64 (__fastcall )(UINT64))(BootServices_0 + 24))(31);**
BootServices_0 + 320 = LocateProtocol
Status = (*(INT64 (__fastcall )(void , UINT64, UINT64 ))(**
Conditionally outputs debug messages based on the current debug level
stored in CMOS ports 0x70/0x71 (index 0x4B). If a debug port protocol
is available and the message's error level passes the platform filter
the message is forwarded to the protocol's output function.
Read current debug level from CMOS index 0x4B
__outbyte **(0x70, (__inbyte (0x70) & 0x80) 0x4B);**
Clamp to max level 3
N113 = CmosDebugLevel;
Convert to filter mask (level 1 = EFI_D_ERROR, level 2+ = EFI_D_WARN)
DebugLevel = (UINT8)(N113 - 1);
EFI_D_WARN equivalent
EFI_D_WARN ** EFI_D_ERROR**
EFI_D_WARN only
If the message level passes the filter, call debug output
if ((FilterLevel & ErrorLevel) != 0) {
Calls debug output with file, line, and assertion condition.
Primary driver initialization that:
Source references:
NotifyFunction = sub_1584
EVT_NOTIFY_SIGNAL ** EVT_TIMER**
Cache HOB list
sub_167C ();
Locate DXE Services Table by GUID
Result = sub_15B8 ((UINT64)&gEfiDxeServicesTableGuid, &qword_3098);
Allocates SMM communication buffer, zeros it, and installs the
gEfiSmbusHcProtocolGuid protocol for NONSMM<->SMM interface.
AllocateRuntimePages (type 1 = EfiRuntimeServicesData, 10 pages)
Status = (*(INT64 (__fastcall )(UINT64, UINT64, UINT64, UINT64 ))(*
AllocateAnyPages 10, // Pages
EfiRuntimeServicesData &Buffer
Log the SMM communication buffer address
sub_14C4 (
Zero the communication buffer (15 bytes for the SMBUS interface)
sub_13D8 ((char *)Buffer, 0x0F);
Zero the local buffer structure
sub_13D8 ((char *)&buf_, 0x10);
Initialize the SMM communication structure
buf_0 = Buffer; // SMM buffer pointer
Protocol revision or initialized flag
Status = (*(INT64 (__fastcall )(EFI_HANDLE , void , UINT64, char ))(*
DXE driver entry point.
Initializes services, allocates SMM communication buffer, installs
the SMBUS NONSMM<->SMM interface protocol.
Clean up: close protocol notify events

Generated by HR650X BIOS Decompilation Project