Showing posts with label ati. Show all posts
Showing posts with label ati. Show all posts

Thursday, January 2, 2014

Location of the ATI ATOMBIOS!

After having a chat with some guys developing the open source radeon driver on freenode, and with the reverse engineering of GPU-Z I found where the ATI ATOMBIOS is located.

Pretty simple actually, you take the BAR2(Base Address Register #2) and XOR it with 0x80000 afterwards you AND the result with 0xFFFE0000.

In practical terms

atombiosaddress = (BAR2 ^ 0x80000) & 0xFFFE0000.

Also, the VBIOS of the primary card can also be located at physical address 0xc0000 like radentool has specified.

EDIT: I did a binary comparison of my dump of my card vs the one from GPU-Z and mine seems to contain different data at certain locations. So not quite there yet.
Something interesting I discovered is that the location of the ATOMBIOS on the primary card is not always available at the address using the formula above, the address is valid, however the GPU-Z driver does something to make the card map the BIOS to that location, after it's done the address is valid, just doesn't contain anything. It works on non-primary cards though.
Posted by at 2 comments:
Labels: , , , , , , , , , , , , , , , ,

Monday, December 30, 2013

Disassembly of GPU-Z, I2C and GPUs in between part 2

I decided to focus on something easy this time, I wanted to figure out where on the memory of the card is the ATI ATOMBIOS stored, so I followed GPU-Z stepping into, for at least 2 hours and found something only for GPU-Z to trick me and give me false leads.


The line where it says "Writes bios byte by byte" is a bit misleading, since I found out that only the header of the ATOMBIOS was written to the buffer, odd as that may be. After stepping into the functions I suddenly found an address that pointed to where the BIOS was mapped to but how or when it got set, was a mystery to me.

However, what I did find is that for >=HD5k series of graphics cards, GPU-Z assumes a size of 0x20000(131072 bytes) for the BIOS.

After studying the tool radeontool, there is an interesting function here

void radeon_rom_tables(const char * file)
{
#define _64K (64*1024)
    unsigned char bios[_64K];
    char *biosmem;
    int fd, hdr, atom;
    if (strcmp(file, "mmap") == 0) {
        fd = open("/dev/mem", O_RDWR);
        biosmem = mmap(0, _64K, PROT_READ, MAP_SHARED, fd, 0xc0000);
        if (biosmem == MAP_FAILED) {
            perror("can't mmap bios");
            return;
        }
        memset(bios, 0, _64K);
        memcpy(bios, biosmem, _64K);
        munmap(biosmem, _64K);
        close(fd);
    }

It might indicate that the rom is located at offset  0xc0000 in physical memory. However is this also true for multiple graphics cards?
Posted by at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)