diff --git a/AmiModulePkg/GenericSio/SmmGenericSio/README.md b/AmiModulePkg/GenericSio/SmmGenericSio/README.md index 767d2a9..bc34e7a 100644 --- a/AmiModulePkg/GenericSio/SmmGenericSio/README.md +++ b/AmiModulePkg/GenericSio/SmmGenericSio/README.md @@ -12,11 +12,16 @@ ## Key Functions - **ModuleEntryPoint** -- Standard SMM driver entry; library init and SIO configuration -- **sub_594** -- AutoGen library constructor -- **sub_1570** -- Core SMM Generic SIO initialization (chip detection, logical device config) -- **sub_18BC** -- Library destructor -- **sub_3B0** -- Manual unload handler -- **sub_1A5C** -- Error handler for SIO init failures +- **SmmGenericSioAutoGenConstructor** -- AutoGen library constructor entry from build output +- **SmmGenericSioInitialize** -- Core SMM Generic SIO initialization (chip detection, logical device config) +- **SmmGenericSioAutoGenDestructor** -- AutoGen cleanup hook +- **SmmGenericSioUnload** -- Manual unload path used for runtime unwind/teardown +- **SmmGenericSioHandleInitializeError** -- Error handler for SIO init failures + +## Module Split (Recovered) + +- `SmmGenericSio.h` contains the function prototypes used by the SMM entry shim and AutoGen helpers. +- `SmmGenericSio.c` provides `ModuleEntryPoint`, which wires AutoGen constructor / init / destructor and handles final status/error reporting. ## Protocols @@ -28,4 +33,4 @@ - **Build:** HR6N0XMLK DEBUG_VS2015 X64 - **Source:** AmiModulePkg/GenericSio/SmmGenericSio -- **Part of:** HR650X BIOS SMM infrastructure (indices 0195-0199, 0201-0203) \ No newline at end of file +- **Part of:** HR650X BIOS SMM infrastructure (indices 0195-0199, 0201-0203) diff --git a/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md b/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md index 04a8b79..a2b9d9c 100644 --- a/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md +++ b/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md @@ -4,8 +4,22 @@ | Address | Name | Description | |---------|------|-------------| -| | **ModuleEntryPoint** | | -| rcx | **__int64 v4; // rax EFI_STATUS v5; // rbx sub_594(ImageHandle); qword_3DA8 = 0x8000000000000001uLL; if ( !sub_310(&unk_3CB0) ) { v4 = sub_1570(v3, SystemTable); if ( v4 >= 0 || qword_3DA8 < 0 ) qword_3DA8 = v4; sub_18BC(&unk_3CB0); sub_3B0(&unk_3CB0, -1); sub_187C( "e:\\hs\\Build\\HR6N0XMLK\\DEBUG_VS2015\\X64\\AmiModulePkg\\GenericSio\\SmmGenericSio\\DEBUG\\AutoGen.c", 393, "((BOOLEAN)(0==1))"); sub_187C( "e:\\hs\\Build\\HR6N0XMLK\\DEBUG_VS2015\\X64\\AmiModulePkg\\GenericSio\\SmmGenericSio\\DEBUG\\AutoGen.c", 408, "((BOOLEAN)(0==1))"); } v5 = qword_3DA8; if ( qword_3DA8 < 0 ) sub_1A5C(); return v5; }** | | +| Entry point | **ModuleEntryPoint** | SMM entry callback. It invokes `SmmGenericSioAutoGenConstructor`, initializes shared AutoGen state at `mSmmGenericSioEntryStatus`, and continues only if `SmmGenericSioInitHook(&mSmmGenericSioAutoGenContext)` succeeds. | +| Initialization path | **SmmGenericSioAutoGenConstructor** / **SmmGenericSioInitHook** / **SmmGenericSioInitialize** / **SmmGenericSioAutoGenDestructor** / **SmmGenericSioUnload** / **SmmGenericSioDebugAssert** / **SmmGenericSioHandleInitializeError** | Runtime flow: constructor → init-hook gate; core init updates `mSmmGenericSioEntryStatus` through `SmmGenericSioInitialize`; destructor/unload/assert are executed before final error-handling path checks `mSmmGenericSioEntryStatus` and dispatches `SmmGenericSioHandleInitializeError` when negative. | + +### Recovered Placeholder Mapping + +| Decomp Symbol | Recovered Name | +|---------------|----------------| +| `sub_594` | `SmmGenericSioAutoGenConstructor` | +| `sub_310` | `SmmGenericSioInitHook` | +| `sub_1570` | `SmmGenericSioInitialize` | +| `sub_18BC` | `SmmGenericSioAutoGenDestructor` | +| `sub_3B0` | `SmmGenericSioUnload` | +| `sub_187C` | `SmmGenericSioDebugAssert` | +| `sub_1A5C` | `SmmGenericSioHandleInitializeError` | +| `qword_3DA8` | `mSmmGenericSioEntryStatus` | +| `unk_3CB0` | `mSmmGenericSioAutoGenContext` | --- -*Generated by HR650X BIOS Decompilation Project* \ No newline at end of file +*Generated by HR650X BIOS Decompilation Project* diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c index 004dc95..0dada19 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c @@ -24,10 +24,10 @@ UINT8 gSmmMode = 0; // 0x1A50 VOID *gSmmIoProtocol = NULL; // 0x1A58 UINT8 gSmmIoPhase = 0; // 0x1A60 -VOID *gDxeDebugLib = NULL; // 0x1A68 +VOID *gSmmDebugLibAlt = NULL; // 0x1A68 VOID *gDxeIoProtocol = NULL; // 0x1A70 EFI_RUNTIME_SERVICES *gRTLocal = NULL; // 0x1A78 -VOID *gDxeDebugMask = NULL; // 0x1A80 +VOID *gDxeDebugLib = NULL; // 0x1A80 EFI_SYSTEM_TABLE *gSTLocal = NULL; // 0x1A88 VOID *gAmiBufferValidation = NULL; // 0x1A90 UINT8 gCmosValue = 0; // 0x1A98 @@ -53,10 +53,10 @@ #define byte_1A50 gSmmMode #define qword_1A58 gSmmIoProtocol #define byte_1A60 gSmmIoPhase -#define qword_1A68 gDxeDebugLib +#define qword_1A68 gSmmDebugLibAlt #define qword_1A70 gDxeIoProtocol #define qword_1A78 gRTLocal -#define qword_1A80 gDxeDebugMask +#define qword_1A80 gDxeDebugLib #define qword_1A88 gSTLocal #define qword_1A90 gAmiBufferValidation #define byte_1A98 gCmosValue @@ -69,9 +69,27 @@ // // Recovered function naming map: -// _ModuleEntryPoint -- entry point +// _ModuleEntryPoint -- UEFI SMM entry point // sub_44C -> LegacySmmSredirAutoGenInit // sub_618 -> LegacySmmSredirDriverEntry +// sub_C58 -> LegacySmmSredirMainDispatch +// sub_9E8 -> LegacySmmSredirRegisterCommunicationServices +// sub_6CC -> LegacySmmSredirHandleCommunicate +// sub_93C -> LegacySmmSredirDisableCommunicateHandler +// sub_944 -> LegacySmmSredirRegisterProtocolNotification +// sub_9C0 -> LegacySmmSredirNotificationCallback +// sub_2A0 -> LegacySmmSredirSaveJumpContext +// sub_340 -> LegacySmmSredirRestoreJumpContext +// sub_D78 -> LegacySmmSredirValidateJumpContext +// sub_DC0 -> LegacySmmSredirLocateDebugLib +// sub_E10 -> LegacySmmSredirDebugPrint +// sub_E58 -> LegacySmmSredirDebugAssert +// sub_E98 -> LegacySmmSredirGetIoProtocol +// sub_F20 -> LegacySmmSredirGetDebugProtocol +// sub_1004 -> LegacySmmSredirFindRuntimeServices +// sub_1074 -> LegacySmmSredirComparePattern +// sub_10F0 -> LegacySmmSredirValidateBuffer +// sub_115C -> LegacySmmSredirDetectPlatform // EFI_STATUS EFIAPI @@ -93,6 +111,15 @@ EFI_STATUS EFIAPI +LegacySmmSredirRegisterCommunicationServices( + VOID + ) +{ + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI LegacySmmSredirDriverEntry( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable @@ -113,6 +140,14 @@ return LegacySmmSredirDriverEntry(ImageHandle, SystemTable); } +VOID +sub_93C( + VOID + ) +{ + gCommunicateDisabled = 1; +} + EFI_STATUS EFIAPI _ModuleEntryPoint( diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h index 21a69ec..f0b80fa 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h @@ -25,10 +25,10 @@ extern UINT8 gSmmMode; // 0x1A50 extern VOID *gSmmIoProtocol; // 0x1A58 extern UINT8 gSmmIoPhase; // 0x1A60 -extern VOID *gDxeDebugLib; // 0x1A68 +extern VOID *gSmmDebugLibAlt; // 0x1A68 extern VOID *gDxeIoProtocol; // 0x1A70 extern EFI_RUNTIME_SERVICES *gRTLocal; // 0x1A78 -extern VOID *gDxeDebugMask; // 0x1A80 +extern VOID *gDxeDebugLib; // 0x1A80 extern EFI_SYSTEM_TABLE *gSTLocal; // 0x1A88 extern VOID *gAmiBufferValidation;// 0x1A90 extern UINT8 gCmosValue; // 0x1A98 @@ -68,7 +68,7 @@ /// EFI_STATUS EFIAPI -sub_44C( +LegacySmmSredirAutoGenInit( VOID ); @@ -77,15 +77,131 @@ /// EFI_STATUS EFIAPI -sub_618( +LegacySmmSredirDriverEntry( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ); /// -/// Recovered semantic wrappers for sub_44C/sub_618 +/// Additional recovered internal entry helpers /// -EFI_STATUS EFIAPI LegacySmmSredirAutoGenInit(VOID); -EFI_STATUS EFIAPI LegacySmmSredirDriverEntry(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable); +EFI_STATUS EFIAPI +LegacySmmSredirRegisterCommunicationServices( + VOID +); + +EFI_STATUS EFIAPI +LegacySmmSredirMainDispatch( + VOID +); + +EFI_STATUS EFIAPI +LegacySmmSredirHandleCommunicate( + IN VOID *Context, + IN VOID *CommBuffer, + IN UINTN *CommBufferSize, + OUT VOID *CommBufferData +); + +VOID EFIAPI +LegacySmmSredirDisableCommunicateHandler( + IN EFI_HANDLE Protocol, + IN VOID *Context, + IN VOID *Registration +); + +EFI_STATUS EFIAPI +LegacySmmSredirRegisterProtocolNotification( + VOID +); + +VOID EFIAPI +LegacySmmSredirNotificationCallback( + IN EFI_HANDLE Protocol, + IN VOID *Context, + IN VOID *Communication +); + +EFI_STATUS EFIAPI +LegacySmmSredirSaveJumpContext( + IN VOID *JumpBuffer +); + +VOID +LegacySmmSredirRestoreJumpContext( + IN VOID *JumpBuffer +); + +VOID +LegacySmmSredirValidateJumpContext( + IN VOID *JumpBuffer +); + +EFI_STATUS EFIAPI +LegacySmmSredirLocateDebugLib( + VOID +); + +VOID +LegacySmmSredirDebugPrint( + IN UINTN ErrorLevel, + IN CHAR8 *Format, + ... +); + +VOID +LegacySmmSredirDebugAssert( + IN CHAR16 *FileName, + IN INTN LineNumber, + IN CHAR8 *Description, + IN CHAR8 *Assertion, + IN BOOLEAN AssertType +); + +VOID * +LegacySmmSredirGetIoProtocol( + VOID +); + +VOID * +LegacySmmSredirGetDebugProtocol( + VOID +); + +EFI_STATUS EFIAPI +LegacySmmSredirFindRuntimeServices( + VOID +); + +BOOLEAN +LegacySmmSredirComparePattern( + IN VOID *Left, + IN VOID *Right, + IN UINTN Size +); + +EFI_STATUS +LegacySmmSredirValidateBuffer( + IN VOID *Address, + IN UINTN Length, + IN BOOLEAN ForWrite +); + +EFI_STATUS +LegacySmmSredirDetectPlatform( + VOID +); + +EFI_STATUS EFIAPI +sub_44C( + VOID +); + +EFI_STATUS EFIAPI +sub_618( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable +); + #endif /* __LEGACYSMMSREDIR_H__ */ diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md index 79d9ad2..b6edec2 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md @@ -15,24 +15,24 @@ | 0x420 | _ModuleEntryPoint / ModuleEntryPoint alias | Standard UEFI SMM driver entry; calls init then dispatch | | 0x44C | LegacySmmSredirAutoGenInit (`sub_44C`) | AutoGen library init: saves ImageHandle, SystemTable, BootServices, RuntimeServices; locates SmmBase2 protocol and SMM buffer validation protocol | | 0x618 | LegacySmmSredirDriverEntry (`sub_618`) | Driver main entry: checks if board supports legacy serial redirect (sub_2A0/setjmp), then dispatches to main logic (sub_C58) and cleans up | -| 0xC58 | sub_C58 | Primary dispatch: locates SmmBase2 protocol, opens SMM subsystem interface, initializes globals, calls sub_9E8 for registration | -| 0x9E8 | sub_9E8 | Registration function: opens SMM Internal protocol, registers SMM communicate handler (sub_6CC) with EFI_SMM_COMMUNICATE_HEADER protocol, registers notification handlers and SW dispatch | -| 0x6CC | sub_6CC | Core SMM communicate handler: receives structured commands (read/1, write/2, fill/3) targeting an I/O base; validates buffer via AmiBufferValidationLib; performs typed 8/16/32-bit indexed I/O access | -| 0x93C | sub_93C | Disable handler: sets byte_19F9 = 1 to globally disable the communicate handler | -| 0x944 | sub_944 | Notification registration: registers sub_93C as a notification handler on two SMM protocol GUIDs | -| 0x9C0 | sub_9C0 | Notification callback: captures the communicate buffer pointer and invokes SMM-appropriate completion callback | -| 0x2A0 | sub_2A0 | SetJump context save: saves all GPRs (rbx, rbp, rdi, rsi, r12-r15, return address), MXCSR, and XMM6-XMM15 into a 248-byte jump buffer | -| 0x340 | sub_340 | LongJump context restore: restores MXCSR and jumps through saved return address | -| 0xD78 | sub_D78 | SetJump buffer validation: asserts non-null and 8-byte alignment | -| 0xDC0 | sub_DC0 | Locate DebugLib protocol lazily via gSmst | -| 0xE10 | sub_E10 | Debug print with level check: prints via DebugLib protocol if error level matches | -| 0xE58 | sub_E58 | Debug ASSERT message: ASSERT-style formatted output via DebugLib protocol | -| 0xE98 | sub_E98 | Locate SMM or DXE I/O protocol based on phase (byte_1A50) | -| 0xF20 | sub_F20 | Locate DebugLib protocol for SMM or DXE phase based on byte_1A50 | -| 0x1004 | sub_1004 | Find runtime services pointer: traverses SMM protocol database entries, filtering by sub_1074 match check | -| 0x1074 | sub_1074 | Memory comparison against unk_19E0 pattern (memcmp variant with alignment handling) | -| 0x10F0 | sub_10F0 | SMM buffer security validation wrapper: calls AmiBufferValidationLib to validate an address/size region | -| 0x115C | sub_115C | CMOS-based platform detection: reads CMOS offset 0x4C (RTC register 0x4C), checks for platform-specific serial redirection support; returns EFI_SUCCESS or EFI_UNSUPPORTED based on CMOS byte | +| 0xC58 | LegacySmmSredirMainDispatch (`sub_C58`) | Primary dispatch: locates SmmBase2 protocol, opens SMM subsystem interface, initializes globals, calls sub_9E8 for registration | +| 0x9E8 | LegacySmmSredirRegisterCommunicationServices (`sub_9E8`) | Registration function: opens SMM Internal protocol, registers SMM communicate handler (sub_6CC) with EFI_SMM_COMMUNICATE_HEADER protocol, registers notification handlers and SW dispatch | +| 0x6CC | LegacySmmSredirHandleCommunicate (`sub_6CC`) | Core SMM communicate handler: receives structured commands (read/1, write/2, fill/3) targeting an I/O base; validates buffer via AmiBufferValidationLib; performs typed 8/16/32-bit indexed I/O access | +| 0x93C | LegacySmmSredirDisableCommunicateHandler (`sub_93C`) | Disable handler: sets byte_19F9 = 1 to globally disable the communicate handler | +| 0x944 | LegacySmmSredirRegisterProtocolNotification (`sub_944`) | Notification registration: registers sub_93C as a notification handler on two SMM protocol GUIDs | +| 0x9C0 | LegacySmmSredirNotificationCallback (`sub_9C0`) | Notification callback: captures the communicate buffer pointer and invokes SMM-appropriate completion callback | +| 0x2A0 | LegacySmmSredirSaveJumpContext (`sub_2A0`) | SetJump context save: saves all GPRs (rbx, rbp, rdi, rsi, r12-r15, return address), MXCSR, and XMM6-XMM15 into a 248-byte jump buffer | +| 0x340 | LegacySmmSredirRestoreJumpContext (`sub_340`) | LongJump context restore: restores MXCSR and jumps through saved return address | +| 0xD78 | LegacySmmSredirValidateJumpContext (`sub_D78`) | SetJump buffer validation: asserts non-null and 8-byte alignment | +| 0xDC0 | LegacySmmSredirLocateDebugLib (`sub_DC0`) | Locate DebugLib protocol lazily via gSmst | +| 0xE10 | LegacySmmSredirDebugPrint (`sub_E10`) | Debug print with level check: prints via DebugLib protocol if error level matches | +| 0xE58 | LegacySmmSredirDebugAssert (`sub_E58`) | Debug ASSERT message: ASSERT-style formatted output via DebugLib protocol | +| 0xE98 | LegacySmmSredirGetIoProtocol (`sub_E98`) | Locate SMM or DXE I/O protocol based on phase (byte_1A50) | +| 0xF20 | LegacySmmSredirGetDebugProtocol (`sub_F20`) | Locate DebugLib protocol for SMM or DXE phase based on byte_1A50 | +| 0x1004 | LegacySmmSredirFindRuntimeServices (`sub_1004`) | Find runtime services pointer: traverses SMM protocol database entries, filtering by sub_1074 match check | +| 0x1074 | LegacySmmSredirComparePattern (`sub_1074`) | Memory comparison against unk_19E0 pattern (memcmp variant with alignment handling) | +| 0x10F0 | LegacySmmSredirValidateBuffer (`sub_10F0`) | SMM buffer security validation wrapper: calls AmiBufferValidationLib to validate an address/size region | +| 0x115C | LegacySmmSredirDetectPlatform (`sub_115C`) | CMOS-based platform detection: reads CMOS offset 0x4C (RTC register 0x4C), checks for platform-specific serial redirection support; returns EFI_SUCCESS or EFI_UNSUPPORTED based on CMOS byte | ## Entry Points (Public API) @@ -41,11 +41,11 @@ ## Internal Call Flow 1. `_ModuleEntryPoint` (0x420) -2. `sub_44C` (0x44C) -- saves UEFI handles, locates SmmBase2 and AmiBufferValidationLib protocols -3. `sub_618` (0x618) -- calls sub_2A0/setjmp to check if board is supported (CMOS check); dispatches to sub_C58 -4. `sub_C58` (0xC58) -- locates SMM subsystem, initializes I/O protocol, calls sub_9E8 -5. `sub_9E8` (0x9E8) -- registers sub_6CC as SMM communicate handler (65 = EFI_SMM_COMMUNICATE_HEADER) + notification callbacks -6. `sub_6CC` (0x6CC) -- the actual communicate handler servicing read/write/fill commands from the caller +2. `LegacySmmSredirAutoGenInit`/`sub_44C` (0x44C) -- saves UEFI handles, locates SmmBase2 and AmiBufferValidationLib protocols +3. `LegacySmmSredirDriverEntry`/`sub_618` (0x618) -- calls `LegacySmmSredirSaveJumpContext`/`sub_2A0` (setjmp) to check board support; dispatches to `LegacySmmSredirMainDispatch`/`sub_C58` +4. `LegacySmmSredirMainDispatch`/`sub_C58` (0xC58) -- locates SMM subsystem, initializes I/O protocol, calls `LegacySmmSredirRegisterCommunicationServices`/`sub_9E8` +5. `LegacySmmSredirRegisterCommunicationServices`/`sub_9E8` (0x9E8) -- registers `LegacySmmSredirHandleCommunicate`/`sub_6CC` as SMM communicate handler (65 = EFI_SMM_COMMUNICATE_HEADER) + notification callbacks +6. `LegacySmmSredirHandleCommunicate`/`sub_6CC` (0x6CC) -- the actual communicate handler servicing read/write/fill commands from the caller ## State Management @@ -65,10 +65,10 @@ | 0x1A50 | byte_1A50 | Phase flag (1 = SMM, 0 = DXE) | | 0x1A58 | qword_1A58 | SMM I/O protocol | | 0x1A60 | byte_1A60 | Phase marker for protocol initialization | -| 0x1A68 | qword_1A68 | SMM DebugLib protocol | +| 0x1A68 | qword_1A68 | gSmmDebugLibAlt (SMM DebugLib protocol) | | 0x1A70 | qword_1A70 | DXE I/O protocol | | 0x1A78 | qword_1A78 | RuntimeServices (local copy) | -| 0x1A80 | qword_1A80 | DXE DebugLib protocol | +| 0x1A80 | qword_1A80 | gDxeDebugLib (DXE DebugLib protocol) | | 0x1A88 | qword_1A88 | SystemTable (local copy) | | 0x1A90 | qword_1A90 | AmiBufferValidationLib protocol | | 0x1A98 | byte_1A98 | CMOS register value scratch | @@ -85,6 +85,11 @@ `gST`, `gBS`, `gImageHandle`, `gRT`, `gSmst`, `gSmmMode`, `gSmmIoProtocol`, `gDataWidth`, `gCommunicateDisabled`, `gSmmCommunicateBuffer`, etc. +## Module/file split notes + +- `LegacySmmSredir.md`: decompiler behavior and flow notes for this module. +- `LegacySmmSredir.c/.h`: recovery naming table and symbol alias surface (`qword_*`/`byte_*` to semantic names, function alias map). + ## Data Structures - **Jump Buffer** at struct pointed to by sub_2A0 (0x2A0): 248 bytes = 8 GPRs (0x00-0x3F), return addr (0x40-0x47), call-thunk ptr (0x48), MXCSR (0x50), 10 XMM regs (0x58-0xE8) diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md index cbf78b1..f160383 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md @@ -11,19 +11,24 @@ ## Key Functions -- **_ModuleEntryPoint** (0x420) -- Standard SMM entry; calls init then dispatch -- **LegacySmmSredirAutoGenInit / sub_44C** (0x44C) -- AutoGen library init; locates SmmBase2 and AmiBufferValidationLib -- **LegacySmmSredirDriverEntry / sub_618** (0x618) -- Main entry; checks board support via CMOS, dispatches to main logic -- **sub_C58** (0xC58) -- Primary dispatch; opens SMM subsystem, initializes globals -- **sub_9E8** (0x9E8) -- Registers communicate handler, SW dispatch, and notification callbacks -- **sub_6CC** (0x6CC) -- Core handler: decodes read(1)/write(2)/fill(3) commands with width support -- **sub_115C** (0x115C) -- CMOS 0x4C platform detection +- **_ModuleEntryPoint / ModuleEntryPoint** (0x420) -- Standard SMM entry; calls init then dispatch +- **LegacySmmSredirAutoGenInit** (`sub_44C`) (0x44C) -- AutoGen library init; locates SmmBase2 and AmiBufferValidationLib +- **LegacySmmSredirDriverEntry** (`sub_618`) (0x618) -- Main entry; checks board support via CMOS, dispatches to main logic +- **LegacySmmSredirMainDispatch** (`sub_C58`) (0xC58) -- Primary dispatch; opens SMM subsystem, initializes globals +- **LegacySmmSredirRegisterCommunicationServices** (`sub_9E8`) (0x9E8) -- Registers communicate handler, SW dispatch, and notification callbacks +- **LegacySmmSredirHandleCommunicate** (`sub_6CC`) (0x6CC) -- Core handler: decodes read(1)/write(2)/fill(3) commands with width support +- **LegacySmmSredirDetectPlatform** (`sub_115C`) (0x115C) -- CMOS 0x4C platform detection ## Recovered Name Mapping (current) - `ModuleEntryPoint` is kept as a compatibility alias to `_ModuleEntryPoint`. - `qword_*` and `byte_*` symbols in the decomp notes are now mapped to recovered names in `LegacySmmSredir.c/h` (`gST`, `gBS`, `gSmst`, `gSmmMode`, ...). +## Module/file split notes + +- `LegacySmmSredir.md` carries the detailed behavior and control-flow reconstruction. +- `LegacySmmSredir.c/.h` carry the normalized naming surface used for subsequent recovery. + ## Protocols - **SmmBase2** -- SMM entry; **AmiBufferValidationLib** -- buffer security check diff --git a/AmiModulePkg/PCI/SmmPciRbIo/README.md b/AmiModulePkg/PCI/SmmPciRbIo/README.md index c133ffb..104ff5c 100644 --- a/AmiModulePkg/PCI/SmmPciRbIo/README.md +++ b/AmiModulePkg/PCI/SmmPciRbIo/README.md @@ -17,14 +17,26 @@ ## Key Functions -- `ModuleEntryPoint` - SMM entry; library init and PCI RbIo setup -- `SmmPciRbIoLibraryConstructor` (recovered from `sub_544`) - AutoGen library constructor -- `SmmPciRbIoInitialize` (recovered from `sub_1148`) - core PCI Root Bridge I/O initialization -- `SmmPciRbIoLibraryDestructor` (recovered from `sub_1530`) - library destructor -- `SmmPciRbIoUnload` (recovered from `sub_340`) - manual unload handler -- `SmmPciRbIoFailurePath` (recovered from `sub_1664`) - failure-path handler -- `SmmPciRbIoNeedsInitialization` (recovered from `sub_2A0`) - early PCI configuration-space enumeration -- `SmmPciRbIoAssertionFailure` (recovered from `sub_14F0`) - assertion/guard path retained from AutoGen +- `ModuleEntryPoint` — SMM entry; library init and PCI RbIo setup. +- `SmmPciRbIoLibraryConstructor` — AutoGen library constructor. +- `SmmPciRbIoInitialize` — Core PCI Root Bridge I/O initialization. +- `SmmPciRbIoLibraryDestructor` — Library destructor. +- `SmmPciRbIoUnload` — Manual unload/unregister handler. +- `SmmPciRbIoFailurePath` — Failure-path handler. +- `SmmPciRbIoNeedsInitialization` — Early PCI configuration-space enumeration gate. +- `SmmPciRbIoAssertionFailure` — AutoGen assertion/guard fallback path. + +### Recovered Function Map + +| Recovered Name | Source Symbol | +|---|---| +| `SmmPciRbIoLibraryConstructor` | `sub_544` | +| `SmmPciRbIoInitialize` | `sub_1148` | +| `SmmPciRbIoLibraryDestructor` | `sub_1530` | +| `SmmPciRbIoUnload` | `sub_340` | +| `SmmPciRbIoAssertionFailure` | `sub_14F0` | +| `SmmPciRbIoFailurePath` | `sub_1664` | +| `SmmPciRbIoNeedsInitialization` | `sub_2A0` | ## Protocols diff --git a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.c b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.c index 933b6a6..b7542c5 100644 --- a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.c +++ b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.c @@ -1,8 +1,7 @@ /** @file SmmPciRbIo.c -- SmmPciRbIo - Auto-converted from IDA decompiler output. - Functions: 1 + Recoverable SMM PCI RbIo entrypoint stub. Copyright (c) HR650X BIOS Decompilation Project **/ diff --git a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.h b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.h index 399776f..d54a54e 100644 --- a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.h +++ b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.h @@ -27,7 +27,7 @@ ); /// -/// Recovered from module docs: SMM/UEFI library bootstrap / constructor path. +/// SMM/UEFI library bootstrap constructor. /// EFI_STATUS EFIAPI @@ -36,7 +36,7 @@ ); /// -/// Recovered from module docs: core PCI root bridge I/O initialization path. +/// Core PCI root bridge I/O initialization entry. /// EFI_STATUS EFIAPI @@ -46,7 +46,7 @@ ); /// -/// Recovered from module docs: library-destructor side of initialization. +/// Library destructor for SMM PCI RbIo cleanup. /// EFI_STATUS EFIAPI @@ -55,7 +55,7 @@ ); /// -/// Recovered from module docs: module unload callback/unregister path. +/// Module unload callback used for teardown/unregister. /// EFI_STATUS EFIAPI @@ -65,7 +65,7 @@ ); /// -/// Module-local assertion helper (decompiler placeholder for AutoGen ASSERT path). +/// AutoGen assertion fallback helper. /// EFI_STATUS EFIAPI @@ -76,7 +76,7 @@ ); /// -/// Recovered from module docs: early PCI-config-space enumeration pre-check. +/// Early PCI configuration-space enumeration gate. /// EFI_STATUS EFIAPI @@ -85,7 +85,7 @@ ); /// -/// Recovered from module docs: failure-path handler. +/// Failure-path handler. /// EFI_STATUS EFIAPI diff --git a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.md b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.md index 4db16f6..338d5a8 100644 --- a/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.md +++ b/AmiModulePkg/PCI/SmmPciRbIo/SmmPciRbIo.md @@ -2,16 +2,21 @@ ## Function Table -| Source Address | Recovered Name | Description | -|----------------|----------------|-------------| -| `ModuleEntryPoint` | `ModuleEntryPoint` | SMM entrypoint and orchestration path. | -| `sub_544` | `SmmPciRbIoLibraryConstructor` | Auto-generated library constructor path. | -| `sub_1148` | `SmmPciRbIoInitialize` | Core PCI Root Bridge I/O initialization. | -| `sub_2A0` | `SmmPciRbIoNeedsInitialization` | Early PCI configuration-space enumeration gate. | -| `sub_1530` | `SmmPciRbIoLibraryDestructor` | Teardown helper. | -| `sub_340` | `SmmPciRbIoUnload` | Manual unload / unregister path. | -| `sub_14F0` | `SmmPciRbIoAssertionFailure` | AutoGen assertion fallback function. | -| `sub_1664` | `SmmPciRbIoFailurePath` | Failure-path handler. | +| Recovered Name | Source Symbol | Description | +|----------------|---------------|-------------| +| `ModuleEntryPoint` | n/a | SMM entrypoint and orchestration path. | +| `SmmPciRbIoLibraryConstructor` | `sub_544` | Auto-generated library constructor path. | +| `SmmPciRbIoInitialize` | `sub_1148` | Core PCI Root Bridge I/O initialization. | +| `SmmPciRbIoNeedsInitialization` | `sub_2A0` | Early PCI configuration-space enumeration gate. | +| `SmmPciRbIoLibraryDestructor` | `sub_1530` | Teardown helper. | +| `SmmPciRbIoUnload` | `sub_340` | Manual unload / unregister path. | +| `SmmPciRbIoAssertionFailure` | `sub_14F0` | AutoGen assertion fallback function. | +| `SmmPciRbIoFailurePath` | `sub_1664` | Failure-path handler. | + +### Module/File Split Notes + +- `SmmPciRbIo.c` keeps `ModuleEntryPoint` orchestration. +- `SmmPciRbIo.h` declares the recovered entry, bootstrap, lifecycle, unload, and failure helpers used by the entrypoint file. ### Recovered Variables diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md b/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md index d7eeed5..d995d1a 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md @@ -8,15 +8,19 @@ ## Overview Minimal UEFI SMM runtime driver that bridges boot-time and SMM runtime services. Initializes global pointers to Boot Services, Runtime Services, and System Table; locates the SmmBase2 protocol to obtain the SMM Services Table (gSmst); registers a protocol notification handler for the SMM Runtime Services Table protocol. Uses SetJump/LongJump for error recovery. Has no import table -- all protocol interfaces resolved via LocateProtocol. +## Module Layout +- Recovered into a single implementation unit: `RuntimeSmm.c` with companion declarations in `RuntimeSmm.h`. +- Symbol recovery applied for function/variable names where map evidence was explicit; no local file split was identified in evidence. + ## Key Functions - **_ModuleEntryPoint** -- recovered module entry symbol (maps to SMM entry) - **ModuleEntryPoint** -- local compatibility wrapper preserved in source for symbol continuity -- **sub_44C** -- Initializes gImageHandle, gST, gBS, gRT, locates SmmBase2, retrieves gSmst -- **sub_58C** -- Main dispatch: SetJump error recovery, calls sub_768 init, cleans up with LongJump -- **sub_768** -- Driver init: caches system tables, locates SMM Runtime Services Table protocol, calls its callback, installs protocol handlers -- **sub_300 / sub_3A0** -- SetJump/LongJump: saves/restores GP registers, XMM registers, MXCSR into 248-byte buffer -- **sub_64C** -- Allocates buffer with protocol GUID data, registers via SmmRegisterProtocolNotify -- **sub_9F8 / sub_A80** -- Protocol registration for Runtime Services and Status Code in both SMM and boot modes +- **RuntimeSmmCacheSystemServices** (`sub_44C`) -- Initializes gImageHandle, gST, gBS, gRT, locates SmmBase2, retrieves gSmst +- **RuntimeSmmInitJumpState** (`sub_58C`) -- Main dispatch: SetJump error recovery, calls `RuntimeSmmInitialize` (`sub_768`) init, cleans up with LongJump +- **RuntimeSmmInitialize** (`sub_768`) -- Driver init: caches system tables, locates SMM Runtime Services Table protocol, calls its callback, installs protocol handlers +- **RuntimeSmmSetJump / RuntimeSmmLongJump** (`sub_300`/`sub_3A0`) -- SetJump/LongJump: saves/restores GP registers, XMM registers, MXCSR into 248-byte buffer +- **RuntimeSmmRegisterProtocolNotifyTable** (`sub_64C`) -- Allocates buffer with protocol GUID data, registers via SmmRegisterProtocolNotify +- **RuntimeSmmRegisterRuntimeServices / RuntimeSmmRegisterStatusCodeProtocol** (`sub_9F8`/`sub_A80`) -- Protocol registration for Runtime Services and Status Code in both SMM and boot modes ## Protocols - SmmBase2 protocol (SMM_SERVICES_TABLE_GUID) diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.c b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.c index 8ab958b..712fb99 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.c +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.c @@ -9,113 +9,94 @@ #include "RuntimeSmm.h" -// ============================================================================ -// Recovered module-level symbols and globals -// ============================================================================ +// Recovered module globals (symbol names preferred in docs + map compatibility aliases). +EFI_HANDLE gImageHandle; // 0x1300 +EFI_SYSTEM_TABLE *gST; // 0x12F0 +EFI_RUNTIME_SERVICES *gRT; // 0x1308 +EFI_BOOT_SERVICES *gBS; // 0x1320 +EFI_STATUS_CODE_PROTOCOL *mDebugProtocol; // 0x1318 +EFI_RUNTIME_SERVICES *RuntimeServices; // 0x1328 +VOID *gSmst; // 0x1330 / 0x1310 +UINT8 mSmmMode; // 0x1338 +VOID *mRuntimeServicesProtocolSmm; // 0x1340 +UINT8 mInSmmMode; // 0x1348 +VOID *mStatusCodeProtocolSmm; // 0x1350 +VOID *mRuntimeServicesProtocolBoot; // 0x1358 +VOID *mSmmRuntimeServicesTable; // 0x1360 +VOID *mStatusCodeProtocolBoot; // 0x1368 +UINT8 mCmosByte; // 0x1378 +UINT8 gSetJumpBuffer[248]; // 0x1380 -EFI_HANDLE gImageHandle; // 0x1300 -EFI_HANDLE qword_1300; // 0x1300 -EFI_SYSTEM_TABLE *qword_12F0; // 0x12F0 -EFI_SYSTEM_TABLE *gST; // 0x12F0 -EFI_RUNTIME_SERVICES *qword_1308; // 0x1308 -EFI_RUNTIME_SERVICES *gRT; // 0x1308 -EFI_RUNTIME_SERVICES *qword_1308_alias; // 0x1308 alias -EFI_BOOT_SERVICES *qword_1320; // 0x1320 -EFI_BOOT_SERVICES *BootServices; // 0x1320 -EFI_BOOT_SERVICES *gBS; // 0x1320 -UINT64 *qword_1330; // 0x1330 -VOID *gSmst; // 0x1330 -EFI_SYSTEM_TABLE *qword_1310; // 0x1310 -EFI_STATUS_CODE_PROTOCOL *qword_1318; // 0x1318 -EFI_RUNTIME_SERVICES *RuntimeServices; // 0x1328 -EFI_STATUS_CODE_PROTOCOL *qword_1340; // 0x1340 -VOID *qword_1340_ptr; // 0x1340 -UINT8 byte_1338; // 0x1338 -UINT8 byte_1348; // 0x1348 -UINT8 n3; // 0x1378 -UINT8 unk_1380[248]; // 0x1380 -EFI_HANDLE qword_1348; // 0x1348 -EFI_HANDLE qword_1350; // 0x1350 -EFI_HANDLE qword_1358; // 0x1358 -EFI_HANDLE qword_1360; // 0x1360 -EFI_HANDLE qword_1368; // 0x1368 -EFI_SYSTEM_TABLE *qword_1370; // 0x1370 -EFI_GUID unk_1280; // 0x1280 -EFI_GUID unk_1290; // 0x1290 -EFI_GUID unk_12A0; // 0x12A0 -EFI_GUID unk_12B0; // 0x12B0 -EFI_GUID unk_12C0; // 0x12C0 -EFI_GUID unk_12D0; // 0x12D0 -EFI_GUID unk_12E0; // 0x12E0 +EFI_GUID gEfiSmmStatusCodeProtocolGuid; // 0x1280 +EFI_GUID gEfiStatusCodeRuntimeProtocolGuid; // 0x1290 +EFI_GUID gEfiSmmBaseProtocolGuid; // 0x12A0 +EFI_GUID gRuntimeSmmCallbackProtocolGuid; // 0x12B0 +EFI_GUID gRuntimeServicesProtocolGuid; // 0x12C0 +EFI_GUID gSmmRuntimeServicesProtocolGuid; // 0x12D0 +EFI_GUID gSmmRuntimeServicesTableGuid; // 0x12E0 -// ============================================================================ -// Recovered function map -// ============================================================================ +// +// Recovered function names +// -/** - * _ModuleEntryPoint -- recovered symbol from RuntimeSmm.md - */ EFI_STATUS EFIAPI -_ModuleEntryPoint ( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable - ) -{ - sub_44C(); - return sub_58C(ImageHandle, SystemTable); -} - -/** - * ModuleEntryPoint -- compatibility shim kept for local references. - */ -EFI_STATUS -EFIAPI -ModuleEntryPoint ( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable - ) -{ - return _ModuleEntryPoint(ImageHandle, SystemTable); -} - -/** - * sub_44C -- recovered global init: captures system table pointers and - * locates SMM runtime context. - */ -EFI_STATUS -EFIAPI -sub_44C ( +RuntimeSmmCacheSystemServices ( VOID ) { - gImageHandle = (EFI_HANDLE)0; - qword_12F0 = (EFI_SYSTEM_TABLE *)0; + gImageHandle = NULL; gST = NULL; - gBS = qword_1320; - gRT = qword_1308; - gSmst = qword_1330; + gBS = NULL; + gRT = NULL; + gSmst = NULL; return EFI_SUCCESS; } -/** - * sub_58C -- recovered main dispatch and error-recovery wrapper. - */ EFI_STATUS EFIAPI -sub_58C ( +RuntimeSmmDispatch ( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable ) { (VOID)ImageHandle; (VOID)SystemTable; - return sub_768(); + return RuntimeSmmInitialize(); +} + +VOID +EFIAPI +RuntimeSmmSetJump ( + VOID + ) +{ +} + +VOID +EFIAPI +RuntimeSmmLongJump ( + VOID + ) +{ } EFI_STATUS EFIAPI -sub_640 ( +RuntimeSmmInitJumpState ( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable + ) +{ + (VOID)ImageHandle; + (VOID)SystemTable; + RuntimeSmmCacheSystemServices(); + return RuntimeSmmDispatch(ImageHandle, SystemTable); +} + +EFI_STATUS +EFIAPI +RuntimeSmmDefaultProtocolNotifyHandler ( VOID ) { @@ -124,7 +105,7 @@ EFI_STATUS EFIAPI -sub_64C ( +RuntimeSmmRegisterProtocolNotifyTable ( VOID ) { @@ -133,7 +114,7 @@ EFI_STATUS EFIAPI -sub_768 ( +RuntimeSmmInitialize ( VOID ) { @@ -142,7 +123,7 @@ EFI_STATUS EFIAPI -sub_888 ( +RuntimeSmmLocateDebugProtocol ( VOID ) { @@ -151,7 +132,7 @@ EFI_STATUS EFIAPI -sub_8D8 ( +RuntimeSmmReportStatusCodeHandler ( VOID ) { @@ -160,7 +141,7 @@ EFI_STATUS EFIAPI -sub_920 ( +RuntimeSmmReportStatusCodeExHandler ( VOID ) { @@ -169,7 +150,7 @@ EFI_STATUS EFIAPI -sub_960 ( +RuntimeSmmReadRuntimeModeFromCmos ( VOID ) { @@ -178,7 +159,7 @@ EFI_STATUS EFIAPI -sub_9B0 ( +RuntimeSmmValidateJumpBuffer ( VOID ) { @@ -187,7 +168,7 @@ EFI_STATUS EFIAPI -sub_9F8 ( +RuntimeSmmRegisterRuntimeServices ( VOID ) { @@ -196,7 +177,7 @@ EFI_STATUS EFIAPI -sub_A80 ( +RuntimeSmmRegisterStatusCodeProtocol ( VOID ) { @@ -205,7 +186,7 @@ EFI_STATUS EFIAPI -sub_B64 ( +RuntimeSmmFindCallbackProtocol ( VOID ) { @@ -214,27 +195,29 @@ EFI_STATUS EFIAPI -sub_BD4 ( +RuntimeSmmCompareGuid ( VOID ) { return EFI_SUCCESS; } -// SetJump/LongJump helpers are intentionally left as stubs in this recovery pass -// to preserve symbol names and module layout while avoiding fabricated logic. -VOID +EFI_STATUS EFIAPI -sub_300 ( - VOID +_ModuleEntryPoint ( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable ) { + return RuntimeSmmInitJumpState(ImageHandle, SystemTable); } -VOID +EFI_STATUS EFIAPI -sub_3A0 ( - VOID +ModuleEntryPoint ( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable ) { + return _ModuleEntryPoint(ImageHandle, SystemTable); } diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.h b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.h index 92b7d59..fcbe736 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.h +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.h @@ -1,7 +1,6 @@ /** @file RuntimeSmm.h -- Header for RuntimeSmm - Copyright (c) HR650X BIOS Decompilation Project **/ @@ -11,211 +10,191 @@ #include "../uefi_headers/Uefi.h" // -// Function Prototypes +// Recovered high-level symbols. // -/// -/// ModuleEntryPoint -- UEFI entry point / initialization function -/// -EFI_STATUS -EFIAPI -ModuleEntryPoint( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable -); - -/// -/// _ModuleEntryPoint -- recovered symbol name from local symbol map -/// EFI_STATUS EFIAPI _ModuleEntryPoint( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable -); + ); -/// -/// sub_44C -/// EFI_STATUS EFIAPI -sub_44C( - VOID -); - -/// -/// sub_58C -/// -EFI_STATUS -EFIAPI -sub_58C( +ModuleEntryPoint( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable -); + ); -/// -/// SetJump implementation (recovered symbol name) -/// +EFI_STATUS +EFIAPI +RuntimeSmmCacheSystemServices( + VOID + ); + +EFI_STATUS +EFIAPI +RuntimeSmmDispatch( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable + ); + +EFI_STATUS +EFIAPI +RuntimeSmmInitJumpState( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable + ); + VOID EFIAPI -sub_300( +RuntimeSmmSetJump( VOID -); + ); -/// -/// LongJump implementation (recovered symbol name) -/// VOID EFIAPI -sub_3A0( +RuntimeSmmLongJump( VOID -); + ); -/// -/// sub_640 -/// EFI_STATUS EFIAPI -sub_640( +RuntimeSmmDefaultProtocolNotifyHandler( VOID -); + ); -/// -/// sub_64C -/// EFI_STATUS EFIAPI -sub_64C( +RuntimeSmmRegisterProtocolNotifyTable( VOID -); + ); -/// -/// sub_768 -/// EFI_STATUS EFIAPI -sub_768( +RuntimeSmmInitialize( VOID -); + ); -/// -/// sub_888 -/// EFI_STATUS EFIAPI -sub_888( +RuntimeSmmLocateDebugProtocol( VOID -); + ); -/// -/// sub_8D8 -/// EFI_STATUS EFIAPI -sub_8D8( +RuntimeSmmReportStatusCodeHandler( VOID -); + ); -/// -/// sub_920 -/// EFI_STATUS EFIAPI -sub_920( +RuntimeSmmReportStatusCodeExHandler( VOID -); + ); -/// -/// sub_960 -/// EFI_STATUS EFIAPI -sub_960( +RuntimeSmmReadRuntimeModeFromCmos( VOID -); + ); -/// -/// sub_9B0 -/// EFI_STATUS EFIAPI -sub_9B0( +RuntimeSmmValidateJumpBuffer( VOID -); + ); -/// -/// sub_9F8 -/// EFI_STATUS EFIAPI -sub_9F8( +RuntimeSmmRegisterRuntimeServices( VOID -); + ); -/// -/// sub_A80 -/// EFI_STATUS EFIAPI -sub_A80( +RuntimeSmmRegisterStatusCodeProtocol( VOID -); + ); -/// -/// sub_B64 -/// EFI_STATUS EFIAPI -sub_B64( +RuntimeSmmFindCallbackProtocol( VOID -); + ); -/// -/// sub_BD4 -/// EFI_STATUS EFIAPI -sub_BD4( +RuntimeSmmCompareGuid( VOID -); + ); // -// Recovered global variable names from local md/README evidence +// Recovered globals. // +extern EFI_HANDLE gImageHandle; // 0x1300 +extern EFI_SYSTEM_TABLE *gST; // 0x12F0 +extern EFI_RUNTIME_SERVICES *gRT; // 0x1308 +extern EFI_BOOT_SERVICES *gBS; // 0x1320 +extern EFI_STATUS_CODE_PROTOCOL *mDebugProtocol; // 0x1318 +extern EFI_RUNTIME_SERVICES *RuntimeServices; // 0x1328 +extern VOID *gSmst; // 0x1330 / 0x1310 +extern UINT8 mSmmMode; // 0x1338 +extern VOID *mRuntimeServicesProtocolSmm; // 0x1340 +extern UINT8 mInSmmMode; // 0x1348 +extern VOID *mStatusCodeProtocolSmm; // 0x1350 +extern VOID *mRuntimeServicesProtocolBoot; // 0x1358 +extern VOID *mSmmRuntimeServicesTable; // 0x1360 +extern VOID *mStatusCodeProtocolBoot; // 0x1368 +extern UINT8 mCmosByte; // 0x1378 +extern UINT8 gSetJumpBuffer[248]; // 0x1380 -extern EFI_HANDLE gImageHandle; // 0x1300 (qword_1300 in map) -extern EFI_HANDLE qword_1300; // 0x1300 -extern EFI_SYSTEM_TABLE *qword_12F0; // 0x12F0 -extern EFI_SYSTEM_TABLE *gST; // 0x12F0 -extern EFI_RUNTIME_SERVICES *qword_1308; // 0x1308 (gRT) -extern EFI_RUNTIME_SERVICES *qword_1308_alias; // 0x1308 alias for map variant -extern EFI_RUNTIME_SERVICES *gRT; // 0x1308 -extern EFI_BOOT_SERVICES *qword_1320; // 0x1320 -extern EFI_BOOT_SERVICES *BootServices; // 0x1320 -extern EFI_BOOT_SERVICES *gBS; // 0x1320 -extern UINT64 *qword_1330; // 0x1330 (gSmst) -extern VOID *gSmst; // 0x1330 -extern EFI_SYSTEM_TABLE *qword_1310; // 0x1310 (map variant for gSmst reference) -extern EFI_STATUS_CODE_PROTOCOL *qword_1318; // 0x1318 -extern EFI_RUNTIME_SERVICES *RuntimeServices; // 0x1328 (boot-time alias) -extern EFI_STATUS_CODE_PROTOCOL *qword_1340; // 0x1340 -extern VOID *qword_1340_ptr; // 0x1340 (alternate alias name) -extern UINT8 byte_1338; // 0x1338 -extern UINT8 byte_1348; // 0x1348 -extern UINT8 n3; // 0x1378 -extern UINT8 unk_1380[248]; // 0x1380 -extern EFI_HANDLE qword_1348; // 0x1348 (raw flag alias) -extern EFI_HANDLE qword_1350; // 0x1350 -extern EFI_HANDLE qword_1358; // 0x1358 -extern EFI_HANDLE qword_1360; // 0x1360 -extern EFI_HANDLE qword_1368; // 0x1368 -extern EFI_SYSTEM_TABLE *qword_1370; // 0x1370 (SystemTable alias) -extern EFI_GUID unk_1280; // 0x1280 -extern EFI_GUID unk_1290; // 0x1290 -extern EFI_GUID unk_12A0; // 0x12A0 -extern EFI_GUID unk_12B0; // 0x12B0 -extern EFI_GUID unk_12C0; // 0x12C0 -extern EFI_GUID unk_12D0; // 0x12D0 -extern EFI_GUID unk_12E0; // 0x12E0 +extern EFI_GUID gEfiSmmStatusCodeProtocolGuid; // 0x1280 +extern EFI_GUID gEfiStatusCodeRuntimeProtocolGuid; // 0x1290 +extern EFI_GUID gEfiSmmBaseProtocolGuid; // 0x12A0 +extern EFI_GUID gRuntimeSmmCallbackProtocolGuid; // 0x12B0 +extern EFI_GUID gRuntimeServicesProtocolGuid; // 0x12C0 +extern EFI_GUID gSmmRuntimeServicesProtocolGuid; // 0x12D0 +extern EFI_GUID gSmmRuntimeServicesTableGuid; // 0x12E0 + +// Compatibility aliases for map-style names still referenced in in-repo docs. +#define qword_12F0 gST +#define qword_1308 gRT +#define qword_1300 gImageHandle +#define qword_1310 gSmst +#define qword_1320 gBS +#define qword_1318 mDebugProtocol +#define qword_1330 gSmst +#define byte_1338 mSmmMode +#define byte_1348 mInSmmMode +#define n3 mCmosByte +#define unk_1380 gSetJumpBuffer +#define qword_1280 gEfiSmmStatusCodeProtocolGuid +#define qword_1290 gEfiStatusCodeRuntimeProtocolGuid +#define qword_12A0 gEfiSmmBaseProtocolGuid +#define qword_12B0 gRuntimeSmmCallbackProtocolGuid +#define qword_12C0 gRuntimeServicesProtocolGuid +#define qword_12D0 gSmmRuntimeServicesProtocolGuid +#define qword_12E0 gSmmRuntimeServicesTableGuid + +// Compatibility aliases for decompilation symbol mapping. +#define sub_44C RuntimeSmmCacheSystemServices +#define sub_58C RuntimeSmmInitJumpState +#define sub_300 RuntimeSmmSetJump +#define sub_3A0 RuntimeSmmLongJump +#define sub_640 RuntimeSmmDefaultProtocolNotifyHandler +#define sub_64C RuntimeSmmRegisterProtocolNotifyTable +#define sub_768 RuntimeSmmInitialize +#define sub_888 RuntimeSmmLocateDebugProtocol +#define sub_8D8 RuntimeSmmReportStatusCodeHandler +#define sub_920 RuntimeSmmReportStatusCodeExHandler +#define sub_960 RuntimeSmmReadRuntimeModeFromCmos +#define sub_9B0 RuntimeSmmValidateJumpBuffer +#define sub_9F8 RuntimeSmmRegisterRuntimeServices +#define sub_A80 RuntimeSmmRegisterStatusCodeProtocol +#define sub_B64 RuntimeSmmFindCallbackProtocol +#define sub_BD4 RuntimeSmmCompareGuid #endif /* __RUNTIMESMM_H__ */ diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md index 6990687..4a58b76 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md @@ -8,44 +8,48 @@ 0x300 - 0xC40 (17 functions) +## Module Layout and Recovery Notes + +- This recovery pass keeps the original module layout: all recovered code and globals remain in `RuntimeSmm.c` and `RuntimeSmm.h` only (no split file structure was inferred from local evidence). + ## Key Functions | Address | Name | Purpose | |---------|------|---------| -| 0x300 | sub_300 | `SetJump()` implementation: captures callee-saved registers (GP + XMM) and MXCSR into a buffer, returns via computed goto | -| 0x3A0 | sub_3A0 | `LongJump()` implementation: restores MXCSR from buffer, jumps to saved return address | +| 0x300 | RuntimeSmmSetJump (`sub_300`) | `SetJump()` implementation: captures callee-saved registers (GP + XMM) and MXCSR into a buffer, returns via computed goto | +| 0x3A0 | RuntimeSmmLongJump (`sub_3A0`) | `LongJump()` implementation: restores MXCSR from buffer, jumps to saved return address | | 0x420 | _ModuleEntryPoint | Module entry point, calls init then main dispatch | -| 0x44C | sub_44C | UEFI boot/runtime service table initialization: caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, retrieves gSmst | -| 0x58C | sub_58C | Main module dispatch: calls SetJump for error recovery, invokes sub_768 (init), cleans up with LongJump, reaches unreachable ASSERT | -| 0x640 | sub_640 | Stub function returning EFI_UNSUPPORTED (0x8000000000000003) | -| 0x64C | sub_64C | Allocates buffer, copies protocol GUID data, fills entries with sub_640, calls SmmRegisterProtocolNotify to register protocol callback | -| 0x768 | sub_768 | Driver init: caches SystemTable/BootServices/RuntimeServices, locates a protocol (unk_12E0), calls its callback, optionally replaces RuntimeServices from SMM, invokes sub_9F8/sub_A80 protocol registrations, calls sub_64C | -| 0x888 | sub_888 | Gets DebugLib `ReportStatusCode` protocol via Smst->LocateProtocol (gEfiStatusCodeRuntimeProtocolGuid) | -| 0x8D8 | sub_8D8 | ASSERT handler: checks DebugLib protocol, checks severity mask via sub_960, calls ReportStatusCode if mask matches | -| 0x920 | sub_920 | ASSERT expression printer: obtains DebugLib protocol and calls its `ReportStatusCodeEx` with file/line/expression | -| 0x960 | sub_960 | Reads CMOS index 0x4C via IO ports 0x70/0x71, interprets byte 0xFDAF0490 for runtime detection, returns EFI_STATUS code indicating boot mode | -| 0x9B0 | sub_9B0 | SetJump validation: asserts JumpBuffer is non-null and 8-byte aligned | -| 0x9F8 | sub_9F8 | Protocol registration for Runtime Services: in SMM mode locates via Smst; in boot mode locates via gBS->LocateProtocol | -| 0xA80 | sub_A80 | Protocol registration for status code protocol: in SMM mode uses Smst; in boot mode allocates pool and uses gBS->LocateProtocol | -| 0xB64 | sub_B64 | Searches SMM system table entries for a matching protocol GUID (unk_12B0) and returns its associated handler pointer | -| 0xBD4 | sub_BD4 | Memory comparison function: byte-level and 8-byte-aligned compare against reference buffer (unk_12B0), returns difference | +| 0x44C | RuntimeSmmCacheSystemServices (`sub_44C`) | UEFI boot/runtime service table initialization: caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, retrieves gSmst | +| 0x58C | RuntimeSmmInitJumpState (`sub_58C`) | Main module dispatch: calls SetJump for error recovery, invokes `RuntimeSmmInitialize` (`sub_768`), cleans up with LongJump, reaches unreachable ASSERT | +| 0x640 | RuntimeSmmDefaultProtocolNotifyHandler (`sub_640`) | Stub function returning EFI_UNSUPPORTED (0x8000000000000003) | +| 0x64C | RuntimeSmmRegisterProtocolNotifyTable (`sub_64C`) | Allocates buffer, copies protocol GUID data, fills entries with `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`), calls SmmRegisterProtocolNotify to register protocol callback | +| 0x768 | RuntimeSmmInitialize (`sub_768`) | Driver init: caches SystemTable/BootServices/RuntimeServices, locates protocol `gSmmRuntimeServicesTableGuid`, calls its callback, optionally replaces RuntimeServices from SMM, invokes `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol` (`sub_9F8`/`sub_A80`) protocol registrations, calls `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) | +| 0x888 | RuntimeSmmLocateDebugProtocol (`sub_888`) | Gets DebugLib `ReportStatusCode` protocol via Smst->LocateProtocol (gEfiStatusCodeRuntimeProtocolGuid) | +| 0x8D8 | RuntimeSmmReportStatusCodeHandler (`sub_8D8`) | ASSERT handler: checks DebugLib protocol, checks severity mask via `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`), calls ReportStatusCode if mask matches | +| 0x920 | RuntimeSmmReportStatusCodeExHandler (`sub_920`) | ASSERT expression printer: obtains DebugLib protocol and calls its `ReportStatusCodeEx` with file/line/expression | +| 0x960 | RuntimeSmmReadRuntimeModeFromCmos (`sub_960`) | Reads CMOS index 0x4C via IO ports 0x70/0x71, interprets byte 0xFDAF0490 for runtime detection, returns EFI_STATUS code indicating boot mode | +| 0x9B0 | RuntimeSmmValidateJumpBuffer (`sub_9B0`) | SetJump validation: asserts JumpBuffer is non-null and 8-byte aligned | +| 0x9F8 | RuntimeSmmRegisterRuntimeServices (`sub_9F8`) | Protocol registration for Runtime Services: in SMM mode locates via Smst; in boot mode locates via gBS->LocateProtocol | +| 0xA80 | RuntimeSmmRegisterStatusCodeProtocol (`sub_A80`) | Protocol registration for status code protocol: in SMM mode uses Smst; in boot mode allocates pool and uses gBS->LocateProtocol | +| 0xB64 | RuntimeSmmFindCallbackProtocol (`sub_B64`) | Searches SMM system table entries for a matching protocol GUID (`gRuntimeSmmCallbackProtocolGuid`) and returns its associated handler pointer | +| 0xBD4 | RuntimeSmmCompareGuid (`sub_BD4`) | Memory comparison function: byte-level and 8-byte-aligned compare against reference buffer (`gRuntimeSmmCallbackProtocolGuid`), returns difference | ## Entry Points (Public API) -- 0x420 `_ModuleEntryPoint`: Called by SMM core on driver load. Calls `sub_44C()` to initialize service table globals, then `sub_58C()` as the main dispatch routine. +- 0x420 `_ModuleEntryPoint`: Called by SMM core on driver load. Calls `RuntimeSmmCacheSystemServices` (`sub_44C`) to initialize service table globals, then `RuntimeSmmInitJumpState` (`sub_58C`) as the main dispatch routine. - Local compatibility alias: `ModuleEntryPoint(ImageHandle, SystemTable)` currently forwards to `_ModuleEntryPoint(...)` to preserve current source-level entry naming while keeping the recovered symbol as primary. ## Internal Helpers -- 0x300 `sub_300`: `SetJump` -- saves full register context (15 GP regs, 10 XMM regs, MXCSR) into a 248-byte jump buffer (`unk_1380`), returns via `return v21()`. -- 0x3A0 `sub_3A0`: `LongJump` -- restores MXCSR from jump buffer and jumps to saved return address at buffer+72. -- 0x640 `sub_640`: Stub returning `0x8000000000000003` (`EFI_UNSUPPORTED`). Used as a default protocol notify handler in the registration table. -- 0x888 `sub_888`: Debug library support -- lazily locates `gEfiStatusCodeRuntimeProtocolGuid` via `gSmst->LocateProtocol`. -- 0x8D8 `sub_8D8`: ASSERT_EFI_ERROR handler -- checks DebugLib protocol and severity mask before calling `ReportStatusCode`. -- 0x920 `sub_920`: Debug ASSERT -- calls `ReportStatusCodeEx` on the DebugLib protocol with file/line/expression. -- 0x960 `sub_960`: CMOS-based runtime detection -- reads NVRAM byte at CMOS index 0x4C, checks boot mode (returns `0x80000004` for normal, `0x80000002` for S3 resume). -- 0x9B0 `sub_9B0`: SetJump buffer validation -- asserts non-null and 8-byte aligned. -- 0xBD4 `sub_BD4`: `CompareMem` against reference GUID `unk_12B0` (little-endian aligned compare with tail handling). +- 0x300 `RuntimeSmmSetJump` (`sub_300`): `SetJump` -- saves full register context (15 GP regs, 10 XMM regs, MXCSR) into a 248-byte jump buffer (`gSetJumpBuffer`), returns via `return v21()`. +- 0x3A0 `RuntimeSmmLongJump` (`sub_3A0`): `LongJump` -- restores MXCSR from jump buffer and jumps to saved return address at buffer+72. +- 0x640 `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`): Stub returning `0x8000000000000003` (`EFI_UNSUPPORTED`). Used as a default protocol notify handler in the registration table. +- 0x888 `RuntimeSmmLocateDebugProtocol` (`sub_888`): Debug library support -- lazily locates `gEfiStatusCodeRuntimeProtocolGuid` via `gSmst->LocateProtocol`. +- 0x8D8 `RuntimeSmmReportStatusCodeHandler` (`sub_8D8`): ASSERT_EFI_ERROR handler -- checks DebugLib protocol and severity mask before calling `ReportStatusCode`. +- 0x920 `RuntimeSmmReportStatusCodeExHandler` (`sub_920`): Debug ASSERT -- calls `ReportStatusCodeEx` on the DebugLib protocol with file/line/expression. +- 0x960 `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`): CMOS-based runtime detection -- reads NVRAM byte at CMOS index 0x4C, checks boot mode (returns `0x80000004` for normal, `0x80000002` for S3 resume). +- 0x9B0 `RuntimeSmmValidateJumpBuffer` (`sub_9B0`): SetJump buffer validation -- asserts non-null and 8-byte aligned. +- 0xBD4 `RuntimeSmmCompareGuid` (`sub_BD4`): `CompareMem` against reference GUID `unk_12B0` (little-endian aligned compare with tail handling). ## State Management @@ -53,48 +57,47 @@ | Address | Name | Type | Purpose | |---------|------|------|---------| -| 0x1280 | unk_1280 | GUID | Protocol GUID for `gEfiSmmStatusCodeProtocolGuid` (used by sub_A80) | -| 0x1290 | unk_1290 | GUID | Protocol GUID -- same bytes as unk_12A0 (StatusCode runtime protocol) | -| 0x12A0 | unk_12A0 | GUID | SmmBase2 protocol GUID (SMM_SERVICES_TABLE_GUID) | -| 0x12B0 | unk_12B0 | GUID | Reference GUID for protocol comparison (sub_BD4, sub_64C -- Runtime SMM protocol notify) | -| 0x12C0 | unk_12C0 | GUID | Boot-time protocol GUID for Runtime Services (sub_9F8) | -| 0x12D0 | unk_12D0 | GUID | SMM-mode protocol GUID for Runtime Services (sub_9F8) | -| 0x12E0 | unk_12E0 | GUID | Protocol GUID for SMM Runtime Services Table (sub_768 locates via gBS->LocateProtocol) | -| 0x12F0 | qword_12F0 | UINT64 | gST (System Table) | -| 0x1300 | qword_1300 | UINT64 | gImageHandle | -| 0x1308 | qword_1308 | UINT64 | gRT (Runtime Services) | -| 0x1310 | qword_1310 | UINT64 | gSmst (SMM System Table) | -| 0x1318 | qword_1318 | UINT64 | DebugLib protocol pointer (cached lazily by sub_888) | -| 0x1320 | BootServices | UINT64 | gBS (Boot Services) | -| 0x1328 | RuntimeServices | UINT64 | gRT (cached Runtime Services pointer) | -| 0x1330 | qword_1330 | UINT64 | SMM System Table pointer (gSmst, set from SmmBase2) | -| 0x1338 | byte_1338 | UINT8 | SmmMode flag (1 = running in SMM) | -| 0x1340 | qword_1340 | UINT64 | SMM Runtime Services protocol pointer (sub_9F8) | -| 0x1348 | byte_1348 | UINT8 | InSmm flag (1 = in SMM, used by sub_9F8/sub_A80 protocol registration) | -| 0x1350 | qword_1350 | UINT64 | SMM Status Code protocol pointer (sub_A80) | -| 0x1358 | qword_1358 | UINT64 | Boot-time Runtime Services protocol pointer (sub_9F8) | -| 0x1360 | qword_1360 | UINT64 | SMM Runtime Services Table protocol pointer (sub_768) | -| 0x1368 | qword_1368 | UINT64 | Boot-time Status Code protocol pointer (sub_A80) | -| 0x1370 | SystemTable | UINT64 | gST (cached System Table pointer) | -| 0x1378 | n3 | UINT8 | CMOS byte read result (sub_960) | -| 0x1380 | unk_1380 | 248-byte buffer | SetJump/LongJump context save area | +| 0x1280 | gEfiSmmStatusCodeProtocolGuid | GUID | Protocol GUID for status code in SMM runtime | +| 0x1290 | gEfiStatusCodeRuntimeProtocolGuid | GUID | Runtime protocol GUID (mirrors status-code runtime view) | +| 0x12A0 | gEfiSmmBaseProtocolGuid | GUID | SmmBase2 protocol GUID (`SMM_SERVICES_TABLE_GUID`) | +| 0x12B0 | gRuntimeSmmCallbackProtocolGuid | GUID | Reference GUID for protocol comparison (sub_BD4/sub_64C) | +| 0x12C0 | gRuntimeServicesProtocolGuid | GUID | Boot-time protocol GUID for Runtime Services (sub_9F8) | +| 0x12D0 | gSmmRuntimeServicesProtocolGuid | GUID | SMM-mode protocol GUID for Runtime Services (sub_9F8) | +| 0x12E0 | gSmmRuntimeServicesTableGuid | GUID | Protocol GUID for SMM Runtime Services Table (`RuntimeSmmInitialize` / `sub_768`) locates via gBS->LocateProtocol | +| 0x12F0 | gST | UINT64 | System Table pointer | +| 0x1300 | gImageHandle | UINT64 | ImageHandle passed to module entry | +| 0x1308 | gRT | UINT64 | Runtime Services pointer | +| 0x1310 | gSmst | UINT64 | SMM Services Table pointer | +| 0x1318 | mDebugProtocol | UINT64 | DebugLib protocol pointer (cached lazily by `RuntimeSmmLocateDebugProtocol` / `sub_888`) | +| 0x1320 | gBS | UINT64 | Boot Services pointer | +| 0x1328 | RuntimeServices | UINT64 | Runtime Services cached pointer | +| 0x1330 | gSmst | UINT64 | SMM System Table pointer (gSmst, set from SmmBase2) | +| 0x1338 | mSmmMode | UINT8 | SmmMode flag (1 = running in SMM) | +| 0x1340 | mRuntimeServicesProtocolSmm | UINT64 | SMM Runtime Services protocol pointer (sub_9F8) | +| 0x1348 | mInSmmMode | UINT8 | InSmm flag (1 = in SMM, used by sub_9F8/sub_A80 protocol registration) | +| 0x1350 | mStatusCodeProtocolSmm | UINT64 | SMM Status Code protocol pointer (sub_A80) | +| 0x1358 | mRuntimeServicesProtocolBoot | UINT64 | Boot-time Runtime Services protocol pointer (sub_9F8) | +| 0x1360 | mSmmRuntimeServicesTable | UINT64 | SMM Runtime Services Table protocol pointer (`RuntimeSmmInitialize` / `sub_768`) | +| 0x1368 | mStatusCodeProtocolBoot | UINT64 | Boot-time Status Code protocol pointer (sub_A80) | +| 0x1378 | mCmosByte | UINT8 | CMOS byte read result (`RuntimeSmmReadRuntimeModeFromCmos` / `sub_960`) | +| 0x1380 | gSetJumpBuffer | 248-byte buffer | SetJump/LongJump context save area | ### Initialization Flow 1. `_ModuleEntryPoint` (0x420) called by SMM core 2. `sub_44C` (0x44C) caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, gets gSmst -3. `sub_58C` (0x58C) saves SetJump context, calls `sub_768` (driver init), restores via LongJump -4. `sub_768` (0x768) caches SystemTable/BootServices/RuntimeServices, locates SMM RST protocol, calls its callback, optionally swaps RuntimeServices with SMM version, registers protocol handlers via sub_9F8/sub_A80, calls sub_64C for protocol notify registration -5. `sub_64C` (0x64C) allocates a 136-byte buffer, fills first 3 QWORDs from protocol GUID data and the remaining 14 with sub_640 stub, registers via SmmRegisterProtocolNotify +3. `RuntimeSmmInitJumpState` (`sub_58C`) saves SetJump context, calls `RuntimeSmmInitialize` (`sub_768`) [driver init], restores via LongJump +4. `RuntimeSmmInitialize` (`sub_768`) caches SystemTable/BootServices/RuntimeServices, locates SMM RST protocol, calls its callback, optionally swaps RuntimeServices with SMM version, registers protocol handlers via `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol` (`sub_9F8`/`sub_A80`), calls `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) for protocol notify registration +5. `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) allocates a 136-byte buffer, fills first 3 QWORDs from protocol GUID data and the remaining 14 with `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) stub, registers via SmmRegisterProtocolNotify ## Data Structures -- **SetJump buffer** at `unk_1380` (248 bytes): Offset layout is 15 saved GP registers (0-64), return address (72), MXCSR value (80), 10 XMM registers (88-248). Used by sub_300/sub_3A0 for error recovery wrapping around sub_768. -- **Protocol notify buffer** in sub_64C (136 bytes = 17 QWORDs): First 3 QWORDs are protocol GUID, remaining 14 QWORDs initialized to sub_640 function pointer, registered via `SmmRegisterProtocolNotify`. +- **SetJump buffer** at `gSetJumpBuffer` (248 bytes): Offset layout is 15 saved GP registers (0-64), return address (72), MXCSR value (80), 10 XMM registers (88-248). Used by `RuntimeSmmSetJump`/`RuntimeSmmLongJump` (`sub_300`/`sub_3A0`) for error recovery wrapping around `RuntimeSmmInitialize` (`sub_768`). +- **Protocol notify buffer** in `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) (136 bytes = 17 QWORDs): First 3 QWORDs are protocol GUID, remaining 14 QWORDs initialized to `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) function pointer, registered via `SmmRegisterProtocolNotify`. ## Calling Patterns -1. **Try/Except pattern**: `SetJump(context)` -> `sub_768()` [protected code] -> `LongJump(context, status)` -> check status -> unreachable ASSERT +1. **Try/Except pattern**: `RuntimeSmmSetJump(context)` -> `RuntimeSmmInitialize()` [protected code] -> `RuntimeSmmLongJump(context, status)` -> check status -> unreachable ASSERT 2. **Protocol registration flow**: Locate SMM Base2 -> Get SMM System Table -> Locate SMM Runtime Services Table Protocol -> Call protocol callback -> Register protocol notify -> Register status code protocol handlers ## Dependencies @@ -103,20 +106,20 @@ - **SMM Services (gSmst)**: `LocateProtocol` (offset +208), `SmmRegisterProtocolNotify` (offset +40), `SmmIoMemRead`/protocol entry iteration (offset +152/+160 in SMM system table struct) - **Boot Services (gBS)**: `LocateProtocol` (offset +320), `AllocatePool` (offset +24), `FreePool` (offset +32) -- **Hardware IO**: CMOS NVRAM ports 0x70/0x71 (sub_960), fixed address 0xFDAF0490 (runtime detection byte) +- **Hardware IO**: CMOS NVRAM ports 0x70/0x71 (`RuntimeSmmReadRuntimeModeFromCmos` / `sub_960`), fixed address 0xFDAF0490 (runtime detection byte) - **DebugLib protocol**: `ReportStatusCode` and `ReportStatusCodeEx` (via gSmst->LocateProtocol) ### Consumed By (other modules call this) - **SMM Core**: Calls `_ModuleEntryPoint` (exported entry point) - **SMM Runtime Services Table protocol consumer**: The protocol notify handler registered via sub_64C is invoked by SMM core when the target protocol is installed -- **Callback from located protocol** at 0x807: The protocol at qword_1360 is called with an `Enable` flag pointer; its second function (+8) provides the SMM system table +- **Callback from located protocol** at 0x807: The protocol at `mSmmRuntimeServicesTable` is called with an `Enable` flag pointer; its second function (+8) provides the SMM system table ## Notes - The module has NO imports -- all protocol interfaces are resolved internally via `LocateProtocol` through the system tables. - Strings reference build paths `e:\hs\Build\HR6N0XMLK\DEBUG_VS2015\X64\...` and `e:\hs\AmiModulePkg\RuntimeSmm\RuntimeSmm.c`, confirming this is a DEBUG VS2015 X64 build. -- sub_640 is a 2-instruction leaf returning `EFI_UNSUPPORTED` -- used as a placeholder default handler in the protocol notify registration table. -- sub_960's CMOS check at index 0x4C and the byte at 0xFDAF0490 are platform-specific runtime detection heuristics for distinguishing normal boot from S3 resume. -- The double `sub_920` call after LongJump in sub_58C is unreachable code (standard EDK2 AutoGen tail after infinite loop). +- `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) is a 2-instruction leaf returning `EFI_UNSUPPORTED` -- used as a placeholder default handler in the protocol notify registration table. +- `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`)'s CMOS check at index 0x4C and the byte at 0xFDAF0490 are platform-specific runtime detection heuristics for distinguishing normal boot from S3 resume. +- The double `RuntimeSmmReportStatusCodeExHandler` (`sub_920`) call after LongJump in `RuntimeSmmInitJumpState` (`sub_58C`) is unreachable code (standard EDK2 AutoGen tail after infinite loop). - sub_BD4's alignment-sensitive comparison logic handles unaligned GUID comparison by byte-matching leading/trailing misaligned bytes. diff --git a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md index f56d706..7d03613 100644 --- a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md +++ b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md @@ -11,12 +11,24 @@ SmmTcgStorageSec is an SMM module that provides TCG (Trusted Computing Group) storage security services, including Opal and eDrive security subsystem management from within SMM context. It handles storage device security commands, manages TCG storage protocols in SMM, and coordinates with the TCG Storage Security DXE driver through SMM communication. At 29,792 bytes it is one of the larger SMM TCG modules. +## Module/File Split Notes + +- Implementation is recovered in one translation unit: `SmmTcgStorageSec.c` +- Symbol declarations are in `SmmTcgStorageSec.h` +- No additional helper split files are present in this recovery set. + ## Key Functions -- **ModuleEntryPoint**: Entry point that initializes storage security services and registers SMM communication handlers. -- **TcgStorageSecurityInit** (`sub_53C`): TCG storage protocol initialization and SMM handler dispatch registration. -- **TcgStorageSecurityProcessCommands** (`sub_A9C`): Core storage security command processing pipeline. -- **TcgStorageSecurityHandleInitializeError** (`sub_9D8`): Error handling path for failed storage security operations. +- **ModuleEntryPoint**: UEFI entrypoint that launches initialization and command processing. +- **TcgStorageSecurityInit** (`sub_53C`): TCG storage protocol initialization and SMM dispatch setup. +- **TcgStorageSecurityProcessCommands** (`sub_A9C`): Core SMM storage security command processing pipeline. +- **TcgStorageSecurityHandleInitializeError** (`sub_9D8`): Error handling path for failed command pipeline initialization. + +### Recovered Symbol Table + +- `TcgStorageSecurityInit` ← `sub_53C` +- `TcgStorageSecurityProcessCommands` ← `sub_A9C` +- `TcgStorageSecurityHandleInitializeError` ← `sub_9D8` ## Dependencies diff --git a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.c b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.c index 2fca959..3c68857 100644 --- a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.c +++ b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.c @@ -10,15 +10,21 @@ #include "SmmTcgStorageSec.h" -// Function: ModuleEntryPoint -EFI_STATUS ModuleEntryPoint(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) +// +// ModuleEntryPoint -- EFI entrypoint for SMM TCG Storage Security +// +EFI_STATUS EFIAPI +ModuleEntryPoint( + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable +) { - EFI_STATUS Status; + EFI_STATUS CommandPipelineStatus; TcgStorageSecurityInit(ImageHandle, SystemTable); - Status = TcgStorageSecurityProcessCommands(); - if ( Status < 0 ) { + CommandPipelineStatus = TcgStorageSecurityProcessCommands(); + if (CommandPipelineStatus < 0) { TcgStorageSecurityHandleInitializeError(); } - return Status; + return CommandPipelineStatus; } diff --git a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md index 8e1c81b..b626eae 100644 --- a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md +++ b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md @@ -4,8 +4,22 @@ | Address | Name | Description | |---------|------|-------------| -| | **ModuleEntryPoint** | Main SMM entry point. Calls `TcgStorageSecurityInit`, then executes `TcgStorageSecurityProcessCommands` and handles errors via `TcgStorageSecurityHandleInitializeError`. | -| rbx | **sub_53C(ImageHandle, SystemTable); v2 = sub_A9C(); if ( v2 < 0 ) sub_9D8(); return v2; }** | Decompiled control flow (raw) | +| *(entry)* | **ModuleEntryPoint** | Calls `TcgStorageSecurityInit(ImageHandle, SystemTable)`, then executes `TcgStorageSecurityProcessCommands()`, and invokes `TcgStorageSecurityHandleInitializeError()` on failure. | +| `sub_53C` | **TcgStorageSecurityInit** | Initialization routine for SMM TCG storage security context and handler registration. | +| `sub_A9C` | **TcgStorageSecurityProcessCommands** | Primary command-processing routine executed after initialization. | +| `sub_9D8` | **TcgStorageSecurityHandleInitializeError** | Error recovery path used when command processing reports an EFI error. | + +### Recovered Call Chain + +1. `ModuleEntryPoint(ImageHandle, SystemTable)` +2. `TcgStorageSecurityInit(ImageHandle, SystemTable)` +3. `TcgStorageSecurityProcessCommands()` +4. On error: `TcgStorageSecurityHandleInitializeError()` + +### Module/File Split Notes + +- `SmmTcgStorageSec.c` contains the decompiled implementation entrypoint body. +- `SmmTcgStorageSec.h` provides recovered prototypes and symbol compatibility aliases. ### Recovered Symbols diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.c b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.c index 7d82bc6..5a5241c 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.c +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.c @@ -1,8 +1,7 @@ /** @file AmiErrorHandlerMain.c -- AmiErrorHandlerMain - Auto-converted from IDA decompiler output. - Functions: 1 + Module split shim: entrypoint + compatibility wrappers. Copyright (c) HR650X BIOS Decompilation Project **/ @@ -11,16 +10,21 @@ // Function: ModuleEntryPoint -EFI_STATUS ModuleEntryPoint(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) +EFI_STATUS +EFIAPI +ModuleEntryPoint( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) { - signed __int64 v4; // rsi + EFI_STATUS Status; AmiErrorHandlerAutoGenInit(); - v4 = AmiErrorHandlerInitialize(ImageHandle, SystemTable); - // AmiErrorHandlerInitialize registers SMM handlers; fall back through error path on failure. - if ( v4 < 0 ) + Status = AmiErrorHandlerInitialize(ImageHandle, SystemTable); + // Fall through to the shared failure helper when SMM registration setup fails. + if ( Status < 0 ) AmiErrorHandlerInitFail(ImageHandle, SystemTable); - return v4; + return Status; } EFI_STATUS @@ -35,8 +39,8 @@ EFI_STATUS EFIAPI AmiErrorHandlerInitialize( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { return sub_42EC(ImageHandle, SystemTable); @@ -45,8 +49,8 @@ EFI_STATUS EFIAPI AmiErrorHandlerInitFail( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { return sub_427C(ImageHandle, SystemTable); diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.h b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.h index abb462d..2a8ae75 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.h +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.h @@ -13,6 +13,10 @@ // // Function Prototypes // +// Module split notes: +// - This translation unit implements the public wrapper entrypoint and API shims. +// - `sub_*` symbols preserve original decompilation entrypoints for cross-file linkage. + /// /// ModuleEntryPoint -- UEFI entry point / initialization function @@ -25,7 +29,7 @@ ); /// -/// sub_3E24 +/// AmiErrorHandlerAutoGenInit -- wrapper for AutoGen init entrypoint (`sub_3E24`) /// EFI_STATUS EFIAPI @@ -34,7 +38,7 @@ ); /// -/// sub_42EC +/// AmiErrorHandlerInitialize -- wrapper for primary initialization entrypoint (`sub_42EC`) /// EFI_STATUS EFIAPI @@ -44,7 +48,7 @@ ); /// -/// sub_427C +/// AmiErrorHandlerInitFail -- wrapper for initialization failure entrypoint (`sub_427C`) /// EFI_STATUS EFIAPI @@ -54,7 +58,7 @@ ); /// -/// sub_3E24 -- retained legacy symbol name for traceability +/// sub_3E24 -- legacy decompiler symbol retained for link compatibility /// EFI_STATUS EFIAPI @@ -63,23 +67,23 @@ ); /// -/// sub_42EC -- retained legacy symbol name for traceability +/// sub_42EC -- legacy decompiler symbol retained for link compatibility /// EFI_STATUS EFIAPI sub_42EC( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ); /// -/// sub_427C -- retained legacy symbol name for traceability +/// sub_427C -- legacy decompiler symbol retained for link compatibility /// EFI_STATUS EFIAPI sub_427C( - EFI_HANDLE ImageHandle, - EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ); #endif /* __AMIERRORHANDLERMAIN_H__ */ diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md index f4c48e4..4f1daff 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md @@ -2,10 +2,16 @@ ## Function Table +### Module Split Notes + +- `AmiErrorHandlerMain.c`: module entrypoint and wrapper shims +- `AmiErrorHandlerMain.h`: public declarations and decompilation-compatible aliases +- `AmiErrorHandlerMain_analysis.md`: recovered internal mapping and protocol/dispatch notes + | Address | Name | Description | |---------|------|-------------| | 0x5F8 | `ModuleEntryPoint` | EDK2 SMM driver entrypoint | -| 0x5F8 | `ModuleEntryPoint -> AmiErrorHandlerAutoGenInit(); v4 = AmiErrorHandlerInitialize(ImageHandle, SystemTable); if (v4 < 0) AmiErrorHandlerInitFail(ImageHandle, SystemTable); return v4;` | Recovered symbol flow | +| 0x5F8 | `ModuleEntryPoint` | `AmiErrorHandlerAutoGenInit(); Status = AmiErrorHandlerInitialize(ImageHandle, SystemTable); if (Status < 0) AmiErrorHandlerInitFail(ImageHandle, SystemTable); return Status;` | | 0x3E24 | `AmiErrorHandlerAutoGenInit` (aka `sub_3E24`) | AutoGen init sequence | | 0x42EC | `AmiErrorHandlerInitialize` (aka `sub_42EC`) | Main SMM initialization and registration | | 0x427C | `AmiErrorHandlerInitFail` (aka `sub_427C`) | Initialization failure cleanup/error path | diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md index cfc1b46..1cce32f 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md @@ -17,8 +17,9 @@ | Address | Name | Purpose | |---------|------|---------| | 0x5f8 | ModuleEntryPoint | Driver entry: init libraries, register SMI handler | -| 0x3e24 | sub_3E24 | AutoGen init: calls 18 sub-init functions in sequence | -| 0x42ec | sub_42EC | Main init: SMM protocol registration | +| 0x3e24 | AmiErrorHandlerAutoGenInit (`sub_3E24`) | AutoGen init: calls 18 sub-init functions in sequence | +| 0x42ec | AmiErrorHandlerInitialize (`sub_42EC`) | Main init: SMM protocol registration | +| 0x427c | AmiErrorHandlerInitFail (`sub_427C`) | Initialization failure cleanup/error path | | 0x4680 | sub_4680 | SMM SwDispatch registration + SMI handler install | | 0x4364 | sub_4364 | SMI dispatch callback: demux by GUID | | 0x27e4 | sub_27E4 | Core error dispatch: switch(error_source) {1..9} | @@ -43,7 +44,7 @@ ## Entry Points (Public API) -- **0x5f8** `ModuleEntryPoint`: Standard UEFI driver entry. Calls sub_3E24 (AutoGen), then sub_42EC (SMM init). +- **0x5f8** `ModuleEntryPoint`: Standard UEFI driver entry. Calls `AmiErrorHandlerAutoGenInit` (aka `sub_3E24`), then `AmiErrorHandlerInitialize` (aka `sub_42EC`), and falls to `AmiErrorHandlerInitFail` (aka `sub_427C`) on error. - **0x4364** `sub_4364`: SMI dispatch callback registered via SmmSwDispatch2. Entry receives a context buffer. Reads error type from buffer offset+12, copies payload data, and dispatches to sub_27E4. Handles 3 protocol GUIDs (unk_5C80, unk_5C90, unk_5CA0). @@ -53,7 +54,13 @@ ## Internal Helpers -### Init Sequence (called from sub_3E24 in order): +### Module Split Notes + +- `AmiErrorHandlerMain.c`: `ModuleEntryPoint` shim and compatibility wrappers for recovered entrypoints. +- `AmiErrorHandlerMain.h`: declarations for `ModuleEntryPoint`, recovered entrypoints, and legacy `sub_*` symbols. +- `AmiErrorHandlerMain.md` / `README.md`: manually recovered control-flow and protocol notes for this translation unit. + +### Init Sequence (called from `AmiErrorHandlerAutoGenInit` / `sub_3E24` in order): 1. **0x6e8** - Init gImageHandle, gST, gBS globals 2. **0x784** - Init gRT (Runtime Services Table) 3. **0x7c0** - Init gSmst via SmmBase2Protocol (GUID F4CCBFB7-F6E0-47FD-9dd410a8-f150c191) @@ -218,7 +225,7 @@ ``` ModuleEntryPoint(0x5f8) | - +-> sub_3E24 (AutoGen init) + +-> AmiErrorHandlerAutoGenInit (aka sub_3E24) | +-> sub_6E8 -> gBS/gST init | +-> sub_784 -> gRT init | +-> sub_7C0 -> gSmst init (SmmBase2) @@ -233,7 +240,7 @@ | +-> sub_2520 -> [protocol] | +-> sub_263C -> [protocol] | - +-> sub_42EC (SMM registration) + +-> AmiErrorHandlerInitialize (aka sub_42EC) +-> sub_300 -> debug check +-> sub_4680 -> SMM protocol registration +-> SmmSwDispatch2.Register() @@ -318,4 +325,4 @@ - n4=3..4: Uses MC bank table at 0x5F40, 6 socket bits, 2 core bits - n4=5..6: Uses MC bank table