Link to home
Start Free TrialLog in
Avatar of alfa57
alfa57

asked on

Write Motherboard nvram using API

Hi
I want to write the Bios nvram using an API function.
(Think it can be done using the "copymemory" API.)

I've found this function in the internet:
====================================================
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)

Private Sub WriteNVRam()  
  Dim WriteFrom as Byte
  Dim nBytes As Long
  Call CopyMemory(ByVal  [your nvRam address] , WriteFrom, nBytes)
End Sub
====================================================

How can i find the address of the nvram
to insert in the function.

Maybe a internet homepage or something else where this
is described?

(The Bios nvram is a only 128Byte wide area.)

Alfa57
Avatar of Asta Cu
Asta Cu
Flag of United States of America image

Your question posted three times, delete the other two to regain your points before someone comments there.  Asta
First of all, I suppose you didn't mean to post it three times. You may want to delete the other two.

You cannot access the nwram directly. It doesn't have a direct memory address that can be used from within a standard API function.

As far as I know, only kernel mode driver *might* have the access rights for doing such a dangerous thing. Current viruses that destroy the bios usually do that on reboot, because the system doesn't let them write to the BIOS.

If you really want to do this, if at all possible, you'll have a hard time finding the right functions. But to give you a hint: get rid of VB, download the DDK from MS for the platform you use, make yourself familiar with debugging symbols, start using VC and then start learning how to write kernel mode drivers. Oh, and you'll probably need a some assembler too.

Good luck!

regards,
Abel

BTW, the CopyMemory function can be used by VB when you take the utmost care. But it can only move memory around that is in the virtual address space every application has, the famous 2Gb area you always look at when dealing with memory.
Avatar of alfa57
alfa57

ASKER

I clicked submit, and my message was posted 4 times,
decreasing my account by 400 points. ;-(

I deleted the three messages.

=============================================
I know two APIs setting the Bios nvram...

1)
The ExitWindows writes the Reboot-Reason into the
nvram at address &H0F (1 Byte).

2)
The SetSystemTime API writes date and time into
the first 14 Bytes of the Bios nvram.


There's a Win95 program of Benjamin Jonston.
(http://www.cltr.uq.oz.au/~s355171/index.html)

With this program ("cmos viewer") it is possible to read and
write the Bios-nvram. I will send a mail to him for
asking howto program the nvram, but
he lives in australia, and he is in holiday
for some weeks.

>>You cannot access the nwram directly. It doesn't have a
>>direct memory address

That seams to be logical. The nvram is **NOT** part
of the EMS or conventional Ram. I think the copymemory
function now is not the right method...


Alfa57

I think I've forgotten that most people in the world use Win95/98/Me, having a completely different memory model. Without thinking about it I refered to winNT/2000, which have a very strict division between Ring 0 and Ring 3 level executing mode.

I followed your link and it's refreshing to see what one can do with ordinary functions (he says that he "just" used Delphi to accomplish the task) in Windows 95. I remember a long while ago that I was also crossing process boundaries and plunging where you shouldn't plunge. That was before my NT-time :-)  Running the CMOSViewer on NT/2000 though gives the error: "privileged instruction called" and nothing happens....

I do have a BIOS functions handbook, from the DOS-era. I can look up some functions if you want me to (but those will be assembler then).

Regards,
Abel
In addition, you may want to look up any details about IOCTL_MSJDRVR_READ_CMOS on MSDN. You'll find an article which describes a function MSJReadMemoryStatsFromCMOS that reads from CMOS under NT/2000. It doesn't work though under other OS's
Avatar of alfa57

ASKER

Would be glad if you can take a look in the bios book
and find out, where the address of the nvram is.


>>that reads from CMOS under NT/2000.


..my System is Win98.
I've walked through the book and found these to look after;

Map Physical to Linear memory:
Int 31h, Functino 0800h

Unmap Physical to Linear memory:
Int 31h, Function 0801h

By default, the real mode segment for the BIOS data area is 0040h under DOS, but I don't know if that has changed, since then. You can use this function to convert that:

Int 31h, Function 0002h
Convert Segment to an LDT descriptor

These descriptors *cannot* be freed with:

Int 31h, Function 0001h
Free descriptor

If you want to use Int 31h, Function 0002h with more descriptors, you need:

Int 31h, Function 0000h
Allocate LDT descriptors

Another thing to look after is the next one, which is, according to the documentation, only used on PS/2 systems, so it might not be of use anymore.

Int 15h, function C1h
Return Extended BIOS Data Area Segment.
ASKER CERTIFIED SOLUTION
Avatar of abel
abel
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks :)

Alfa, was it of any use, did you manage to find and read/write the nvram?