Author Topic: MASM Get Root Complex Base Address Register and IOTR0-IOTR3  (Read 5347 times)

iKjetil

  • Regular Member
  • *
  • Posts: 6
MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« on: October 30, 2015, 06:00:47 PM »
This post has been edited.

Discussion in this thread has been moved on to how to interpret IOTRn registers in Windows 10. There seems to be read different values from these registers on almost every turn. Is this by design? Is this a Windows 10 feature? Does this occur on a Linux system as well? Difficult to interpret how to check for trapped IO under such conditions. Anyone got any ideas feel free to share.

Kjetil
« Last Edit: November 02, 2015, 04:03:19 AM by iKjetil »

Raistlin

  • Member
  • ****
  • Posts: 536
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #1 on: October 30, 2015, 08:10:51 PM »
see:

http://wiki.osdev.org/PCI#Configuration_Mechanism_.231

Just looking at your code - I've spotted multiple overwrites of you're initial parameters,
to the extent that it trashes the registers and no logic flow is evident (apart from the component parameter names required).
Please don't take this the wrong way - but look at assembly fundamentals first (register use) before attempting this.
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...

ragdog

  • Member
  • ****
  • Posts: 610
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #2 on: October 30, 2015, 08:34:49 PM »
Hello

I think it help you
http://board.flatassembler.net/topic.php?t=12738

regards,

dedndave

  • Member
  • *****
  • Posts: 8829
  • Still using Abacus 2.0
    • DednDave
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #3 on: October 30, 2015, 10:37:37 PM »
Code: [Select]
SHL AX, 16
i don't know where you got that code, but i can tell you it isn't right   :biggrin:

iKjetil

  • Regular Member
  • *
  • Posts: 6
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #4 on: November 01, 2015, 04:39:29 AM »
That code was horribly wrong. I got it working now anyway.
By the way, what data usually exists in IOTRn registers?

## IOTRn - I/O Trap Register (0-3) ##
IOTR0 value is 0x15FFFFFE63520D8B
IOTR1 value is 0x8B48000371D6E8C0
IOTR2 value is 0xFE62CF0D8B4800FF
IOTR3 value is 0xF936E8F98B48F28B

I know the Intel spec says it's default value is 0x0000000000000000. My reasoning is that the OS must use these registers so it might be correct. Not sure though as there isn't very many sources to this information.

iKjetil

  • Regular Member
  • *
  • Posts: 6
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #5 on: November 01, 2015, 07:29:52 PM »
Hi.

As an update it would seem in Windows 10 the IOTRn registers keep changing values.
I would like to know if this is normal behaviour?

iKjetil

jj2007

  • Member
  • *****
  • Posts: 11759
  • Assembler is fun ;-)
    • MasmBasic
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #6 on: November 01, 2015, 07:51:51 PM »
Absolutely. In later versions of Window, they made it somewhat more difficult for the rootkits...

iKjetil

  • Regular Member
  • *
  • Posts: 6
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #7 on: November 01, 2015, 11:47:13 PM »
Absolutely. In later versions of Window, they made it somewhat more difficult for the rootkits...

Do you know what is being done in Windows since the registers change values so dramatically? Is the values stored in those registers any good at all? Is it possible at all to trap IO using IOTRn on Windows 10?

What I am looking for is if checking these registers I am getting any valid information?

jj2007

  • Member
  • *****
  • Posts: 11759
  • Assembler is fun ;-)
    • MasmBasic
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #8 on: November 02, 2015, 12:00:28 AM »
Is it possible at all to trap IO using IOTRn on Windows 10?

Possible, or rather: it depends. What exactly do you want to achieve?

iKjetil

  • Regular Member
  • *
  • Posts: 6
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #9 on: November 02, 2015, 01:08:58 AM »
Possible, or rather: it depends. What exactly do you want to achieve?
I am trying to confirm or deny IO trap in these registers. When values change so much it is difficult to know how to do this other than analyze the values over time. Do you have any ideas? :)

jj2007

  • Member
  • *****
  • Posts: 11759
  • Assembler is fun ;-)
    • MasmBasic
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #10 on: November 02, 2015, 03:13:39 AM »
Kristoffer,

This stuff is really badly documented, so it won't be easy. It gets complicated by the fact that you have posted code that is nonsense (shl ax, 16 does nothing), so you would have to convince the few guys here who will understand your problem that your project is a legit one. Forum policy on this is pretty strict, and rightly so :P

You are aware of the Bassov article, of System Address Map Initialization in x86/x64 Architecture and How an I/O port leads to System Management Mode?

iKjetil

  • Regular Member
  • *
  • Posts: 6
Re: MASM Get Root Complex Base Address Register and IOTR0-IOTR3
« Reply #11 on: November 02, 2015, 04:07:56 AM »
Those articles are really good. However they do not shed light on how to interpret changing IOTRn registers. As you said this is really badly documented. Any input at all is helpful right now.