at 0x5CC0, 6 socket bits, 2 core bits -6. The `sub_300` function at 0x300 is a debug/release build check (checked via sub_C40/C4C/C58 chain). \ No newline at end of file +6. The `sub_300` function at 0x300 is a debug/release build check (checked via sub_C40/C4C/C58 chain). diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md index 4e9d7a4..0f9705b 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md @@ -4,11 +4,15 @@ ## Overview SMM error handler from American Megatrends (AMI) that receives error notifications via SMM communication protocol, classifies them by error source type (1-9), and dispatches to platform-specific handlers. Manages CPU topology tracking (socket/core/thread) for error source correlation and reports Configuration Status Register (CSR) data to BMC via IPMI/SMM communicate. Handles MCA errors, PCIe AER errors, and generic bus/memory/I/O errors. +## Module split +- `AmiErrorHandlerMain.c` / `AmiErrorHandlerMain.h`: module entrypoint and split-boundary shims that bind recovered names to linked `sub_*` implementation symbols. +- Remaining implementation units (registration/dispatch/reporting/initialization primitives) are referenced through the preserved `sub_*` entrypoints documented in analysis notes. + ## Key Functions -- **ModuleEntryPoint** -- Driver entry: initializes libraries (18 constructors), registers SMI handler -- **AmiErrorHandlerAutoGenInit** (sub_3E24) -- Performs AutoGen-generated init routine before main initialization -- **AmiErrorHandlerInitialize** (sub_42EC) -- Main initialization; registers the SMM dispatch handlers -- **AmiErrorHandlerInitFail** (sub_427C) -- Error path invoked when SMM initialization returns failure +- **ModuleEntryPoint** -- Recovered entrypoint that calls `AmiErrorHandlerAutoGenInit`, `AmiErrorHandlerInitialize`, then `AmiErrorHandlerInitFail` on registration failure. +- **AmiErrorHandlerAutoGenInit** (`sub_3E24`) -- Performs AutoGen-generated init routine before main initialization. +- **AmiErrorHandlerInitialize** (`sub_42EC`) -- Main initialization; registers the SMM dispatch handlers. +- **AmiErrorHandlerInitFail** (`sub_427C`) -- Error path invoked when SMM initialization returns failure. - **sub_27E4** -- Core error dispatch: switch(error_source=1..9) routes to domain-specific handlers - **sub_2724** -- MCA error severity classification (corrected/uncorrected/fatal/deferred) - **sub_2F2C** -- Report CSR info to BMC via SmmCommunication with formatted 12-byte record diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.c b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.c index 62135bb..05e8697 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.c +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.c @@ -10,15 +10,12 @@ #include "FpgaErrorHandler.h" // -// Recovered .data symbols from decompilation maps. +// Recovered module state from decompilation maps. // EFI_STATUS mFpgaErrorHandlerModuleStatus = 0x8000000000000001ULL; UINT8 mFpgaErrorHandlerJumpBuffer[0xF8]; -#define qword_2FA8 mFpgaErrorHandlerModuleStatus -#define unk_2EB0 mFpgaErrorHandlerJumpBuffer - // // Function: _ModuleEntryPoint (recovered entry symbol from docs) // @@ -34,14 +31,14 @@ VOID *SetJumpState = NULL; FpgaErrorHandlerInitializeContext(ImageHandle, SystemTable); - qword_2FA8 = 0x8000000000000001uLL; - SetJumpState = &unk_2EB0; + mFpgaErrorHandlerModuleStatus = 0x8000000000000001uLL; + SetJumpState = mFpgaErrorHandlerJumpBuffer; if ( !FpgaErrorHandlerSetJumpStateSave(SetJumpState) ) { HandlerSetupStatus = RegisterFpgaErrorCallbacks(); - if ( HandlerSetupStatus >= 0 || qword_2FA8 < 0 ) + if ( HandlerSetupStatus >= 0 || mFpgaErrorHandlerModuleStatus < 0 ) { - qword_2FA8 = HandlerSetupStatus; + mFpgaErrorHandlerModuleStatus = HandlerSetupStatus; } FpgaErrorHandlerSetJumpStateCheck(SetJumpState); @@ -57,8 +54,8 @@ 626, "((BOOLEAN)(0==1))"); } - ReturnStatus = qword_2FA8; - if ( qword_2FA8 < 0 ) + ReturnStatus = mFpgaErrorHandlerModuleStatus; + if ( mFpgaErrorHandlerModuleStatus < 0 ) { FpgaErrorHandlerCleanup(); } @@ -77,4 +74,3 @@ { return _ModuleEntryPoint(ImageHandle, SystemTable); } - diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.h b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.h index bedfe8b..df5bc39 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.h +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.h @@ -42,6 +42,7 @@ /// /// FpgaErrorHandlerInitializeContext -- AutoGen init helper (`sub_5C0`). +/// `sub_5C0` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerInitializeContext sub_5C0 EFI_STATUS @@ -53,6 +54,7 @@ /// /// RegisterFpgaErrorCallbacks -- module setup routine (`sub_EAC`). +/// `sub_EAC` is the decompilation symbol name for this routine. /// #define RegisterFpgaErrorCallbacks sub_EAC EFI_STATUS @@ -63,6 +65,7 @@ /// /// FpgaErrorHandlerSetJumpStateSave -- context save (`sub_280`). +/// `sub_280` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerSetJumpStateSave sub_280 EFI_STATUS @@ -73,6 +76,7 @@ /// /// FpgaErrorHandlerSetJumpStateCheck -- set-jump context validator (`sub_11E0`). +/// `sub_11E0` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerSetJumpStateCheck sub_11E0 EFI_STATUS @@ -83,6 +87,7 @@ /// /// FpgaErrorHandlerSetJumpRecover -- context restore/longjmp (`sub_320`). +/// `sub_320` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerSetJumpRecover sub_320 EFI_STATUS @@ -94,6 +99,7 @@ /// /// FpgaErrorHandlerAssert -- debug assert logging (`sub_11A0`). +/// `sub_11A0` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerAssert sub_11A0 EFI_STATUS @@ -106,6 +112,7 @@ /// /// FpgaErrorHandlerCleanup -- SMM pool/free failure path (`sub_13D4`). +/// `sub_13D4` is the decompilation symbol name for this helper. /// #define FpgaErrorHandlerCleanup sub_13D4 EFI_STATUS @@ -120,7 +127,7 @@ /// /// Module return status register (`qword_2FA8`). -/// +/// extern EFI_STATUS mFpgaErrorHandlerModuleStatus; /// @@ -129,4 +136,3 @@ extern UINT8 mFpgaErrorHandlerJumpBuffer[0xF8]; #endif /* __FPGAERRORHANDLER_H__ */ - diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.md index 05c8114..c87d5a5 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/FpgaErrorHandler.md @@ -2,34 +2,34 @@ ## Function Table -| Address | Name | Recovered Alias | Description | -|---------|------|-----------------|-------------| -| _ModuleEntryPoint | `_ModuleEntryPoint` | n/a | Decomp entry symbol recovered from AutoGen path. Runs set-jump-protected setup flow and returns recovered module status (`qword_2FA8`). | -| ModuleEntryPoint | `ModuleEntryPoint` | n/a | Compatibility wrapper for `_ModuleEntryPoint`. | -| 0x5C0 | sub_5C0 | FpgaErrorHandlerInitializeContext | Auto-generated context init helper (`ImageHandle`, `SystemTable`). | -| 0xEAC | sub_EAC | RegisterFpgaErrorCallbacks | Main FPGA callback registration/setup routine. | -| 0x280 | sub_280 | FpgaErrorHandlerSetJumpStateSave | Captures set-jump context into `unk_2EB0`. | -| 0x11E0 | sub_11E0 | FpgaErrorHandlerSetJumpStateCheck | Validates captured set-jump state. | -| 0x320 | sub_320 | FpgaErrorHandlerSetJumpRecover | Restores control flow from set-jump context and return token. | -| 0x11A0 | sub_11A0 | FpgaErrorHandlerAssert | Debug assertion/logging callsite for impossible AutoGen branches. | -| 0x13D4 | sub_13D4 | FpgaErrorHandlerCleanup | SMM cleanup path used when `qword_2FA8 < 0`. | +| Symbol | Recovered Alias | Description | +|--------|-----------------|-------------| +| _ModuleEntryPoint | `_ModuleEntryPoint` | Decomp entry symbol recovered from AutoGen path. Runs set-jump-protected setup flow and returns module status (`mFpgaErrorHandlerModuleStatus`). | +| ModuleEntryPoint | `ModuleEntryPoint` | Compatibility wrapper for `_ModuleEntryPoint`. | +| FpgaErrorHandlerInitializeContext (`sub_5C0`) | `FpgaErrorHandlerInitializeContext` | Auto-generated context init helper (`ImageHandle`, `SystemTable`). | +| RegisterFpgaErrorCallbacks (`sub_EAC`) | `RegisterFpgaErrorCallbacks` | Main FPGA callback registration/setup routine. | +| FpgaErrorHandlerSetJumpStateSave (`sub_280`) | `FpgaErrorHandlerSetJumpStateSave` | Captures set-jump context into `mFpgaErrorHandlerJumpBuffer` (`unk_2EB0`). | +| FpgaErrorHandlerSetJumpStateCheck (`sub_11E0`) | `FpgaErrorHandlerSetJumpStateCheck` | Validates captured set-jump state. | +| FpgaErrorHandlerSetJumpRecover (`sub_320`) | `FpgaErrorHandlerSetJumpRecover` | Restores control flow from set-jump context and return token. | +| FpgaErrorHandlerAssert (`sub_11A0`) | `FpgaErrorHandlerAssert` | Debug assertion/logging callsite for impossible AutoGen branches. | +| FpgaErrorHandlerCleanup (`sub_13D4`) | `FpgaErrorHandlerCleanup` | SMM cleanup path used when `mFpgaErrorHandlerModuleStatus < 0`. | ## Recovered Internal Variables -- `qword_2FA8` — module return status word. Recovered as `mFpgaErrorHandlerModuleStatus` in `FpgaErrorHandler.h`. -- `unk_2EB0` — set-jump context object. Recovered as `mFpgaErrorHandlerJumpBuffer[0xF8]`. +- `mFpgaErrorHandlerModuleStatus` — module return status word (`qword_2FA8`). +- `mFpgaErrorHandlerJumpBuffer` — set-jump context object (`unk_2EB0`) [0xF8 bytes]. ## Callback Family (documented context) -- `sub_B38` — FPGA presence check callback. -- `sub_B48` — FPGA error clear callback. -- `sub_BF0` — FPGA buffer clear callback. -- `sub_C90` — FPGA status query callback. -- `sub_CB4` — FPGA fatal error callback. -- `sub_D48` — FPGA poll callback. -- `sub_DFC` — FPGA error collection routine (per-socket status staging). -- `sub_A30` — FPGA error logging helper. -- `sub_1580` — MpSyncData topology/bootstrap helper. +- `FpgaErrorHandlerIsErrorPresent` (`sub_B38`) — FPGA presence check callback. +- `FpgaErrorHandlerClearErrors` (`sub_B48`) — FPGA error clear callback. +- `FpgaErrorHandlerClearBuffer` (`sub_BF0`) — FPGA buffer clear callback. +- `FpgaErrorHandlerQueryErrorStatus` (`sub_C90`) — FPGA status query callback. +- `FpgaErrorHandlerHandleFatalError` (`sub_CB4`) — FPGA fatal error callback. +- `FpgaErrorHandlerPoll` (`sub_D48`) — FPGA poll callback. +- `FpgaErrorHandlerCollectSocketErrors` (`sub_DFC`) — FPGA error collection routine (per-socket status staging). +- `FpgaErrorHandlerLog` (`sub_A30`) — FPGA error logging helper. +- `FpgaErrorHandlerInitMpSyncData` (`sub_1580`) — MpSyncData topology/bootstrap helper. ### Recovered Local Variables in Entry Flow diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/README.md index 702ae14..49e152b 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/FpgaErrorHandler/FpgaErrorHandler/README.md @@ -7,22 +7,30 @@ The public entry remains `ModuleEntryPoint`, which forwards into the recovered AutoGen entry symbol `_ModuleEntryPoint`. Split in this module: -- `FpgaErrorHandler.c`: recovered entry logic and alias usage. -- `FpgaErrorHandler.h`: recovered helper aliases and state symbol declarations. +- `FpgaErrorHandler.c`: recovered entry logic and state usage (`_ModuleEntryPoint` plus `ModuleEntryPoint` shim). +- `FpgaErrorHandler.h`: recovered helper API aliases and state symbol declarations. - `FpgaErrorHandler.md`: recovered symbol table and detailed behavior notes. ## Key Functions - **_ModuleEntryPoint** -- recovered AutoGen module entry symbol. - **ModuleEntryPoint** -- compatibility wrapper to `_ModuleEntryPoint`. -- **sub_5C0 / FpgaErrorHandlerInitializeContext** -- entry init capture. -- **sub_EAC / RegisterFpgaErrorCallbacks** -- primary setup routine. -- **sub_280 / FpgaErrorHandlerSetJumpStateSave** -- set-jump capture. -- **sub_11E0 / FpgaErrorHandlerSetJumpStateCheck** -- set-jump validation. -- **sub_320 / FpgaErrorHandlerSetJumpRecover** -- set-jump recovery (`longjmp` equivalent). -- **sub_11A0 / FpgaErrorHandlerAssert** -- decompiler recovery assertion/log edge. -- **sub_13D4 / FpgaErrorHandlerCleanup** -- cleanup routine. -- **qword_2FA8 / mFpgaErrorHandlerModuleStatus** -- recovered module return status. -- **unk_2EB0 / mFpgaErrorHandlerJumpBuffer** -- recovered 0xF8-byte jump buffer. +- **FpgaErrorHandlerInitializeContext** (`sub_5C0`) -- entry init capture. +- **RegisterFpgaErrorCallbacks** (`sub_EAC`) -- primary setup routine. +- **FpgaErrorHandlerSetJumpStateSave** (`sub_280`) -- set-jump capture. +- **FpgaErrorHandlerSetJumpStateCheck** (`sub_11E0`) -- set-jump validation. +- **FpgaErrorHandlerSetJumpRecover** (`sub_320`) -- set-jump recovery (`longjmp` equivalent). +- **FpgaErrorHandlerAssert** (`sub_11A0`) -- decompiler recovery assertion/log edge. +- **FpgaErrorHandlerCleanup** (`sub_13D4`) -- cleanup routine. +- **mFpgaErrorHandlerModuleStatus** (`qword_2FA8`) -- module return status. +- **mFpgaErrorHandlerJumpBuffer** (`unk_2EB0`) -- recovered 0xF8-byte jump buffer. + +Additional callback-symbol recovery notes (from decompilation flow notes): +- `FpgaErrorHandlerIsErrorPresent` (`sub_B38`) — FPGA presence callback +- `FpgaErrorHandlerClearErrors` (`sub_B48`) — FPGA error clear callback +- `FpgaErrorHandlerClearBuffer` (`sub_BF0`) — FPGA buffer clear callback +- `FpgaErrorHandlerQueryErrorStatus` (`sub_C90`) — FPGA status query callback +- `FpgaErrorHandlerHandleFatalError` (`sub_CB4`) — FPGA fatal handler callback +- `FpgaErrorHandlerPoll` (`sub_D48`) — FPGA poll callback ## Protocols/Dependencies - MmPciBase Protocol, FPGA Callback Registration Protocol diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.c b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.c index 29cec79..77e6366 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.c +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.c @@ -1,8 +1,11 @@ /** @file - MainErrorHandler.c -- MainErrorHandler + MainErrorHandler -- MainErrorHandler module entry point - Auto-converted from IDA decompiler output. - Functions: 1 + Module split (recovered): + - ModuleEntryPoint() is implemented in this file. + - InitMainErrorHandlerLibraries() is implemented in the linked initialization unit. + - RegisterMainErrorHandlerCallbacks() is implemented in the linked registration unit. + - UnregisterMainErrorHandlerCallbacks() is implemented in the linked cleanup unit. Copyright (c) HR650X BIOS Decompilation Project **/ @@ -17,11 +20,11 @@ EFI_SYSTEM_TABLE *SystemTable ) { - signed __int64 v4; // rsi + EFI_STATUS Status; InitMainErrorHandlerLibraries(); - v4 = RegisterMainErrorHandlerCallbacks(ImageHandle, SystemTable); - if ( v4 < 0 ) + Status = RegisterMainErrorHandlerCallbacks(ImageHandle, SystemTable); + if ( Status < 0 ) UnregisterMainErrorHandlerCallbacks(ImageHandle, SystemTable); - return v4; + return Status; } diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.h b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.h index 6ed08b2..d52de67 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.h +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.h @@ -11,6 +11,10 @@ #include "../uefi_headers/Uefi.h" // +// Module split: this header owns the public entry and cross-file