intel 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310
  1. #------------------------------------------------------------------------------
  2. # $File: intel,v 1.22 2022/04/02 14:47:42 christos Exp $
  3. # intel: file(1) magic for x86 Unix
  4. #
  5. # Various flavors of x86 UNIX executable/object (other than Xenix, which
  6. # is in "microsoft"). DOS is in "msdos"; the ambitious soul can do
  7. # Windows as well.
  8. #
  9. # Windows NT belongs elsewhere, as you need x86 and MIPS and Alpha and
  10. # whatever comes next (HP-PA Hummingbird?). OS/2 may also go elsewhere
  11. # as well, if, as, and when IBM makes it portable.
  12. #
  13. # The `versions' should be un-commented if they work for you.
  14. # (Was the problem just one of endianness?)
  15. #
  16. 0 leshort 0502 basic-16 executable
  17. >12 lelong >0 not stripped
  18. #>22 leshort >0 - version %d
  19. 0 leshort 0503 basic-16 executable (TV)
  20. >12 lelong >0 not stripped
  21. #>22 leshort >0 - version %d
  22. 0 leshort 0510 x86 executable
  23. >12 lelong >0 not stripped
  24. 0 leshort 0511 x86 executable (TV)
  25. >12 lelong >0 not stripped
  26. 0 leshort =0512 iAPX 286 executable small model (COFF)
  27. >12 lelong >0 not stripped
  28. #>22 leshort >0 - version %d
  29. 0 leshort =0522 iAPX 286 executable large model (COFF)
  30. >12 lelong >0 not stripped
  31. #>22 leshort >0 - version %d
  32. # updated by Joerg Jenderek at Oct 2015
  33. # https://de.wikipedia.org/wiki/Common_Object_File_Format
  34. # http://www.delorie.com/djgpp/doc/coff/filhdr.html
  35. # ./msdos (version 5.25) labeled the next entry as "MS Windows COFF Intel 80386 object file"
  36. # ./intel (version 5.25) label labeled the next entry as "80386 COFF executable"
  37. # SGI labeled the next entry as "iAPX 386 executable" --Dan Quinlan
  38. 0 leshort =0514
  39. # use subroutine to display name+flags+variables for common object formatted files
  40. >0 use display-coff
  41. #>12 lelong >0 not stripped
  42. # no hint found, that at offset 22 is version
  43. #>22 leshort >0 - version %d
  44. 0 leshort 0x0200
  45. # no F_EXEC flag bit implies Intel ia64 COFF object file without optional header
  46. >18 leshort ^0x0002
  47. # skip some DEGAS high-res uncompressed bitmap *.pi3 handled by ./images like
  48. # GEMINI03.PI3 MODEM2.PI3 POWERFIX.PI3 sigirl1.pi3 vanna5.pi3
  49. # by test for valid starting character (often point 0x2E) of 1st section name
  50. >>20 ubyte >0x1F
  51. >>>0 use display-coff
  52. # F_EXEC flag bit implies Intel ia64 COFF executable
  53. >18 leshort &0x0002
  54. >>0 use display-coff
  55. 0 leshort 0x8664
  56. >0 use display-coff
  57. # rom: file(1) magic for BIOS ROM Extensions found in intel machines
  58. # mapped into memory between 0xC0000 and 0xFFFFF
  59. # From: Alex Myczko <alex@aiei.ch>
  60. # updated by Joerg Jenderek
  61. # https://en.wikipedia.org/wiki/Option_ROM
  62. # URL: http://fileformats.archiveteam.org/wiki/BIOS
  63. # Reference: http://www.lejabeach.com/sisubb/BIOS_Disassembly_Ninjutsu_Uncovered.pdf
  64. 0 beshort 0x55AA
  65. # skip misidentified raspberry pi pieeprom-*.bin by check for
  66. # unlikely high ROM size (0xF0*512=240*512) and not observed start instruction 0x0F
  67. >2 ubeshort !0xF00F
  68. # skip 2 byte sized eof.bin with start magic
  69. >>0 use rom-x86
  70. 0 name rom-x86
  71. >0 beshort x BIOS (ia32) ROM Ext.
