Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the board
Thread view  Mix view  Order
RayeR(R)

Homepage

CZ,
11.03.2015, 19:02
 

Fixing the Memtest EXE loader (Developers)

Hi, I tried to compile modified memtest https://github.com/CMU-SAFARI/rowhammer
it contains your EXE loader by eric auer
https://github.com/CMU-SAFARI/rowhammer/blob/master/src/mt86%2B_loader.asm
I have a problem that produced exe throw error:

nopatch db "jmp far dword not found at setup.S offset 37h,",13,10
db "(file offset 237h is not 66h, 0eah)",13,10
db "please adjust and recompile memtestl...",13,10,"$"

I found that it is little bit shifted and when I change
mov ax,[buffer+251h] ; should be jmp far dword (ofs, seg)
cmp ax,0ea66h
to
mov ax,[buffer+251h+13] ; should be jmp far dword (ofs, seg)
it finds it and I got another error:
lgdt [...] not found at setup.S offset 0ch

so I did some further patching by adding 13 but it ended with immediate reset of PC after I run it. What is the right place to correct the offset?
fullsize matches right the size of memtest.bin

---
DOS gives me freedom to unlimited HW access.

roytam(R)

12.03.2015, 08:24

@ RayeR

Fixing the Memtest EXE loader

> Hi, I tried to compile modified memtest
> https://github.com/CMU-SAFARI/rowhammer
> it contains your EXE loader by eric auer
> https://github.com/CMU-SAFARI/rowhammer/blob/master/src/mt86%2B_loader.asm
> I have a problem that produced exe throw error:
>
> nopatch db "jmp far dword not found at setup.S offset 37h,",13,10
> db "(file offset 237h is not 66h, 0eah)",13,10
> db "please adjust and recompile memtestl...",13,10,"$"
>
> I found that it is little bit shifted and when I change
> mov ax,[buffer+251h] ; should be jmp far dword (ofs, seg)
> cmp ax,0ea66h
> to
> mov ax,[buffer+251h+13] ; should be jmp far dword (ofs, seg)
> it finds it and I got another error:
> lgdt [...] not found at setup.S offset 0ch
>
> so I did some further patching by adding 13 but it ended with immediate
> reset of PC after I run it. What is the right place to correct the offset?
> fullsize matches right the size of memtest.bin

I tried to do same thing, it starts but once it detected RAM modal names and tries to start testing, it reboots.


@@ -133,11 +133,11 @@
        ; should be 4 ...
        inc al                  ; the boot sector itself
        movzx eax,al
        shl eax,9               ; log 2 of sector size
        add [cs:buflinear],eax  ; linear address of head.S now
-       mov ax,[buffer+251h]    ; should be jmp far dword (ofs, seg)
+       mov ax,[buffer+25eh]    ; should be jmp far dword (ofs, seg)
        cmp ax,0ea66h
        jz foundpatch
 patchbug:                      ; could not patch the jump
        mov dx,nopatch
        jmp generror
@@ -146,20 +146,20 @@
        mov dx,nogdt
        jmp generror
 
 foundpatch:
        mov eax,[cs:buflinear]
-       mov [buffer+253h],eax   ; patch the protected mode entry jump
+       mov [buffer+260h],eax   ; patch the protected mode entry jump
        ; (offset only - segment selector unchanged: flat linear CS)
 
 findgdt:
-       mov eax,[cs:buffer+20ch]        ; should be lgdt offset
+       mov eax,[cs:buffer+219h]        ; should be lgdt offset
        and eax,00ffffffh
        cmp eax,0016010fh       ; lgdt ...
        jnz gdtbug
 
-       mov ax,[cs:buffer+20fh]         ; GDTR contents pointer
+       mov ax,[cs:buffer+21ch]         ; GDTR contents pointer
        mov bx,ax
        mov eax,[cs:buffer+200h+bx+2]   ; GDT linear offset
        and eax,1ffh    ; assume GDT in first sector of setup.S
        ; *** WARNING: this is needed because setup.S contains
        ; *** HARDCODED offset of setup.S on linear 90200h, which

RayeR(R)

Homepage

CZ,
12.03.2015, 17:56

@ roytam

Fixing the Memtest EXE loader

> I tried to do same thing, it starts but once it detected RAM modal names
> and tries to start testing, it reboots.

LOL, seems that I did the same yesterday as you with the same result. I could save my time insted... Memtest 5.01 original crashes when test should begin (desktop and ntb). Memtest 5.01 rowhammer starts running but reports errors on all address. My patch:

mt86+_loader.asm:
15,17c15,16
< %define fullsize ( 182704 + buffer - exeh )
<    ; the fullsize of memtest.bin is adjusted by makedos.sh
<    ; don't remove space after brace (needed for awk/sed processing)
---
> %define fullsize (182704 + buffer - exeh)
> ; 182704 is the size of memtest86+ V5.01, adjust as needed!
139c138
<    mov ax,[buffer+25Eh]    ; should be jmp far dword (ofs, seg)
---
> mov ax,[buffer+251h]      ; should be jmp far dword (ofs, seg)
152c151
<    mov [buffer+260h],eax   ; patch the protected mode entry jump
---
> mov [buffer+253h],eax     ; patch the protected mode entry jump
156c155
<    mov eax,[cs:buffer+219h]        ; should be lgdt offset
---
> mov eax,[cs:buffer+20ch]  ; should be lgdt offset
161c160
<    mov ax,[cs:buffer+21ch]         ; GDTR contents pointer
---
> mov ax,[cs:buffer+20fh]           ; GDTR contents pointer
216,217c215,216
< nopatch    db "jmp far dword not found at setup.S offset 5Eh,",13,10
<    db "(file offset 25Eh is not 66h, 0eah)",13,10
---
> nopatch   db "jmp far dword not found at setup.S offset 37h,",13,10
> db "(file offset 237h is not 66h, 0eah)",13,10
220,221c219,220
< nogdt      db "lgdt [...] not found at setup.S offset 19h,",13,10
<    db "(file offset 219h is not 0fh, 01h, 16h)",13,10
---
> nogdt     db "lgdt [...] not found at setup.S offset 0ch,",13,10
> db "(file offset 20ch is not 0fh, 01h, 16h)",13,10


makedos.sh:
#!/bin/bash

if [ -f memtest.bin ]
then
CSIZE="$(awk 'NR==15' mt86+_loader.asm | awk '{print $4}')";
NSIZE="$(ls -l memtest.bin | awk '{print $5}')";
sed "s/$CSIZE/$NSIZE/" mt86+_loader.asm > mt86+_loader.asm.new;
mv mt86+_loader.asm.new mt86+_loader.asm;
nasm mt86+_loader.asm;
fi

---
DOS gives me freedom to unlimited HW access.

Zyzzle(R)

12.03.2015, 23:16

@ RayeR

Fixing the Memtest EXE loader

Do you have a binary of your patched 5.01 rowhammer version that I may test? Thanks.

RayeR(R)

Homepage

CZ,
13.03.2015, 01:24

@ Zyzzle

Fixing the Memtest EXE loader

> Do you have a binary of your patched 5.01 rowhammer version that I may
> test? Thanks.

I just deleted it, seems that newer memtest 5.x cannot be started with old loader and will need further update (according copyright it's 12 years old code). I use grub4dos to start memtest.bin from dos, it works from real mode.

---
DOS gives me freedom to unlimited HW access.

Back to the board
Thread view  Mix view  Order
15186 Postings in 1365 Threads, 250 registered users, 18 users online (0 registered, 18 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum