Nick: anonymous E-mail: none Board: unknown Contents: BIOS board enable finder 0.2 by roxfan Scanning 7XHT25WW.FL2 for AWDFLASH hooks File length is not multiple of 64KB Scanning 7XHT25WW.FL2 for Winphlash hooks Found ZFPLF at 0040002B Board enable function is at 004001DB (xxxx:01C0) ==== 01C0 ===== 01C0 pushfw 01C1 pushad 01C3 call 21F 01C6 call 214 01C9 call B70 01CC wbinvd 01CE mov ecx, 200 01D4 rdmsr 01D6 cmp eax, FFE00005 01DC jnz EA 01DE cmp edx, 0 01E2 jnz EA 01E4 mov al, 0 01E6 wrmsr 01E8 jmp near F7 01EA add ecx, 2 01EE cmp ecx, 20E 01F5 jb D4 01F7 popad 01F9 popfw 01FA ret 01D4 rdmsr 01D6 cmp eax, FFE00005 01DC jnz EA 01DE cmp edx, 0 01E2 jnz EA 01E4 mov al, 0 01E6 wrmsr 01E8 jmp near F7 01EA add ecx, 2 01EE cmp ecx, 20E 01F5 jb D4 01F7 popad 01F9 popfw 01FA ret 01F7 popad 01F9 popfw 01FA ret 01EA add ecx, 2 01EE cmp ecx, 20E 01F5 jb D4 01F7 popad 01F9 popfw 01FA ret ==== 021F ===== 021F ret ==== 0214 ===== 0214 pushad 0216 call 23E 0219 call 278 021C popad 021E ret ==== 0B70 ===== 0B70 pushfw 0B71 pushad 0B73 push ds 0B74 push es 0B75 pop ds 0B76 mov eax, cr0 0B79 and al, 1 0B7B jnz word CAF 0B7F mov ebx, FED1C000 0B85 bt word [ebx+3410], B 0B8E jb word CAF 0B92 xor cx, cx 0B94 xor ebx, ebx 0B97 xor edx, edx 0B9A mov bx, [esi+7] 0B9E mov cl, [esi+B] 0BA2 shr cx, 1 0BA4 movzx ebx, bx 0BA8 mov edi, esi 0BAB sub edi, ebx 0BAE sub edi, edx 0BB1 movzx eax, word [esi+C] 0BB7 add edi, eax 0BBA mov al, [edi+18] 0BBE cmp al, FE 0BC0 jnz word C9E 0BC4 push cx 0BC5 push esi 0BC7 push edi 0BC9 mov esi, edi 0BCC add esi, 19 0BD0 mov cx, C 0BD3 mov edi, FED1F894 0BD9 a32 lodsb 0BDB mov [edi], al 0BDE cmp [edi], al 0BE1 inc edi 0BE3 loop D9 0BE5 mov edi, FED1F890 0BEB mov word [edi], C 0BF0 test [edi], ax 0BF3 xor eax, eax 0BF6 add edi, FFFFFF78 0BFD mov [edi], eax 0C01 test [edi], eax 0C05 sub edi, FFFFFF77 0C0C mov ax, 4242 0C0F mov [edi], ax 0C12 test [edi], ax 0C15 sub edi, 1 0C19 pause 0C1B bt word [edi], 0 0C20 jb 19 0C22 mov word [edi], 4 0C27 test [edi], ax 0C2A add edi, 80 0C2E mov eax, [edi] 0C32 pop edi 0C34 pop esi 0C36 add edi, 2 0C3A mov cl, [edi] 0C3D add edi, 2 0C41 mov ch, [edi] 0C44 mov edi, FED1C000 0C4A bt word [es:edi+3804], E 0C54 jae 8F 0C56 mov dh, [es:edi+389A] 0C5E mov dl, 9 0C60 cmp al, BF 0C62 jz 7F 0C64 mov dl, 15 0C66 cmp al, EF 0C68 jz 72 0C6A cmp al, C2 0C6C jz 72 0C6E cmp al, 20 0C70 jnz 7F 0C72 cmp byte [es:edi+389F], 6 0C7B jnz 7F 0C7D mov dl, 5 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0BA4 movzx ebx, bx 0BA8 mov edi, esi 0BAB sub edi, ebx 