Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / SmbiosDataUpdateDxeNeonCityFPGA / SmbiosDataUpdateDxeNeonCityFPGA.md
@Ajax Dong Ajax Dong 2 days ago 11 KB Init
Raw Blame History

SmbiosDataUpdateDxeNeonCityFPGA

Function Table

Address Name Description
MmioPciRead32
DebugPrint
DebugAssert
ReadUnaligned32
ReadUnaligned64
WriteUnaligned64
IsGuidEqual
FreePoolAssert
GetConfigurationTable
GetPlatformLanguage
GetNextSmbiosString
UpdateSmbiosRecord
RemoveSmbiosRecordsByType
RemoveSingleSmbiosRecord
AsciiStrLen
AsciiStrSize
StrnLenS
AsciiStrnLenS
UnicodeStrnToAsciiStrS
UpdateSmbiosString
UpdateSmbiosType08
UpdateSmbiosType09
UpdateSmbiosType41
SmbiosUpdateCallback
RegisterHiiPackageList
InitializeDriver
RegisterSmbiosUpdate
ModuleEntryPoint
Global variable declarations (from UEFI library headers and this module)
System table and boot services (set by sub_38C, consumed by all functions)
0x3928 static EFI_HII_DATABASE_PROTOCOL *gHiiDatabase = NULL; // 0x3948
0x3930 static EFI_HII_FONT_PROTOCOL *gHiiFont = NULL; // 0x3940
0x3938 static VOID *gHobList = NULL; // 0x3920
0x3958 static EFI_SMBIOS_PROTOCOL *gSmbios2 = NULL; // 0x3968
0x3970 static EFI_SMBIOS_PROTOCOL *gSmbios4 = NULL; // 0x3978
0x3960 static EFI_HII_HANDLE gSmbiosStringPack = NULL; // 0x38F0
0x3980 static EFI_DXE_SERVICES *gDS = NULL; // 0x3950
Debug output protocol and HOB list
0x3918 (DebugLib protocol)
sub_280 at 0x280 memset to 0 in 8-byte chunks plus trailing bytes
sub_300 at 0x300 + sub_20AC at 0x20AC
CopyMem implementation with forward/backward overlap detection
PCI config access via MmPciBase (USRA protocol)
sub_2064 at 0x2064
Build **the USRA address: (Bus Device<<8 Func<<13) << 12 + Register**
Call MmPciBase->Read(Address) at offset +24 (0x18)
Debug output functions
sub_1044 at 0x1044
Allocates 31 bytes then frees as a guard, then calls LocateProtocol
for the DebugLib protocol GUID at 0x31C0
Only proceed if AllocatePool succeeded (environments may not have it)
sub_10C4 at 0x10C4
Read CMOS register 0x4B via RTC ports 0x70/0x71
0x4B = CMOS debug level register
Values > 3 are invalid use current value unless it's 0
sub_114C at 0x114C
ReadUnaligned helpers
sub_12AC at 0x12AC
sub_12DC at 0x12DC
sub_130C at 0x130C
sub_11D4 at 0x11D4
Memory allocation helpers
sub_137C at 0x137C
sub_13A4 at 0x13A4
UEFI configuration table / HOB list operations
sub_13E8 at 0x13E8 (EfiGetSystemConfigurationTable)
sub_16E8 at 0x16E8
Language / platform string operations
sub_14AC at 0x14AC
sub_15A4 at 0x15A4
Skip over semicolons
Fall back to first language in SupportedLanguages
HII string and package operations
sub_1A44 at 0x1A44
Skip the "Language" lookup used in the original code
which calls gHiiString->GetString() at [gHiiString + 0x18] (offset +24)
Query required buffer size
Language string (or NULL for auto)
sub_176C at 0x176C (full version with language resolution)
Get platform language
The HII handle might need language-specific string resolution
FindLanguage would select the best match
Fallback to default language
SMBIOS string management
sub_1DC8 at 0x1DC8
Original code: reads from offset +1
End of string area
String too long, abort
sub_1E1C at 0x1E1C calls gSmbios3->RemoveString(0, -2, Buffer)
and gSmbios3->Add()
Lazy init of gSmbios3
Remove all strings from the record (StringId=0, then call with -2 marker)
then add the record
sub_1FB4 at 0x1FB4
Lazy init gSmbios2
Count existing records of this type
Remove each record
sub_1F50 at 0x1F50
Lazy init gSmbios4
String handling utilities
sub_2148 at 0x2148
sub_21B4 at 0x21B4
Equivalent to AsciiStrLen(String) + 1
sub_2280 at 0x2280
Must be 2-byte aligned
sub_22E8 at 0x22E8
sub_2314 at 0x2314
Check overlap
Overlap detected
Perform the copy, narrowing CHAR16 to CHAR8
Must fit in CHAR8
HII string concatenation with SMBIOS record update
sub_1AE8 at 0x1AE8
Convert Unicode to ASCII
Find the string's insertion position in the SMBIOS string area
Skip strings for higher language indices
Count this string as 1 language variant
NULL byte skip
Build the concatenated string area
Copy header + strings before insertion point
Copy new string
Copy remaining string area
Calculate final size
SMBIOS Type 8 update (Port Connector Information)
Data table for SMBIOS type 8 port connector entries.
Each entry is 10 bytes (5 words), defining the string token IDs for each
port slot on this platform. There are 0x15 (21) entries one per slot.
Entry structure (10 bytes = 5 x UINT16):
Word 0: String token for PortInternalConnectorDesignator
Word 1: String token for PortExternalConnectorDesignator (repeated for second string)
Byte at +4: port type byte for internal variant
Byte at +5: port type byte for external variant
Byte at +6: port type byte
Byte at +7: port type byte
Byte at +8: port type byte
Byte at +9: port type byte (continued)
sub_77C at 0x77C
Table of string token ID pairs for each of the 21 port connector entries.
Each entry occupies 10 bytes:
static const UINT8 mPortConnectorTable[0x15 * 10] = {
strId1 strId2 typ1 typ2 ptyp ext misc misc
Index 0
Index 1
Index 2
Index 3
Index 4
Index 5
Index 6
Index 7
Index 8
Index 9
Index 10
Index 11
Index 12
Index 13
Index 14
Index 15
Index 16
Index 17
Index 18
Index 19
Index 20
Initialize SMBIOS type 8 record header
8 Type8Rec->Hdr.Length = sizeof (SMBIOS_TABLE_TYPE8); // 9
0xFFFE // Set port connector fields from table
Get HII strings for this port
sub_77C returns 0x8000000000000009
Update the second string if present
Second pair of string IDs
repeated as per original table layout
Submit or update the SMBIOS record
SMBIOS Type 9 update (System Slot Information)
sub_A20 at 0xA20
9 Type9Rec->Hdr.Length = 17; // 0x11
0xFFFE // Clear reserved flags
Bit 2: 3.3V
Bit 0: reserved
Determine PCI device/function from index
PCIe Slot 1
0x0B6 = PCI Express x16
x16 break;
PCIe Slot 2
0x0B5 = PCI Express x8
PCIe Slot 3
PCI Express x16
PCIe Slot 4
PCIe Slot 5
PCIe Slot 6
PCI Express x8
PCIe Slot 7
OCP (mezzanine) slot
0x0A1 = OCP NIC 3.0
Read PCI vendor/device via MmPciBase to detect presence
No device present
Read programming interface / revision
Read segment group / bus number
Set slot characteristics based on function
Device present check for hotplug
Use hotplug or default
Get HII string for slot designation
Slot 1 designation
Slot 2 designation
Slot 3 designation
Slot 4 designation
Slot 5 designation
Slot 6 designation
Slot 7 designation
OCP slot designation
Submit record
SMBIOS Type 41 update (Onboard Devices Extended Information)
sub_D98 at 0xD98
41 Type41Rec->Hdr.Length = 11; // 0x0B
0xFFFE Type41Rec->Type = 1; // Other
Enabled switch (Index) {
Onboard SATA controller
SATA or other
Token 28
Onboard USB controller
Token 29
Onboard network / BMC
Token 30
Extended info
Onboard management controller
Token 31
Get HII string for this device
SATA 29, // USB
LAN 31 // BMC
UBA SmbiosUpdate callback (main entry for SMBIOS record updates)
sub_F54 at 0xF54
Step 1: Update SMBIOS type 8 records (21 port connectors)
Step 2: Remove old type 9 records, then recreate 8 slot records
Step 3: Remove old type 41 records, then recreate 4 device records
Free temp buffer
HII package list management
sub_1908 at 0x1908
Build a properly formatted package list from the raw GUID + string data
The raw package list starts with GUID + size header
Calculate total buffer size
Allocate buffer for the package list
Copy the raw data and package
Copy GUID (from 0x3890 area) and package data
Copy string packages
Offset 0x20 in buffer = first string package
Register via HII database protocol
Driver initialization
sub_38C at 0x38C
Actually gEfiHiiConfigRoutingProtocolGuid
Driver entry point register UBA SmbiosUpdate callback
sub_654 at 0x654
Locate the UBA board protocol
Same GUID as RomLayoutDxe uses
Copy board protocol GUID into the protocol interface
Register HII package list
Build the SmbiosUpdate callback registration block
v6 layout:
Get the UBA SmbiosUpdate protocol (event protocol at 0x31E0)
Update type for SMBIOS data
Register the callback with the UBA SmbiosUpdate protocol
_ModuleEntryPoint at 0x370

Generated by HR650X BIOS Decompilation Project