GELI BIOS weirdness

Eric McCorkle eric at metricspace.net
Mon Feb 13 21:37:52 UTC 2017


On 02/13/2017 16:32, Conrad Meyer wrote:
> "objdump -D -b binary -Mx86-64 -mi386 foo.bin" should work fine (no
> symbols, though...).

This is a raw binary, which is necessary for BIOS booting.  boot0 is way
too small to load an ELF.

> 
> On Mon, Feb 13, 2017 at 1:16 PM, Dimitry Andric <dim at freebsd.org> wrote:
>> On 13 Feb 2017, at 21:58, Eric McCorkle <eric at metricspace.net> wrote:
>>>
>>> On 02/13/2017 15:36, Dimitry Andric wrote:
>>>
>>>> This disassembles to:
>>>>
>>>>   0:   66 0f 38 f6 f0          adcx   %eax,%esi
>>>>   5:   31 c6                   xor    %eax,%esi
>>>>   7:   8b 4d 14                mov    0x14(%ebp),%ecx
>>>>   a:   89 cf                   mov    %ecx,%edi
>>>>   c:   c1 ff 1f                sar    $0x1f,%edi
>>>>   f:   8b                      .byte 0x8b
>>>
>>> Note that this was truncated, so the sar and .byte are probably a
>>> truncated instruction.
>>>
>>> Also, when I had printfs in place, I could see the call instructions.
>>>
>>>> My first guess would be that the code simply jumped into garbage.  But
>>>> can you post the complete .o file somewhere for inspection?
>>>
>>> Attached.
>>> <gptboot>
>>
>> Can you please post the file before it's been stripped and objcopied
>> from ELF to binary format?  That makes it a lot easier to disassemble
>> and analyze... :)
>>
>> -Dimitry
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170213/a5fe8c58/attachment.sig>


More information about the freebsd-hackers mailing list