0BAE sub edi, edx 0BB1 movzx eax, word [esi+C] 0BB7 add edi, eax 0BBA mov al, [edi+18] 0BBE cmp al, FE 0BC0 jnz word C9E 0BC4 push cx 0BC5 push esi 0BC7 push edi 0BC9 mov esi, edi 0BCC add esi, 19 0BD0 mov cx, C 0BD3 mov edi, FED1F894 0BD9 a32 lodsb 0BDB mov [edi], al 0BDE cmp [edi], al 0BE1 inc edi 0BE3 loop D9 0BE5 mov edi, FED1F890 0BEB mov word [edi], C 0BF0 test [edi], ax 0BF3 xor eax, eax 0BF6 add edi, FFFFFF78 0BFD mov [edi], eax 0C01 test [edi], eax 0C05 sub edi, FFFFFF77 0C0C mov ax, 4242 0C0F mov [edi], ax 0C12 test [edi], ax 0C15 sub edi, 1 0C19 pause 0C1B bt word [edi], 0 0C20 jb 19 0C22 mov word [edi], 4 0C27 test [edi], ax 0C2A add edi, 80 0C2E mov eax, [edi] 0C32 pop edi 0C34 pop esi 0C36 add edi, 2 0C3A mov cl, [edi] 0C3D add edi, 2 0C41 mov ch, [edi] 0C44 mov edi, FED1C000 0C4A bt word [es:edi+3804], E 0C54 jae 8F 0C56 mov dh, [es:edi+389A] 0C5E mov dl, 9 0C60 cmp al, BF 0C62 jz 7F 0C64 mov dl, 15 0C66 cmp al, EF 0C68 jz 72 0C6A cmp al, C2 0C6C jz 72 0C6E cmp al, 20 0C70 jnz 7F 0C72 cmp byte [es:edi+389F], 6 0C7B jnz 7F 0C7D mov dl, 5 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C72 cmp byte [es:edi+389F], 6 0C7B jnz 7F 0C7D mov dl, 5 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C19 pause 0C1B bt word [edi], 0 0C20 jb 19 0C22 mov word [edi], 4 0C27 test [edi], ax 0C2A add edi, 80 0C2E mov eax, [edi] 0C32 pop edi 0C34 pop esi 0C36 add edi, 2 0C3A mov cl, [edi] 0C3D add edi, 2 0C41 mov ch, [edi] 0C44 mov edi, FED1C000 0C4A bt word [es:edi+3804], E 0C54 jae 8F 0C56 mov dh, [es:edi+389A] 0C5E mov dl, 9 0C60 cmp al, BF 0C62 jz 7F 0C64 mov dl, 15 0C66 cmp al, EF 0C68 jz 72 0C6A cmp al, C2 0C6C jz 72 0C6E cmp al, 20 0C70 jnz 7F 0C72 cmp byte [es:edi+389F], 6 0C7B jnz 7F 0C7D mov dl, 5 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0BD9 a32 lodsb 0BDB mov [edi], al 0BDE cmp [edi], al 0BE1 inc edi 0BE3 loop D9 0BE5 mov edi, FED1F890 0BEB mov word [edi], C 0BF0 test [edi], ax 0BF3 xor eax, eax 0BF6 add edi, FFFFFF78 0BFD mov [edi], eax 0C01 test [edi], eax 0C05 sub edi, FFFFFF77 0C0C mov ax, 4242 0C0F mov [edi], ax 0C12 test [edi], ax 0C15 sub edi, 1 0C19 pause 0C1B bt word [edi], 0 0C20 jb 19 0C22 mov word [edi], 4 0C27 test [edi], ax 0C2A add edi, 80 0C2E mov eax, [edi] 0C32 pop edi 0C34 pop esi 0C36 add edi, 2 0C3A mov cl, [edi] 0C3D add edi, 2 0C41 mov ch, [edi] 0C44 mov edi, FED1C000 0C4A bt word [es:edi+3804], E 0C54 jae 8F 0C56 mov dh, [es:edi+389A] 0C5E mov dl, 9 0C60 cmp al, BF 0C62 jz 7F 0C64 mov dl, 15 0C66 cmp al, EF 0C68 jz 72 0C6A