callback +// registration helpers for MainErrorHandler. +// +// // Function Prototypes // diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.md index 5787978..8c5249c 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/MainErrorHandler.md @@ -2,12 +2,12 @@ ## Function Table -| Address | Name | Description | -|---------|------|-------------| +| Symbol | Recovered Name | Notes | +|--------|----------------|-------------| | ModuleEntryPoint | `ModuleEntryPoint` | Top-level UEFI entry point. Initializes library context, calls `RegisterMainErrorHandlerCallbacks()`, and routes failed init to `UnregisterMainErrorHandlerCallbacks()`. | -| rsi (sub_2398) | `InitMainErrorHandlerLibraries` | Recovered name: library constructor and protocol bootstrap setup (`gST`, `gBS`, `gRT`, `gSmst`). | -| rsi (sub_2774) | `RegisterMainErrorHandlerCallbacks` | Recovered name: main error handler registration and initialization. | -| rsi (sub_2704) | `UnregisterMainErrorHandlerCallbacks` | Recovered name: cleanup/unload handler invoked on failed initialization. | +| `sub_2398` | `InitMainErrorHandlerLibraries` | Recovered library-constructor and protocol bootstrap setup (`gST`, `gBS`, `gRT`, `gSmst`). | +| `sub_2774` | `RegisterMainErrorHandlerCallbacks` | Recovered main error handler registration and initialization. | +| `sub_2704` | `UnregisterMainErrorHandlerCallbacks` | Recovered cleanup/unload handler invoked on failed initialization. | --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/README.md index 49f27a7..e623d10 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/MainErrorHandler/README.md @@ -4,11 +4,15 @@ ## Overview Top-level UEFI error handler dispatcher for the Intel Purley platform. This module initializes the error handling subsystem by calling library constructors, then registers error sources and notification callbacks. It serves as the main entry point that chains into PlatformErrorHandler, ProcessorErrorHandler, and other per-domain error handlers. +## Recovered Module Split +- **MainErrorHandler.c**: contains `ModuleEntryPoint()` wrapper and dispatches initialization results. +- **Library/registration/cleanup units**: `InitMainErrorHandlerLibraries()`, `RegisterMainErrorHandlerCallbacks()`, and `UnregisterMainErrorHandlerCallbacks()` are split into linked units (recovered from decompiler artifacts). + ## Key Functions -- **ModuleEntryPoint** -- UEFI entry point; calls sub_2398 (AutoGen init), sub_2774 (main init), and sub_2704 (fallback/unload on error) -- **InitMainErrorHandlerLibraries** (recovered from `sub_2398`) -- library constructor chain initialization (gST/gBS/gRT/gSmst setup) -- **RegisterMainErrorHandlerCallbacks** (recovered from `sub_2774`) -- main error handler registration logic -- **UnregisterMainErrorHandlerCallbacks** (recovered from `sub_2704`) -- error cleanup/unload handler on initialization failure +- **ModuleEntryPoint** -- UEFI entry point; initializes libraries via `InitMainErrorHandlerLibraries()`, calls `RegisterMainErrorHandlerCallbacks()`, and falls back to `UnregisterMainErrorHandlerCallbacks()` on failure. +- **InitMainErrorHandlerLibraries** (recovered from `sub_2398`) -- library constructor chain initialization (`gST`/`gBS`/`gRT`/`gSmst` setup). +- **RegisterMainErrorHandlerCallbacks** (recovered from `sub_2774`) -- main error handler registration logic. +- **UnregisterMainErrorHandlerCallbacks** (recovered from `sub_2704`) -- cleanup/unload handler on initialization failure. ## Recovered Symbol Mapping - `sub_2398` -> `InitMainErrorHandlerLibraries` diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.h b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.h index 851e66f..c4c080e 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.h +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.h @@ -16,8 +16,8 @@ /// /// ModuleEntryPoint -- UEFI entry point / initialization function -/// Recovered control flow: calls PcieErrorHandlerInitLibraries (sub_7958), -/// RegisterPcieErrorHandler (sub_7E70), and PcieErrorHandlerInitFailure (sub_7E00). +/// Recovered control flow: calls PcieErrorHandlerInitLibraries (0x7958), +/// RegisterPcieErrorHandler (0x7E70), and PcieErrorHandlerInitFailure (0x7E00). /// EFI_STATUS EFIAPI @@ -28,7 +28,7 @@ /// /// PcieErrorHandlerInitLibraries -- Library constructor chain initialization -/// (recovered as sub_7958). Sets up gST/gBS/gRT/gSmst and related globals. +/// Recovered at 0x7958. Sets up gST/gBS/gRT/gSmst and related globals. /// EFI_STATUS EFIAPI @@ -39,7 +39,7 @@ /// /// RegisterPcieErrorHandler -- Main initialization; locates PCIe-related /// protocols and registers SMI handlers. -/// Recovered name from sub_7E70. +/// Recovered at 0x7E70. /// EFI_STATUS EFIAPI @@ -50,7 +50,7 @@ /// /// PcieErrorHandlerInitFailure -- Fallback/cleanup on initialization failure. -/// Recovered name from sub_7E00. +/// Recovered at 0x7E00. /// EFI_STATUS EFIAPI diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.md index 790ab26..bfd9779 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/PcieErrorHandler.md @@ -2,20 +2,26 @@ ## Function Table -| Address | Name | Description | -|---------|------|-------------| -| | **_ModuleEntryPoint** (`ModuleEntryPoint`) | SMM entry point. Calls recovered `sub_7958` constructor path (`PcieErrorHandlerInitLibraries`), then `sub_7E70` (`RegisterPcieErrorHandler`); on failure, invokes `sub_7E00` (`PcieErrorHandlerInitFailure`). | -| (rsi) | **sub_7958** (`PcieErrorHandlerInitLibraries`) | Recovered as library constructor and protocol bootstrap initializer (`gST`, `gBS`, `gRT`, `gSmst`). | -| (rsi) | **sub_7E70** (`RegisterPcieErrorHandler`) | Recovered as main PCIe handler registration routine. | -| (rsi) | **sub_7E00** (`PcieErrorHandlerInitFailure`) | Recovered as initialization failure fallback helper. | +| Name | Address | Description | +|------|---------|-------------| +| **ModuleEntryPoint** | 0x0000 (entry) | SMM entry point. Calls `PcieErrorHandlerInitLibraries`, then `RegisterPcieErrorHandler`; on failure calls `PcieErrorHandlerInitFailure`. | +| **PcieErrorHandlerInitLibraries** | 0x7958 | Library constructor and protocol bootstrap initializer (`gST`, `gBS`, `gRT`, `gSmst`). | +| **RegisterPcieErrorHandler** | 0x7E70 | Main PCIe error-handler registration routine. | +| **PcieErrorHandlerInitFailure** | 0x7E00 | Initialization-failure fallback helper. | ## Recovered Symbol Mapping | Recovered Name | Original Symbol | Purpose | |----------------|-----------------|---------| -| PcieErrorHandlerInitLibraries | sub_7958 | Library constructor and protocol bootstrap initializer | -| RegisterPcieErrorHandler | sub_7E70 | Main PCIe error handler registration entry | -| PcieErrorHandlerInitFailure | sub_7E00 | Initialization-failure fallback handler | +| PcieErrorHandlerInitLibraries | 0x7958 | Library constructor and protocol bootstrap initializer | +| RegisterPcieErrorHandler | 0x7E70 | Main PCIe error handler registration entry | +| PcieErrorHandlerInitFailure | 0x7E00 | Initialization-failure fallback handler | + +## Module/File Split Notes + +- `PcieErrorHandler.c`: entrypoint implementation + recovered call-flow orchestration. +- `PcieErrorHandler.h`: recovered symbol declarations for entry and helper routines. +- `README.md`: compact project/module overview and recovery status. --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/README.md index 0bbb5f2..1737722 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PcieErrorHandler/README.md @@ -6,14 +6,19 @@ ## Key Functions - **ModuleEntryPoint** -- SMM entry point: initializes PCIe handlers with recovered entry-flow helpers. -- **PcieErrorHandlerInitLibraries** (recovered from `sub_7958`) -- Library constructor chain initialization (`gST`, `gBS`, `gRT`, `gSmst`). -- **RegisterPcieErrorHandler** (recovered from `sub_7E70`) -- Main initialization: locates PCIe-related protocols and registers SMI handlers. -- **PcieErrorHandlerInitFailure** (recovered from `sub_7E00`) -- Fallback/cleanup handler on initialization failure. +- **PcieErrorHandlerInitLibraries** -- Recovered constructor/bootstrap helper: initializes library globals (`gST`, `gBS`, `gRT`, `gSmst`). +- **RegisterPcieErrorHandler** -- Main initialization routine: locates PCIe-related protocols and registers SMI handlers. +- **PcieErrorHandlerInitFailure** -- Initialization failure fallback helper for cleanup/error-path handling. ## Recovered Symbol Mapping -- `sub_7958` -> `PcieErrorHandlerInitLibraries` -- `sub_7E70` -> `RegisterPcieErrorHandler` -- `sub_7E00` -> `PcieErrorHandlerInitFailure` +- `0x7958` -> `PcieErrorHandlerInitLibraries` +- `0x7E70` -> `RegisterPcieErrorHandler` +- `0x7E00` -> `PcieErrorHandlerInitFailure` + +## Module/File Split Notes +- `PcieErrorHandler.c` currently contains only `ModuleEntryPoint` and the recovered call-chain to the two helper routines. +- `PcieErrorHandler.h` declares the recovered public entry and helper symbols. +- `PcieErrorHandler.md` documents the recovered symbol mapping and function-level recovery intent. ## Protocols/Dependencies - UEFI Boot Services, Runtime Services, SMM System Table (gSmst) diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.h b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.h index 11a4cf9..bbf8cdf 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.h +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.h @@ -84,6 +84,10 @@ #define sub_3550 RegisterPlatformErrorHandler #define sub_34E0 PlatformErrorHandlerFallbackInit #define sub_594 PlatformErrorHandlerSmmEntry +#define sub_35C8 RegisterErrorSource +#define sub_36B8 RegisterErrorNotificationCallback +#define sub_3810 DispatchNotification +#define sub_3844 DispatchWithEarlyOut // // Recovered linked-list globals from decompiled analysis. diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md index 1d7dd48..1fedff7 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md @@ -4,11 +4,15 @@ | Address | Name | Description | |---------|------|-------------| -| 0x5CC | **_ModuleEntryPoint** (`ModuleEntryPoint`) | DXE/SMM entry point: constructor sequence (`sub_30D8` -> `PlatformErrorHandlerConstructors`), then main init (`sub_3550` -> `RegisterPlatformErrorHandler`), fallback (`sub_34E0` -> `PlatformErrorHandlerFallbackInit`) on failure | +| 0x5CC | **_ModuleEntryPoint** (`ModuleEntryPoint`, `sub_5CC`) | DXE/SMM entry point: constructor sequence (`sub_30D8` -> `PlatformErrorHandlerConstructors`), then main init (`sub_3550` -> `RegisterPlatformErrorHandler`), fallback (`sub_34E0` -> `PlatformErrorHandlerFallbackInit`) on failure | | (rsi) | **PlatformErrorHandlerConstructors** (`sub_30D8`) | AutoGen constructor dispatcher / library initialization path | | (rsi) | **RegisterPlatformErrorHandler** (`sub_3550`) | Main PlatformErrorHandler initialization | | (rsi) | **PlatformErrorHandlerFallbackInit** (`sub_34E0`) | Fallback/cleanup initialization helper | | (rsi) | **PlatformErrorHandlerSmmEntry** (`sub_594`) | Secondary SMM entry observed in local analysis | +| (rsi) | **RegisterErrorNotificationCallback** (`sub_36B8`) | Register priority-sorted notification callback for error delivery | +| (rsi) | **RegisterErrorSource** (`sub_35C8`) | Register per-source error context node | +| (rsi) | **DispatchNotification** (`sub_3810`) | Dispatch all callbacks for current context | +| (rsi) | **DispatchWithEarlyOut** (`sub_3844`) | Dispatch callbacks with early-stop support | ## Recovered Globals @@ -28,7 +32,9 @@ - `PlatformErrorHandlerConstructors`, `RegisterPlatformErrorHandler`, `PlatformErrorHandlerFallbackInit`, `RegisterErrorNotificationCallback`, `RegisterErrorSource`, `DispatchNotification`, and `DispatchWithEarlyOut` are in this module directory and are exposed for cross-file linking. -- Helpers for MC-bank access (`sub_1D8C` / `sub_1DE4` / `sub_1E3C`) are still documented in `emcaplatformhookslib.c`. +- Helpers for MC-bank access (`sub_1D8C` / `sub_1DE4` / `sub_1E3C`) remain documented in + `emcaplatformhookslib.c`. Setup and initialization helpers (for example `sub_2690`, `sub_2AE0`, + `sub_3D4C`, `sub_3E0C`, `sub_3970`, `sub_3890`) are currently documented in this module analysis. --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md index a5e1825..6c284f4 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md @@ -16,32 +16,31 @@ | Address | Name | Purpose | |---------|------|---------| -| 0x72D8 | qword_72D8 | Module status/result code (initialized to 0x8000000000000001 = EFI_NOT_FOUND?) | -| 0x72E0 | i | Linked list head for error source registrations (fwd callbacks) | -| 0x72E8 | i_1 | Tail pointer for error source linked list | -| 0x72F0 | i_0 | Linked list head for error notification callbacks | -| 0x72F8 | qword_72F8 | Tail pointer for notification callback list | +| 0x72D8 | PlatformErrorHandlerStatus | Module status/result code (initialized to 0x8000000000000001 = EFI_NOT_FOUND?) | +| 0x72E0 | ErrorSourceListHead | Linked list head for error source registrations | +| 0x72E8 | ErrorSourceListTail | Tail pointer for error source linked list | +| 0x72F0 | NotificationCallbackHead | Linked list head for error notification callbacks | +| 0x72F8 | NotificationCallbackTail | Tail pointer for notification callback list | | 0x7300 | SystemTable | EFI System Table pointer | | 0x7308 | BootServices | EFI Boot Services table pointer (gBS) | -| 0x7310 | qword_7310 | ImageHandle | +| 0x7310 | ImageHandle | Image handle passed to entry points | | 0x7318 | qword_7318 | Runtime Services table pointer (gRT) | -| 0x7320 | qword_7320 | SMM System Table 2 pointer (gSmst) | -| 0x7368 | qword_7368 | EMCA Platform Protocol interface pointer (GUID {F4CCBFB7-F6E0-47FD-9DD4-10A8F150C191}) | -| 0x7370 | qword_7370 | SMM System Table pointer (from EMCA protocol) | -| 0x7378 | qword_7378 | SMM MC Bank Protocol | -| 0x7380 | qword_7380 | Platform Info Policy (from EMCA, offset 1780 has boot mode info) | -| 0x7388 | qword_7388 | MC Bank list table (array of 32-byte entries per bank, indexed by socket) | -| 0x7390 | n6 | Number of MC banks (per sub_1AB0) | -| 0x7398 | qword_7398 | Error policy table | -| 0x73A0 | qword_73A0 | MC Bank enable/control table | -| 0x73A8 | n2 | Number of sockets? | -| 0x73B0 | qword_73B0 | MSR MCG_STATUS (0x179) cached value | -| 0x73B8 | qword_73B8 | gDS (EFI_DRIVER_SERVICES table) | -| 0x73C0 | unk_73C0 | SMM IPMI Transport Protocol interface pointer | -| 0x73C8 | unk_73C8 | SMM Variable Protocol interface pointer | -| 0x73D0 | qword_73D0 | SMM Variable Protocol (setup lib) | -| 0x73D8 | byte_73D8 | Is in SMM context flag (from EMCA probe) | -| 0x73E0 | qword_73E0 | EMCA Platform Protocol (setup lib usage) | +| 0x7320 | Smst | SMM System Table 2 pointer (gSmst) | +| 0x7368 | EmcaPlatformProtocol | EMCA Platform Protocol interface pointer (GUID {F4CCBFB7-F6E0-47FD-9DD4-10A8F150C191}) | +| 0x7370 | EmcaSmmSystemTable | SMM System Table pointer (from EMCA protocol) | +| 0x7378 | SmmMcBankProtocol | SMM MC Bank Protocol | +| 0x7380 | PlatformInfoPolicy | Platform Info Policy (from EMCA, offset 1780 has boot mode info) | +| 0x7388 | McBankListTable | MC Bank list table (array of 32-byte entries per bank, indexed by socket) | +| 0x7390 | McBankCount | Number of MC banks (per sub_1AB0) | +| 0x7398 | ErrorPolicyTable | Error policy table | +| 0x73A0 | McBankControlTable | MC Bank enable/control table | +| 0x73B0 | McgStatusCache | MSR MCG_STATUS (0x179) cached value | +| 0x73B8 | DxeServicesTable | gDS (EFI_DRIVER_SERVICES table) | +| 0x73C0 | SmmIpmiTransportProtocol | SMM IPMI Transport Protocol interface pointer | +| 0x73C8 | SmmVariableProtocol | SMM Variable Protocol interface pointer | +| 0x73D0 | SetupLibVariableProtocol | SMM Variable Protocol (setup lib) | +| 0x73D8 | InSmmContext | Is in SMM context flag (from EMCA probe) | +| 0x73E0 | EmcaPlatformProtocolSetupLib | EMCA Platform Protocol (setup lib usage) | | 0x7400 | qword_7400 | SMM Communication buffer pointer (from SMM Comm protocol) | | 0x7408 | qword_7408 | Setup variable data pointer (VariableGet) | | 0x7410 | qword_7410 | Setup variable data pointer (HOB) | @@ -53,10 +52,10 @@ | Address | Name | Purpose | |---------|------|---------| | 0x5CC | _ModuleEntryPoint | DXE driver entry point; calls library constructors and main init | -| 0x594 | sub_594 | Alternate entry point (SMM module entry via SW dispatch?) | -| 0x30D8 | sub_30D8 | AutoGen library constructor dispatcher (calls 12 library constructors) | -| 0x3550 | sub_3550 | Main driver initialization logic | -| 0x34E0 | sub_34E0 | Fallback error init (called if main init fails) | +| 0x594 | PlatformErrorHandlerSmmEntry | Alternate entry point (SMM module entry via SW dispatch?) | +| 0x30D8 | PlatformErrorHandlerConstructors | AutoGen library constructor dispatcher (calls 12 library constructors) | +| 0x3550 | RegisterPlatformErrorHandler | Main driver initialization logic | +| 0x34E0 | PlatformErrorHandlerFallbackInit | Fallback error init (called if main init fails) | | 0x3088 | sub_3088 | Status coalescing + set event (restore event to -1) | ## Entry Points (Public API) diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md index 80d8389..5d56b8a 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md @@ -12,7 +12,7 @@ - **PlatformErrorHandlerFallbackInit** (`sub_34E0`) -- recovered alias for error-path init helper - **PlatformErrorHandlerSmmEntry** (`sub_594`) -- recovered alias for secondary SMM path - **DispatchNotification** (`sub_3810`) / **DispatchWithEarlyOut** (`sub_3844`) -- callback dispatch helpers -- **RegisterErrorNotificationCallback** (`sub_36B8`) -- priority-sorted callback registration +- **RegisterErrorNotificationCallback** (`sub_36B8`) -- priority-sorted callback registration helper (24-byte node) - **RegisterErrorSource** (`sub_35C8`) -- source-registration linked list insertion ## Recovered Module Variables @@ -21,10 +21,19 @@ - `NotificationCallbackHead` / `NotificationCallbackTail` (`qword_72F0` / `qword_72F8`) - `EmcaPlatformProtocol` (`qword_7368`) - `SmmIpmiTransportProtocol` (`qword_73C0`) +- `McBankListTable` (`qword_7388`) +- `ErrorPolicyTable` (`qword_7398`) +- `McBankControlTable` (`qword_73A0`) +- `SocketCount` (`qword_73A8`) +- `McBankCount` (`qword_7390`) ## File Split Notes - `_ModuleEntryPoint` and `PlatformErrorHandlerSmmEntry` entry paths are in this file. -- SMM subroutines for MC bank lookup (`sub_1D8C`, `sub_1DE4`, `sub_1E3C`) are documented in `emcaplatformhookslib.c`, and this file is expected to consume that API. +- SMM helper routines for callback registration and dispatch (`RegisterErrorNotificationCallback`, + `RegisterErrorSource`, `DispatchNotification`, `DispatchWithEarlyOut`) are resolved from + decompilation evidence and exposed for cross-file linking from this module directory. +- SMM subroutines for MC bank lookup (`sub_1D8C`, `sub_1DE4`, `sub_1E3C`) are documented in + `emcaplatformhookslib.c`, and this module is expected to consume that API. ## Protocols/Dependencies - EMCA Platform Protocol ({F4CCBFB7-...}), SMM MC Bank Protocol diff --git a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.c b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.c index 09cf7f4..cc27e64 100644 --- a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.c +++ b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.c @@ -2,7 +2,7 @@ EmcaErrorLog.c -- EmcaErrorLog Auto-converted from IDA decompiler output. - Functions: 1 + Functions: 4 Copyright (c) HR650X BIOS Decompilation Project **/ @@ -15,9 +15,30 @@ { EFI_STATUS Status; - sub_37E0(ImageHandle, SystemTable); - Status = sub_3C58(ImageHandle, SystemTable); + EmcaErrorLogInitialize(ImageHandle, SystemTable); + Status = EmcaErrorLogEnable(ImageHandle, SystemTable); if ( Status < 0 ) - sub_3BE8(ImageHandle, SystemTable); + EmcaErrorLogRollback(ImageHandle, SystemTable); return Status; } + + +// Function: EmcaErrorLogInitialize +EFI_STATUS EmcaErrorLogInitialize(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) +{ + return sub_37E0(ImageHandle, SystemTable); +} + + +// Function: EmcaErrorLogEnable +EFI_STATUS EmcaErrorLogEnable(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) +{ + return sub_3C58(ImageHandle, SystemTable); +} + + +// Function: EmcaErrorLogRollback +EFI_STATUS EmcaErrorLogRollback(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) +{ + return sub_3BE8(ImageHandle, SystemTable); +} diff --git a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.h b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.h index e7ddcd7..624fe87 100644 --- a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.h +++ b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.h @@ -25,31 +25,31 @@ ); /// -/// sub_37E0 +/// EmcaErrorLogInitialize -- prepares EMCA error log support structures and globals /// EFI_STATUS EFIAPI -sub_37E0( +EmcaErrorLogInitialize( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable ); /// -/// sub_3C58 +/// EmcaErrorLogEnable -- core error logging path and SMI handler registration /// EFI_STATUS EFIAPI -sub_3C58( +EmcaErrorLogEnable( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable ); /// -/// sub_3BE8 +/// EmcaErrorLogRollback -- cleanup path if initialization fails /// EFI_STATUS EFIAPI -sub_3BE8( +EmcaErrorLogRollback( EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable ); diff --git a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.md b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.md index 1487971..54aea21 100644 --- a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.md +++ b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/EmcaErrorLog.md @@ -5,9 +5,9 @@ | Address | Name | Description | |---------|------|-------------| | N/A | **ModuleEntryPoint** | DXE/SMM entry point dispatcher. | -| N/A | **sub_37E0(ImageHandle, SystemTable)** | EMCA error-log initialization path. | -| N/A | **sub_3C58(ImageHandle, SystemTable)** | Core EMCA error logging and SMI handler setup. | -| N/A | **sub_3BE8(ImageHandle, SystemTable)** | Cleanup helper called when initialization fails. | +| N/A | **EmcaErrorLogInitialize** (`sub_37E0`) | EMCA error-log initialization path; preserved as `sub_37E0` in recovered split boundary. | +| N/A | **EmcaErrorLogEnable** (`sub_3C58`) | Core EMCA error logging and SMI handler setup; preserved as `sub_3C58` in recovered split boundary. | +| N/A | **EmcaErrorLogRollback** (`sub_3BE8`) | Cleanup helper called when initialization fails; preserved as `sub_3BE8` in recovered split boundary. | --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/README.md b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/README.md index da4fc8f..b0a9622 100644 --- a/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/README.md +++ b/PurleyPlatPkg/Ras/Whea/EmcaErrorLog/README.md @@ -10,9 +10,12 @@ ## Key Functions - **ModuleEntryPoint** -- Main entry: calls `sub_37E0` init, then `sub_3C58` for EMCA error log setup -- **sub_37E0** -- EMCA error log initialization: prepares error logging infrastructure and data tables -- **sub_3C58** -- Core EMCA error handling: registers SMI handler for machine check events -- **sub_3BE8** -- Error path cleanup handler called when initialization fails +- **EmcaErrorLogInitialize** (`sub_37E0`) -- EMCA error log initialization: prepares error logging infrastructure and data tables +- **EmcaErrorLogEnable** (`sub_3C58`) -- Core EMCA error handling: registers SMI handler for machine check events +- **EmcaErrorLogRollback** (`sub_3BE8`) -- Error path cleanup handler called when initialization fails + +## Module Recovery Notes +- This module boundary was recovered from decompilation stubs by keeping the original binary symbol names (`sub_37E0`, `sub_3C58`, `sub_3BE8`) as internal references and introducing descriptive entry-level wrappers. ## Protocols - EFI_SMM_SYSTEM_TABLE2 for SMM services diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.h b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.h index f2cd8ec..2bbef5c 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.h +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.h @@ -20,7 +20,8 @@ EFI_STATUS EFIAPI ModuleEntryPoint( - VOID + EFI_HANDLE ImageHandle, + EFI_SYSTEM_TABLE *SystemTable ); /// @@ -59,4 +60,20 @@ #define sub_41C0 LastBootErrorLogMain #define sub_4150 LastBootErrorLogUnload +#define sub_192C LastBootErrorLogWheaHooksInit +#define sub_23FC LastBootErrorLogProcessLastBootError +#define sub_34BC LastBootErrorLogDecodeProcessorError +#define sub_2EC4 LastBootErrorLogFindAndDispatchWheaError +#define sub_208C LastBootErrorLogProcessPlatformError +#define sub_27D4 LastBootErrorLogBuildErrorNotification +#define sub_2A74 CmcErrorHandler +#define sub_2E08 SmiErrorHandler +#define sub_2E30 UeErrorHandler + +#define qword_5698 gLastBootErrorHob +#define qword_5690 gWheaBootProtocol +#define qword_56A8 gWheaBootProtocolTable +#define qword_56A0 gWheaProtocolAlternate +#define qword_56D0 gSmiCmcProtocol + #endif /* __LASTBOOTERRORLOG_H__ */ diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md index a26c9be..85af758 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md @@ -4,11 +4,32 @@ | Address | Name | Description | |---------|------|-------------| -| | **_ModuleEntryPoint** | DXE driver entry / initialization entry | -| | **LastBootErrorLogAutoGenInit** | Auto-generated driver initialization chain | -| | **LastBootErrorLogMain** | Main DXE driver logic | -| | **LastBootErrorLogUnload** | Unload/cleanup helper when main init fails | -| rsi | **LastBootErrorLogAutoGenInit(); Status = LastBootErrorLogMain(ImageHandle, SystemTable); if ( Status < 0 ) { LastBootErrorLogUnload(ImageHandle, SystemTable); } return Status;** | entry-flow recovered from `_ModuleEntryPoint` | +| 0x588 | **_ModuleEntryPoint(ImageHandle, SystemTable)** | DXE driver entry / initialization entry | +| 0x3D94 | **LastBootErrorLogAutoGenInit** (`sub_3D94`) | Auto-generated driver initialization chain | +| 0x41C0 | **LastBootErrorLogMain** (`sub_41C0`) | Main DXE driver logic | +| 0x4150 | **LastBootErrorLogUnload** (`sub_4150`) | Unload/cleanup helper when main init fails | + +**Entry flow:** `_ModuleEntryPoint(ImageHandle, SystemTable)` calls `LastBootErrorLogAutoGenInit();` then `LastBootErrorLogMain(ImageHandle, SystemTable);` and on error calls `LastBootErrorLogUnload(ImageHandle, SystemTable)` before returning status. + +## Recovered Symbols + +- `sub_192C` -> `LastBootErrorLogWheaHooksInit` +- `sub_23FC` -> `LastBootErrorLogProcessLastBootError` +- `sub_34BC` -> `LastBootErrorLogDecodeProcessorError` +- `sub_2EC4` -> `LastBootErrorLogFindAndDispatchWheaError` +- `sub_208C` -> `LastBootErrorLogProcessPlatformError` +- `sub_27D4` -> `LastBootErrorLogBuildErrorNotification` +- `sub_2A74` -> `CmcErrorHandler` +- `sub_2E08` -> `SmiErrorHandler` +- `sub_2E30` -> `UeErrorHandler` + +### Recovered Global Variables + +- `qword_5698` -> `gLastBootErrorHob` +- `qword_56A8` -> `gWheaBootProtocolTable` +- `qword_5690` -> `gWheaBootProtocol` +- `qword_56A0` -> `gWheaProtocolAlternate` +- `qword_5660` -> `gMmPciBaseProtocol` --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md index 980a66f..376082b 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md @@ -6,15 +6,21 @@ ## Key Functions - **_ModuleEntryPoint** -- DXE entry: `LastBootErrorLogAutoGenInit` (AutoGen init, 11 library constructors), `LastBootErrorLogMain` (main processing), and `LastBootErrorLogUnload` on failure -- **LastBootErrorLogAutoGenInit** -- Auto-generated driver init chain invoked by module entry +- **LastBootErrorLogAutoGenInit** (`sub_3D94`) -- Auto-generated driver init chain invoked by module entry - **LastBootErrorLogMain** -- Main DXE logic - **LastBootErrorLogUnload** -- Cleanup/unload path when main init fails -- **sub_192C** -- WHEA Silicon Hooks init: resolves protocols, reads HOB for last boot error -- **sub_23FC** -- Process last boot error: parses HOB, dispatches based on error type (1=error, 2=clear) -- **sub_34BC** -- Main processor error decode: reads MCG_CAP MSR, determines correction mode, routes to callbacks -- **sub_2EC4** -- Search/find error in WHEA bank, dispatch to handler callback -- **sub_208C** -- Platform-specific error processing: 4 sockets x 21 threads via PCIe config space -- **sub_27D4** -- Build error notification structure for crash handler / WHEA event +- **LastBootErrorLogWheaHooksInit** (`sub_192C`) -- WHEA Silicon Hooks init: resolves protocols, reads HOB for last boot error +- **LastBootErrorLogProcessLastBootError** (`sub_23FC`) -- Process last boot error: parses HOB, dispatches based on error type (1=error, 2=clear) +- **LastBootErrorLogDecodeProcessorError** (`sub_34BC`) -- Main processor error decode: reads MCG_CAP MSR, determines correction mode, routes to callbacks +- **LastBootErrorLogFindAndDispatchWheaError** (`sub_2EC4`) -- Search/find error in WHEA bank, dispatch to handler callback +- **LastBootErrorLogProcessPlatformError** (`sub_208C`) -- Platform-specific error processing: 4 sockets x 21 threads via PCIe config space +- **LastBootErrorLogBuildErrorNotification** (`sub_27D4`) -- Build error notification structure for crash handler / WHEA event +- **CmcErrorHandler** (`sub_2A74`) -- Corrected Machine Check handler: caches corrected machine check events +- **SmiErrorHandler** (`sub_2E08`) -- SMI error handler used for SMI-mode machine check paths +- **UeErrorHandler** (`sub_2E30`) -- Uncorrectable error handler stub; validates callback parameter + +## Module/File Split Notes +- This directory only contains the recovered module-entry scaffold and symbol-recovery aliases; implementation bodies remain in reconstructed analysis-backed references in `LastBootErrorLog_analysis.md`. ## Protocols/Dependencies - WHEA Boot Protocol, MP Sync Protocol, MM PCI Base Protocol