Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / ScsiBus / ScsiBus.md
@Ajax Dong Ajax Dong 2 days ago 7 KB Init
Raw Blame History

ScsiBus

Function Table

Address Name Description
InternalAssertBreakpoint
ScsiBusEntryPoint
ScsiBusDriverBindingEntryPoint
InitializeHobList
ScsiBusDriverBindingSupported
ScsiBusDriverBindingStart
ScsiBusDriverBindingStop
ScsiScanCreateDevice
ScsiInquiryDevice
CopyDevicePathNode
ScsiIoGetDeviceType
ScsiIoGetDeviceLocation
ScsiIoResetBus
ScsiIoResetDevice
ScsiIoExecuteScsiCommand
ScsiBusComponentNameGetDriverName
ScsiBusComponentNameGetControllerName
ScsiBusDebugAssert
ScsiBusZeroMem
FreePool
AsciiStrLen
ReportStatusCodeWithDevicePath
ReadUnaligned64
WriteUnaligned64
CompareUnaligned24
AsciiStrLenSafe
CopyGuid
CompareGuid
IsDevicePathEnd
GetDevicePathSize
Extracted from HR650X BIOS, IDA port 13338, ScsiBus.efi
Binary MD5: 7936aa1e7ccfbeea8cd5fb39b8e95fe3
Image size: 0x37C0 bytes, 53 functions total
Address range: 0x2C0 - 0x2856
This is a UEFI Driver Binding protocol implementation for SCSI bus
EFI_EXT_SCSI_PASS_THRU_PROTOCOL on a controller handle, enumerates SCSI
targets and LUNs via INQUIRY, and produces EFI_SCSI_IO_PROTOCOL on child
handles for each discovered device.
Key structures:
SCSI_TARGET_DEVICE (0x30 bytes, signature 'scsi') - per-controller state
SCSI_IO_PRIVATE_DATA (0x88 bytes, signature 'scio') - per-child/LUN state
GUID DEFINITIONS
GLOBAL VARIABLES
PROTOCOL INSTANCES
FORWARD DECLARATIONS FOR INTERNAL HELPERS
MODULE ENTRY POINT (sub_384 @ 0x384)
Get HOB list (call to sub_2228)
In the binary, sub_2228 initializes gHobList from the system table
configuration table entries by scanning for gEfiHobListGuid.
Install protocols
DRIVER BINDING ENTRY POINT (sub_43C @ 0x43C)
HOBB LIST INITIALIZATION (sub_2228 @ 0x2228)
DRIVER BINDING: Supported (sub_5A8 @ 0x5A8)
Try Extended SCSI Pass Thru first
Status = gBootServices->OpenProtocol (
Validate the RemainingDevicePath
Status = ExtScsiPassThru->GetNextTargetLun (
Fall back to legacy SCSI Pass Thru
DRIVER BINDING: Start (sub_744 @ 0x744)
Get parent device path
Allocate Target Device (0x30 bytes)
TargetDevice = (SCSI_TARGET_DEVICE *)AllocateZeroPool (sizeof (SCSI_TARGET_DEVICE));
Install protocol to identify ourselves on the child handle
Status = gBootServices->InstallProtocolInterface (
If RemainingDevicePath specifies a particular child, handle it now
if (RemainingDevicePath != NULL) {
Report SCSI bus enumeration progress
REPORT_STATUS_CODE_WITH_DEVICE_PATH (
Enumerate all targets/LUNs on this channel/bus
Lun = 0;
Get next target/LUN from the pass-thru protocol
if (ExtSupported) {
Check if this target/LUN is valid via INQUIRY
Status = ScsiScanCreateDevice (
Report SCSI bus enumeration complete
DRIVER BINDING: Stop (sub_AF4 @ 0xAF4)
Stop specific child devices
for (Index = 0; Index < NumberOfChildren; Index++) {
Close the pass-thru protocol from the child
if (ScsiIo->DeviceType & 0x80) {
ExtScsiPassThru mode flag
Uninstall the SCSI IO protocol and device path
Free the private data (0x88 bytes)
FreePool (ScsiIo);
Stop everything (no children specified)
Close all protocols opened for the bus
Uninstall our protocol identifier
Free the SCSI_TARGET_DEVICE (embedded at start of ScsiIo)
SCSI SCAN CREATE DEVICE (sub_11D8 @ 0x11D8)
Build a SCSI device path node from the TargetId/Lun
if (TargetDevice->IsExtPassThru) {
Check if a child already exists for this device path
Status = gBootServices->LocateDevicePath (
Child already exists
Allocate SCSI_IO_PRIVATE_DATA (0x88 bytes)
Private = (SCSI_IO_PRIVATE_DATA *)AllocateZeroPool (sizeof (SCSI_IO_PRIVATE_DATA));
Copy device path node to the private data's buffer
if (DevicePathSize > 0 && DevicePathSize <= 16) {
Set PassThru based on mode
Get max target count for legacy mode
Status = TargetDevice->ScsiPassThru->GetNextTarget (
Perform SCSI INQUIRY
if (ScsiInquiryDevice (Private)) {
Install protocol interfaces on the child handle
Status = gBootServices->InstallMultipleProtocolInterfaces (
Open protocol from parent to child
Error cleanup
if (DevicePathNode != NULL) {
SCSI INQUIRY DEVICE (sub_1438 @ 0x1438)
Set up INQUIRY CDB (6-byte command)
30 seconds
Execute via the pass-thru protocol
if (Private->IsExtPassThru) {
Check peripheral qualifier (bits 7:5 of byte 0)
if ((InquiryData[0] & 0xE0) == 0) {
If device is not ready, retry
if (Status != EFI_TIMEOUT && Status != EFI_NOT_READY) {
COPY DEVICE PATH NODE (sub_15FC @ 0x15FC)
Copy the device path node fields:
if (Length >= 4) {
Copy the device path node to the target buffer
CopyMem (*Target, This + 1, 16);
Lun not directly available from ScsiIo protocol
This function dispatches to the pass-thru protocol's Reset/ResetChannel.
In the binary, it calls either ScsiPassThru->Reset() or
Resets the specific target/LUN, not the whole bus.
Copies the device path node data and calls pass-thru reset.
Dispatch through the appropriate pass-thru protocol.
The binary dispatches via the private data's IsExtPassThru flag.
Status = EFI_UNSUPPORTED;
This driver does not support per-controller names
return EFI_UNSUPPORTED;
STATUS CODE PROTOCOL LOOKUP (sub_181C @ 0x181C)
Try to find via handles
DEBUG ASSERT (sub_1924 @ 0x1924)
Debug assertion: break into debugger
CpuDeadLoop ();
COPY MEM (sub_1964 @ 0x1964)
D += Length;
ZERO MEM (sub_1A04 @ 0x1A04)
SET MEM (sub_1A68 @ 0x1A68)
MEMORY ALLOCATION HELPERS
STRING UTILITIES
REPORT STATUS CODE WITH DEVICE PATH (sub_239C @ 0x239C)
UNALIGNED ACCESS HELPERS (used internally)
PCD STRING LENGTH CHECK (from BaseLib)
COPY GUID (sub_27A0 @ 0x27A0)
COMPARE GUID (sub_27E8 @ 0x27E8)
DEVICE PATH UTILITIES

Generated by HR650X BIOS Decompilation Project