Quick way of locating BIOS extensions using Linux

From Wikipedia:

In order to discover memory-mapped option ROMs during the boot process, PC BIOS implementations scan real memory from 0xC0000 to 0xF0000 on 2 KiB boundaries, looking for a ROM signature: 0xAA55 (0x55 followed by 0xAA, since the x86 architecture is little-endian). In a valid expansion ROM, this signature is immediately followed by a single byte indicating the number of 512-byte blocks it occupies in real memory. The next byte contains an offset describing the option ROM’s entry point, to which the BIOS immediately transfers control. At this point, the expansion ROM code takes over, using BIOS services to register interrupt vectors for use by post-boot applications, provide a user configuration interface, or display diagnostic information.

Easy way to find these in Linux:

# curr=$((0xc0000)) ; incr=2048 ; while [ $curr -lt $((0xfffff)) ]; do od -t x1 -A x -j $curr -N 3 /dev/mem | head -1; let curr=curr+$incr; done | grep " 55 aa "

0c0000 55 aa 40
0c8000 55 aa 0f
0ca000 55 aa 08
0dc000 55 aa 20
0e0000 55 aa 20

These appear to be:

0xc0000 - 0xc7fff IBM PC BIOS           (0x40 512B blocks)
0xc8000 - 0xc9eff PCI???                (0x0f 512B blocks)
0xca000 - 0xcafff VMware BIOS           (0x08 512B blocks)
0xdc000 - 0xdffff unknown               (0x20 512B blocks)
0xe0000 - 0xe3fff Phoenix BIOS / VMware (0x20 512B blocks)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: