Request thread to insert SLP1.0 into BIOS

Discussion in 'BIOS Mod Requests. Post Requests Only' started by kageon1, Aug 20, 2007.

  1. kageon1

    kageon1 MDL Novice

    Aug 15, 2007
    8
    0
    0
  2. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. urie

    urie Moderator
    Staff Member

    May 21, 2007
    9,039
    3,388
    300
    #3 urie, Aug 21, 2007
    Last edited by a moderator: Apr 20, 2017
  4. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    I'll try it later. I didn't forget it, but I'm very busy this days. SLP1.0 is still new to me.

    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    #5 Yen, Aug 30, 2007
    Last edited by a moderator: May 23, 2017
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. wsjam13

    wsjam13 MDL Junior Member

    May 18, 2007
    75
    0
    0
    #6 wsjam13, Sep 1, 2007
    Last edited by a moderator: May 23, 2017
  7. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    Edit the manufacturer name. Editing those DMI entries does not affect SLP2.0.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Pajero

    Pajero MDL Novice

    Oct 2, 2007
    8
    1
    0
  9. Pajero

    Pajero MDL Novice

    Oct 2, 2007
    8
    1
    0
    #9 Pajero, Oct 2, 2007
    Last edited: Oct 2, 2007
    How to read the SLP definition in the OEMBIOS.DAT

    For your further info on SLP1.0, I'd like to give you some brief explanation on how to read/understand the SLP definition in the OEMBIOS.DAT.
    Visiting the site quoted above, you will find an SLP definition as follows:


    DELL (OEMBIOS CRC=B6F0EEFD)

    (A) 'f000','e076','0010','Dell System'
    (B) 'f000','e840','0010','Dell Computer'
    (C) 'f000','49a9','0010','Dell System'
    (D) 'f000','e05e','0010','Dell System'
    (E) 'f000','e838','0018','Dell Inc'


    How to read/understand it? It's very easy!
    Taking the pattern (A) for example:

    - f000,e076 -> Starting Address(0x000FE076) of the SLP Address
    - 0010 -> Address range in bytes (in hex)
    - Dell System -> SLP String which must be put in the address range, defined above

    Which indicates that you must put the SLP String("Dell System") in the memory address range怀of 0x000FE076 - 0x000FE086.

    As you can see, there are 5 patterns of SLP definitions for Dell, i.e., (A), (B), (C), (D), (E). Does this mean that you must satisfy the 5 patterns of SLP string & memory address at the same time?
    NOT at all! From a mathematical point of view, the logic of SLP validation is OR logic, not AND logic! And so it means you can only satisfy (A) or (B) or (C) or (D) or (E). If you could just satisfy any one of them, that's enough!
     
  10. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    #10 Yen, Oct 2, 2007
    Last edited: Oct 2, 2007
    Hi Pajero,

    You are very skilled regarding SLP1.0:)

    Thanks a lot for that information. I read about at chinese websites, but it was hard for me to understand, I'm not Chinese!

    If I'm using Cbrom to extract the modules at what module I will find the OEM string?

    The addresses you are referring to are these the RAM addesses?

    In that case you have to figure it out from where and to where SLP1.0 string is mapped into memory!

    Thanks again

    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Pajero

    Pajero MDL Novice

    Oct 2, 2007
    8
    1
    0
    #11 Pajero, Oct 2, 2007
    Last edited: Oct 3, 2007
    Hi, Yen, the famous modder!

    I'm a new-comer to this forum and Vista forum as well, but have been studying SLP1.0 of XP/2003 for some years, just on a personal and experimental basis only. (And just for your info, I'm NOT a Chinese either :), although I highly respect the profound culture of that country.)

    To your questions:
    YES, of course, I'm talking about "RAM addresses"(Physical Memory Addresses)! And we need to understand/grasp the address map of physical memory, where BIOS's main program and its components are deployed. We can see the address map of physical memory, by using debug.exe, H/W Direct, WinHex, and other debugging tools as well. And as you may know, whichever AMI or Award, the address map of main part of BIOS is similar or same if the kind of the BIOS is the same, because the allocation and deployment of BIOS program modules are similar or same. This could be a hint or clue for the BIOS moddings. But please be careful, as I tell you later!

