GELI BIOS weirdness
Eric McCorkle
eric at metricspace.net
Mon Feb 13 21:37:52 UTC 2017
On 02/13/2017 16:32, Conrad Meyer wrote:
> "objdump -D -b binary -Mx86-64 -mi386 foo.bin" should work fine (no
> symbols, though...).
This is a raw binary, which is necessary for BIOS booting. boot0 is way
too small to load an ELF.
>
> On Mon, Feb 13, 2017 at 1:16 PM, Dimitry Andric <dim at freebsd.org> wrote:
>> On 13 Feb 2017, at 21:58, Eric McCorkle <eric at metricspace.net> wrote:
>>>
>>> On 02/13/2017 15:36, Dimitry Andric wrote:
>>>
>>>> This disassembles to:
>>>>
>>>> 0: 66 0f 38 f6 f0 adcx %eax,%esi
>>>> 5: 31 c6 xor %eax,%esi
>>>> 7: 8b 4d 14 mov 0x14(%ebp),%ecx
>>>> a: 89 cf mov %ecx,%edi
>>>> c: c1 ff 1f sar $0x1f,%edi
>>>> f: 8b .byte 0x8b
>>>
>>> Note that this was truncated, so the sar and .byte are probably a
>>> truncated instruction.
>>>
>>> Also, when I had printfs in place, I could see the call instructions.
>>>
>>>> My first guess would be that the code simply jumped into garbage. But
>>>> can you post the complete .o file somewhere for inspection?
>>>
>>> Attached.
>>> <gptboot>
>>
>> Can you please post the file before it's been stripped and objcopied
>> from ELF to binary format? That makes it a lot easier to disassemble
>> and analyze... :)
>>
>> -Dimitry
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170213/a5fe8c58/attachment.sig>
More information about the freebsd-hackers
mailing list