Reverse Engineering PCI Drivers: Difference between revisions
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
This is a short guide demonstrating how I used the PCI Passthrough framework in KVM to reverse engineer atiflash.exe � a video BIOS flashing tool for DOS. | This is a short guide demonstrating how I used the PCI Passthrough framework in KVM to reverse engineer atiflash.exe � a video BIOS flashing tool for DOS. | ||
atiflash.exe is a real dos application that flashes the video BIOS on ATi graphics cards. There are numerous ATi video BIOS flashing tools for Windows, but none for Linux as the code for doing this has not been made publicly available by AMD. | atiflash.exe is a real dos application that flashes the video BIOS on ATi graphics cards. There are numerous ATi video BIOS flashing tools for Windows, but none for Linux as the code for doing this has not been made publicly available by AMD. | ||
This technique allowed me to trace all PCI configuration space and memory mapped i/o (mmio) accesses to the PCI-E device from the closed source flashing tool. | This technique allowed me to trace all PCI configuration space and memory mapped i/o (mmio) accesses to the PCI-E device from the closed source flashing tool. | ||
Tools needed: | Tools needed: | ||
Line 14: | Line 17: | ||
* Guest operating system (I used FreeDOS from UBCD - http://www.ultimatebootcd.com/) | * Guest operating system (I used FreeDOS from UBCD - http://www.ultimatebootcd.com/) | ||
* Secondary video card to boot Linux with while the Radeon is used in the virtual machine | * Secondary video card to boot Linux with while the Radeon is used in the virtual machine | ||
First the radeon and drm kernel modules had to be blacklisted to prevent the host from using the hardware that would be passed to the virtual machine. | |||
Use lspci to get the location of the PCI device: | |||
* 02:00.0 VGA compatible controller: ATI Technologies Inc RV770 [Radeon HD 4870] | |||
* 02:00.1 Audio device: ATI Technologies Inc HD48x0 audio | |||
''Special thanks go out to Carl-Daniel Hailfinger, Twice#11 and the entire KVM and QEMU team for making this possible.'' | ''Special thanks go out to Carl-Daniel Hailfinger, Twice#11 and the entire KVM and QEMU team for making this possible.'' |
Revision as of 01:50, 22 February 2010
(UNDER CONSTRUCTION) by Vikram Ambrose -- Vambrose 01:44, 22 February 2010 (UTC)
This is a short guide demonstrating how I used the PCI Passthrough framework in KVM to reverse engineer atiflash.exe a video BIOS flashing tool for DOS.
atiflash.exe is a real dos application that flashes the video BIOS on ATi graphics cards. There are numerous ATi video BIOS flashing tools for Windows, but none for Linux as the code for doing this has not been made publicly available by AMD.
This technique allowed me to trace all PCI configuration space and memory mapped i/o (mmio) accesses to the PCI-E device from the closed source flashing tool.
Tools needed:
- CPU with virtualisation support (eg, AMD-V, Intel VT-x, an IOMMU is not necessary)
- Newer-the-better Linux kernel with KVM support
- Special KVM branch of QEMU (git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git)
- Guest operating system (I used FreeDOS from UBCD - http://www.ultimatebootcd.com/)
- Secondary video card to boot Linux with while the Radeon is used in the virtual machine
First the radeon and drm kernel modules had to be blacklisted to prevent the host from using the hardware that would be passed to the virtual machine.
Use lspci to get the location of the PCI device:
* 02:00.0 VGA compatible controller: ATI Technologies Inc RV770 [Radeon HD 4870] * 02:00.1 Audio device: ATI Technologies Inc HD48x0 audio
Special thanks go out to Carl-Daniel Hailfinger, Twice#11 and the entire KVM and QEMU team for making this possible.