    As for Award BIOS, in most cases, SLP string is buried in the module of "System BIOS", and you can check the string by performing memory dump, using the tools stated above. BTW, for cbrom.exe, I'm not specialized in it, but afraid that the program is not suitable for modding the Award BIOS for SLP1.0, because we need to modify the Main Program("System BIOS") and, for this purpose, cbrom.exe is not good at extracting & restoring the System BIOS module in a safe way. Therefore, instead, I use modbin6.exe for that purpose.


    Before entering into further details on modding BIOS, I'd like to review the basic knowledge of BIOS and SLP1.0 as in the followings:

    SLP1.0 theoretically functions in the physical memory addresses of:
    1. 0x000F0000 - 0x000FFFFF (Main BIOS area, where System BIOS program is deployed)
    2. 0x000E0000 - 0x000EFFFF (Extended BIOS area, e.g. NVRAM and so on )
    In case of SLP2.0, as you may know well, it doesn't matter where SLIC table is located or set, so long as RSD PTR can identify the starting address of SLIC table. For SLP1.0, however, the "main stage" is the above-mentioned address areas, especially 0x000F0000 - 0x000FFFFF, where most of SLP strings are to be located, as you can see in the site of MSFN Forum. Which means that we must be very careful in modding, because we need to work on the main/core part of BIOS programs and it's a sort of risky job.

    And it would be much better and wiser for you to just go for rewriting DMI info by dmicfg/dmi_b24 and stay away from modding the main BIOS binaries, if you could.

    In case of IBM, HP, Compaq, LENOVO, and many other OEM-Manufacturers, you can do without modding binaries, just by rewriting DMI info. But for Dell, Sony, ASUS, Panasonic, LG, Samsung and others, things are not so easy and we are forced to work on modding....

    Sorry, so much for today, because I have to go home. I do hope this could be of some help to your understanding.
     
  12. Pajero

    Pajero MDL Novice

    Oct 2, 2007
    8
    1
    0
    Hi, Yen

    One thing to be added on my comments yesterday.

    It'd be strongly advisable for you to try on VirtualPC or VMWare for your practice & training purpose, before you work on moddings of real PC-BIOSes.
    (As you may know, VirtualPC and VMWare have AMI-BIOS and Phoenix-BIOS respectively inside them.)
    1. You need to get familiar with the memory map of BIOS area (0x000F0000 - 0x000FFFFF), through performing memory dump.
    2. You can extract BIOS module from VPC or VMWare by using ResourceHacker, and open the binaries of main/core program(s) of BIOS.
    3. Then you need to compare the contents of BIOS binaries and the memory map where the binaries are deployed. You will check and see the followings:
    - Where DMI info is located.
    - Where BIOS version ID and BIOS manufacturer info are located.
    - What are the promising strings, if any, which could be changed into "SLP String".
    - Where unused areas (0x00) are located, in which SLP String could be buried.
    - And etc.
    4. Work on modding BIOS, and repeat Try & Error! There would be no "real" damages nor troubles even if you failed.​
    <Tools>
    - ResourceHacker: To extract BIOS module from VPC and VMWare
    - MMTool(2.22.1): To modify AMI-BIOS of VPC (Caution:Ver.3.12 does not work on this!)
    - Phoenix BIOS Editor: To modify Phoenix-BIOS of VMWare

    Very Sorry, in advance, for not replying to you for the time being, because I will take leave for weeks or so and go to a place where the Net could not reach me.
     
  13. Mephistopheles

    Mephistopheles MDL Novice

    Oct 2, 2007
    1
    0
    0
    Hey, Pajero

    U are a goddamned great whiz, man !!!!!

    i been a ROM visitor here, but got nothin' useful from bonehead Sr. members.
    BUT U are completely different! Ur hint helped me beat DELL & SONY's SLP!!!

    THX A LOT !!!!!!!!!!!!!!!!!!!!


    Radikal sein ist die Sache an der Wurzel fassen......
     
  14. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    Yes, as I said Pajero got high skills regarding SLP 1.0, but he respects others, especially senior members, which do and have done a lot of work regarding SLP 2.0!!!
    They (like me) don't have the time and the motivation to learn all about SLP (1.0)

    As beeing a ROM visitor for a long time and not contributing, you should keep your temper.

    There is no reason to offend any Sr. member calling them bonehead, ok? :mad:

    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. wsjam13

    wsjam13 MDL Junior Member

    May 18, 2007
    75
    0
    0
    SLP1 More Info Please

    Pajero,
    thanks for your info- i have manged to extract bios from vmware-but would appreciate any idiot proof help :)on slp1 modding generally- particualary for award and vmware phoenix bios`s
     
  16. urie

    urie Moderator
    Staff Member

    May 21, 2007
    9,039
    3,388
    300
    If you found it that easy then why don't you post some usefull information like your method, instead of undermining the Guys who have done all the hard work helping others by modding their bioses.
     
  17. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    #17 Yen, Oct 12, 2007
    Last edited: Oct 12, 2007


    Since I found the time I experimented with.


    Award bios.

    Pajero's informations are very helpful.

    You have to install Hwdirect and goto memory dump. Enter as physical address fc000 and as size 3fff and press the dump button.

    Now you will get a dump of the valid range of a ASUS SLP activation according to Pajero's instructions to find it.

    The aim for a successful activation must be: You must find the ASUS_FLASH string in here.

    But how to modify the bios so that this will be true?
    I tested his suggestion:

    1) Open the BIOS by MODBIN6.exe
    2) Go to menu "Change BIOS Message", and input the string "ASUS_FLASH"
    3) Save the BIOS

    This is the right way. The bios message you are changing here IS IN THE RIGHT range. To make sure you have to compare the original string shown by modbin before you are editing it to ASUS_FASH with the memory dump you did (must be THERE!!!)
    I found it at FE0C1 (my bios). You may leave the original string and add ASUS_FLASH string right behind the original one if there is free space shown at memory dump. So now I can do all the OEM activations that have THIS address as a valid one (included in the valid range), such as FUJITSU SIEMENS and HP PAVILION

    After that do the steps, flash the bios and check again using hwdirect.
    Now you will find the ASUS_FLASH string and the activation of Asus OEM Xp is only a matter of time.

    To repeat: Follow his instructions to find your valid range of the OEM. Dump the range using Hwdirect, and modify bios that the right string appears in that range. The last step is the clue and depends on the bios and the range where the OEM string has to be.

    I also tried cbrom! Cbrom doesn't allow to replace the modules. The first module is the System bios. I haven't found the right command to extract that module so far. So use Modbin.

    I'll continue with my experiments and will post new facts if obtained.

    This sure will work for ASUS OEM SLP 1.0

    AMI bios is no problem anymore cause Zhaoliang's tool already uses a great method. This method is based on the fact, that the "AMIBIOS 0800" string will be always mapped to physical address:ff400. From there you have got a relative point to find the matching address you'll need. The module is the 1B module.

    About Phoenix bioses I know almost nothing about. But I think PBE allows to edit some strings at the right place directly. Therefore you can try to experiment.
    Just see what's in the valid range using Hwdirect (note some strings) and search them using PBE. If found there edit one of it and save bios. Flash it and check if it now appears at the dump you did again.

    This is the general way!!!

    SLP1.0 is a much weaker protection, cause only one string has to be found at the right area. BUT to make sure that it'll be mapped right there, you sometimes have to play with it.:)



    Many thanks to Pajero:)

    And sorry I did't care much about so far. If anybody is still interested, please ask again.

    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. urie

    urie Moderator
    Staff Member

    May 21, 2007
    9,039
    3,388
    300
    Yen, thanks for the info have you tried doing any AMI bioses using Zhaoliang's tool to add Dell System slip 1.0 for xp.

    When you do a dump with HWDirect it is added at 000FE840 which is not in the correct range it is a ASRock P4i65GV2.20 bios im trying to mod Slic 2 works ok for dell for vista. Its just that i would prefer dell xp but if its not possible i could use another brand.
     
  19. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    I've figured out that Zhaoliang's tool has a bug. The address FE840 is a valid address, but for the 'Dell Computer' OEM string.

    HIS tool uses the 'Dell System' string. For this string, you are right, the above address is invalid.

    Solution: Change the Dell System string to Dell Computer AT both locations ($ODB$ as well)!!

    An other way is to move the Dell System string.

    If you want I'll do that for you. Just upload here your already modifoed bios.:)
    You can try to edit it (at 1b) module by yourself.


    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,081
    13,977
    340
    #20 Yen, Oct 13, 2007
    Last edited: Oct 13, 2007
    There is a easy way to correct the bug:

    Open xp_slp.ini at Zhaoliangs tool using notepad. Change 'Dell System' to 'Dell Computer' and save it. Remod using original bios again and it'll work.

    Yen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...