In the last episode of the Chronicles, I explored System Management Mode on the MinnowBoard. SourcePoint helped me see its basic operation, but only in object code format. Can I learn more by exploring the source code?
I learned from last time that the easiest way to enter SMM is to generate an SMI via the EFI shell, by typing in the command:
mm b2 0 -io
and then hitting a keystroke, and then hitting “Go” with the SMM entry breakpoint set. The shell uses SMM to process keystrokes in real mode:
We stop again at the familiar instruction
MOV BX, 804d
That we saw last time, the entry point to the keyboard SMI handler.
Is it possible to see the source code here? I clicked on the “LoadCurrent” macro button, to display the source, but alas, it does not display: an error message shows up in the Log window, “Can’t display source at location 7A1E000L”:
As I might have expected, the MinnowBoard firmware build doesn’t seem to include the source code for the SMI dispatch routines.
Rather than just giving up, I persisted a little, and came up with (maybe) a stroke of luck: I used SourcePoint to single-step through the code, down to address 7A1E0045L with the JMP statement, that ultimately took me to address 7A1E9953, at which point I hit the LoadCurrent button again, and got some interesting output in the Log window:
08/12/2018 16:27:04.963 OnCodDisplayChange Can't display Source at location 7A1E0000L.
08/12/2018 16:28:30.849 loadMacro Loading User Defined Macro #0: C:\Users\alans\OneDrive\Documents as of 5 9 2015\Arium\SourcePoint-IA_7.10.4.267\Macros\EFI\button\EfiBtn0_Chk.mac…
08/12/2018 16:28:30.850 Images.mac:LoadSingleImag LoadSingleImage(0008:7A1E0053)
08/12/2018 16:28:30.850 Images.mac:LoadSingleImag starting image search at 7A1E0053L
08/12/2018 16:28:30.850 Images.mac:LoadSingleImag aligning pointer 7A1E0053L on 4K boundary
08/12/2018 16:28:30.850 Primitives.mac:_alignpoin debug _alignpointer(): aligning 7A1E0053L
08/12/2018 16:28:30.850 Primitives.mac:_alignpoin debug _alignpointer(): Adjust = 0xfad
08/12/2018 16:28:30.850 Images.mac:LoadSingleImag aligned = 7A1E0000L
08/12/2018 16:28:30.850 Images.mac:LoadSingleImag starting aligned MZ/VZ search at 7A1E0000L
08/12/2018 16:28:30.939 Images.mac:LoadSingleImag found MZ at 7A1B7000L
08/12/2018 16:28:30.939 Images.mac:LoadSingleImag COFF file header at 7A1B70CCL
08/12/2018 16:28:30.940 Images.mac:LoadSingleImag number of sections = 6
08/12/2018 16:28:30.941 Images.mac:LoadSingleImag COFF optional header at 7A1B70E0L
08/12/2018 16:28:30.941 Images.mac:LoadSingleImag BaseOfCode = 7A1B7000L
08/12/2018 16:28:30.942 Images.mac:LoadSingleImag AddressOfEntryPoint = 7A1B72FCL
08/12/2018 16:28:30.945 Images.mac:LoadSingleImag NumberOfRvaAndSizes offset = 0x6C
08/12/2018 16:28:30.945 Images.mac:LoadSingleImag DataDirectories offset = 0x70
08/12/2018 16:28:30.947 Images.mac:LoadSingleImag DEBUG: directory offset = 0x4F40
08/12/2018 16:28:30.947 Images.mac:LoadSingleImag checking for codeview (type=2) at 7A1BBF4CL
08/12/2018 16:28:30.950 Images.mac:LoadSingleImag checking for CodeView signature at 7A1BCE40L
08/12/2018 16:28:30.952 Images.mac:LoadSingleImag found PE32 RSDS signature at 0x7A1BCE40L
08/12/2018 16:28:30.969 Images.mac:LoadSingleImag FILENAME @ 7A1BCE58L, LENGTH = 187, STRING = c:\myworkspace\Build\Vlv2TbltDevicePkg\DEBUG_VS2012x86\X64\Vlv2TbltDevicePkg\SmmSwDispatch2OnSmmSwDispatchThunk\SmmSwDispatch2OnSmmSwDispatchThunk\DEBUG\SmmSwDispatch2OnSmmSwDispatchThunk.pdb
08/12/2018 16:28:30.973 Images.mac:_findFile tPath = ""
08/12/2018 16:28:30.975 Images.mac:_fileExists FileNameString = "c:\myworkspace\Build\Vlv2TbltDevicePkg\DEBUG_VS2012x86\X64\Vlv2TbltDevicePkg\SmmSwDispatch2OnSmmSwDispatchThunk\SmmSwDispatch2OnSmmSwDispatchThunk\DEBUG\SmmSwDispatch2OnSmmSwDispatchThunk.efi"
08/12/2018 16:28:30.979 load Loading EFI(PE) format
"c:\myworkspace\Build\Vlv2TbltDevicePkg\DEBUG_VS2012x86\X64\Vlv2TbltDevicePkg\SmmSwDispatch2OnSmmSwDispatchThunk\SmmSwDispatch2OnSmmSwDispatchThunk\DEBUG\SmmSwDispatch2OnSmmSwDispatchThunk.efi"
What does this all mean? Are some symbols are being loaded from the EFI(PE) format files? I need to look into the SmmSwDispatch2OnSmmSwDispatchThunk map file to learn more. Stay tuned!
Do you like the Chronicles? Read the whole first 31 episodes here: The MinnowBoard Chronicles (note: requires registration).