cmp al, C2 0C6C jz 72 0C6E cmp al, 20 0C70 jnz 7F 0C72 cmp byte [es:edi+389F], 6 0C7B jnz 7F 0C7D mov dl, 5 0C7F mov [es:edi+38C4], dx 0C87 mov [es:edi+38C8], dx 0C8F cmp cx, ax 0C91 jz 9B 0C93 mov ah, al 0C95 ror eax, 8 0C99 cmp cx, ax 0C9B pop cx 0C9C jz AF 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret 0C9E add esi, 2 0CA2 add dl, 2 0CA5 dec cx 0CA6 jnz word BA4 0CAA popad 0CAC dec ax 0CAD pushad 0CAF pop ds 0CB0 popad 0CB2 popfw 0CB3 ret ==== 023E ===== 023E push eax 0240 push cx 0241 push dx 0242 push si 0243 mov eax, 8000F800 0249 mov dx, CF8 024C out dx, eax 024E out ED, al 0250 mov dx, CFC 0253 in eax, dx 0255 out ED, al 0257 mov si, 232 025A mov cx, 3 025D cmp [cs:si], eax 0261 jz 72 0263 add si, 4 0266 loop 5D 0268 mov al, 58 026A out 80, al 026C out 62, al 026E out ED, al 0270 jmp near 68 0272 pop si 0273 pop dx 0274 pop cx 0275 pop eax 0277 ret 0268 mov al, 58 026A out 80, al 026C out 62, al 026E out ED, al 0270 jmp near 68 0272 pop si 0273 pop dx 0274 pop cx 0275 pop eax 0277 ret 025D cmp [cs:si], eax 0261 jz 72 0263 add si, 4 0266 loop 5D 0268 mov al, 58 026A out 80, al 026C out 62, al 026E out ED, al 0270 jmp near 68 0272 pop si 0273 pop dx 0274 pop cx 0275 pop eax 0277 ret 0272 pop si 0273 pop dx 0274 pop cx 0275 pop eax 0277 ret ==== 0278 ===== 0278 push eax 027A push bx 027B push cx 027C push dx 027D push esi 027F push ds 0280 mov eax, 8000F800 0286 mov al, 40 0288 mov dx, CF8 028B out dx, eax 028D out ED, al 028F mov dx, CFC 0292 in ax, dx 0293 out ED, al 0295 mov dx, ax 0297 and dx, FE 029A add dx, 30 029D in al, dx 029E out ED, al 02A0 and al, FE 02A2 out dx, al 02A3 out ED, al 02A5 mov eax, 80000000 02AB mov al, 94 02AD mov dx, CF8 02B0 out dx, eax 02B2 out ED, al 02B4 push eax 02B6 mov dx, CFD 02B9 mov al, 0 02BB out dx, al 02BC out ED, al 02BE pop eax 02C0 mov al, 94 02C2 mov dx, CF8 02C5 out dx, eax 02C7 out ED, al 02C9 push eax 02CB mov dx, CFE 02CE mov al, 0 02D0 out dx, al 02D1 out ED, al 02D3 pop eax 02D5 mov al, 90 02D7 mov dx, CF8 02DA out dx, eax 02DC out ED, al 02DE push eax 02E0 mov dx, CFC 02E3 in al, dx 02E4 out ED, al 02E6 and al, F 02E8 out dx, al 02E9 out ED, al 02EB pop eax 02ED mov eax, 8000F800 02F3 mov al, DC 02F5 mov dx, CF8 02F8 out dx, eax 02FA out ED, al 02FC push eax 02FE mov dx, CFC 0301 in al, dx 0302 out ED, al 0304 or al, 1 0306 out dx, al 0307 out ED, al 0309 pop eax 030B and eax, 7FFFFFFF 0311 mov dx, CF8 0314 out dx, al 0315 out ED, al 0317 pop ds 0318 pop esi 031A pop dx 031B pop cx 031C pop bx 031D pop eax 031F ret