[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional EFI definitions

From: Alexandre Boeglin
Subject: Re: Additional EFI definitions
Date: Sun, 2 Dec 2007 03:58:40 +0100
User-agent: RoundCube Webmail/0.1

On Sun, 2 Dec 2007 01:12:53 +0100, "Yoshinori K. Okuji" <address@hidden>
> Do you know what these drivers are?

Unfortunately, no. For now, I have only analysed the bootcamp EFI
application, that load all these drivers in one single function. And going
through all of them sound extremely boring ...

> Also, if I want to confirm what are
> required on my machine (the first generation of Mac Mini), what should I
> perform? I expect that they must be identical among different models more
> or
> less, but I think it would be better to verify it on some models.

First, you would need to extract the bootcamp EFI application from your
firmware, and decompress it. I used the tool available at

Then, use a disassembler (I like to edit the file with
the guid 2B0585EB-D8B8-49A9-8B8C-E21B01AEF2B7.

Next, look for a function (called from entry function, in my case) which
starts like this:

│........ ! sub_10000347:                   ;xref c10000319              
│........ !   push        ebp                             
│10000348 !   mov         ebp, esp                                       
│1000034a !   sub         esp, 10h                                       
│1000034d !   push        ebx                                            
│1000034e !   push        esi                                            
│1000034f !   xor         esi, esi                                       
│10000351 !   cmp         [ebp+8], esi                                   
│10000354 !   push        edi                                            
│10000355 !   jz          loc_10000360                                   
│10000357 !   mov         dword ptr [ebp-8], 1                           
│1000035e !   jmp         loc_1000036e                                   
│10000360 !                                                              
│........ ! loc_10000360:                   ;xref j10000355              
│........ !   mov         dword ptr [ebp+8], data_10001480               
│10000367 !   mov         dword ptr [ebp-8], 0ah                         

In this case, 0x10001480 is a list of 0xa guid.

I guess Apple uses the same code base for all its hardware, so it should
look similar in all firmwares. If you really want to make sure that it's
the correct function, you'd need to check that this function iterates over
these guids, calls schedule from the dxe service table on all of them for
all memory mapped firmware volume, then calls dispatch in a loop, which
would require a bit more time.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]