  72. #!:mime application/octet-stream
  73. !:mime application/x-ibm-rom
  74. !:ext rom/bin
  75. ################################################################################
  76. # not Plug aNd Play ($PnP) like 00000000 (ide_xtp.bin kvmvapic.bin V7VGA.ROM) 000000fc (MCT-VGA.bin)
  77. # 55aaf00f (pieeprom-*.bin) 55aa40e9 (Trm3x5.bin) 24506f4f (sgabios-bin.rom)
  78. # 55aa4be9 (vgabios-stdvga.rom vgabios-cirrus-bin.rom vgabios-vmware-bin.rom)
  79. >(26.s) ubelong !0x24506e50
  80. #>(26.s) ubelong !0x24506e50 NOT PNP=%8.8x
  81. # also not PCI (PCIR) implies "old" ISA cards or foo like: 8a168404 (MCT-VGA.bin)
  82. # 55aaf00f (pieeprom*.bin)
  83. >>(24.s) ubelong !0x50434952
  84. #>>(24.s) ubelong !0x50434952 ISA CARD=%8.8x
  85. # "old" identification strings used in file version 5.41 and earlier
  86. # probably an USB controller
  87. >>>5 string USB USB
  88. # probably https://en.wikipedia.org/wiki/Preboot_Execution_Environment
  89. >>>7 string LDR UNDI image
  90. # probably another Adaptec SCSI controller
  91. >>>26 string Adaptec Adaptec
  92. # http://minuszerodegrees.net/rom/bin/adaptec_aha1542cp_bios_908501-00.bin
  93. # already done by PNP variant
  94. #>>>28 string Adaptec Adaptec
  95. # probably Promise SCSI controller
  96. >>>42 string PROMISE Promise
  97. # old test for IBM compatible Video cards; INTERNAL FACTS WHY IS THIS WORKING?
  98. >30 string IBM IBM comp. Video
  99. # display exact text for IBM compatible Video cards with longer text
  100. >>33 ubyte !0
  101. >>>30 string x "%s"
  102. # http://minuszerodegrees.net/rom/bin/unknown/MCT-VGA-16%20-%20TDVGA%203588%20BIOS%20Version%20V1.04A.zip
  103. # "IBM COMPATIBLETDVGA 3588 BIOS Version V1.04A2+" "MCT-VGA-16 - TDVGA 3588 BIOS Version V1.04A.bin"
  104. # "IBM VGA Compatible\001" NVidia44.bin
  105. # "IBM EGA ROM Video Seven BIOS Code, Version 1.04" V7VGA.ROM
  106. # "IBM" vgabios-stdvga.rom
  107. # "IBM" vgabios-vmware-bin.rom:
  108. # "IBM" vgabios-cirrus-bin.rom
  109. # "IBM" vgabios-virtio-bin.rom
  110. ################################################################################
  111. # ROM size in 512B blocks must be interpreted as unsigned for ROM of network cards
  112. # like: efi-eepro100.rom efi-rtl8139.rom pxe-e1000.rom
  113. >2 ubyte x (%u*512)
  114. # file name file size calculated size remark
  115. # eof.bin 2 - with start magic nothing is shown here
  116. # orchid.bin 188 0 =0*512 on window 95 CD in Drivers\audio\orchid3d
  117. # multiboot.bin 1024 1024 =2*512 QEMU emulator
  118. # loader1.bin 512 2048 =4*512
  119. # ide_xtp.bin 8192 8192 =16*512
  120. # kvmvapic.bin 9216 9216 =18*512
  121. # V7VGA.ROM 18832 16384 =32*512
  122. # adaptec1542.bin 32768 16384 =32*512
  123. # MCT-VGA.bin 32768 24576 =48*512
  124. # 2975BIOS.BIN 32768 32256 =63*512
  125. # efi-e1000.rom 196608 64000 =125*512
  126. # efi-rtl8139.rom 176640 66048 =129*512
  127. # pieeprom*.bin 524288 122880 =240*512
  128. ################################################################################
  129. # initialization vector with executable code; often near JuMP instruction E9 yy zz
  130. >3 ubyte =0xE9 jmp
  131. # jmp offset like: 008fh 0093h 009fh 00afh 0143h 3ad7h 5417h 54ech 594dh 895fh
  132. >>4 uleshort x %#4.4x
  133. # for initialization vector samples without 3 byte jump instruction
  134. >3 ubyte !0xE9 instruction
  135. # eb4b3734h NVidia44.bin
  136. # 00003234h V7VGA.ROM
  137. # 060e0731h kvmvapic.bin
  138. # cb000000h linuxboot-bin.rom
  139. # e80d0fcbh PXE-Intel.rom
  140. # b8004875h orchid.bin
  141. >>3 ubelong x %#8.8x
  142. # For misidetified raspberry pi pieeprom-*.bin like: 0xf00f
  143. #>2 ubeshort x \b, AT 2 %#4.4x
  144. ################################################################################
  145. # new sections for BIOS (ia32) ROM Extension
  146. # 4 bytes ASCII Signature "$PnP" for Plug aNd Play expansion header
  147. >(26.s) string =$PnP \b;
  148. #>(26.s) string =$PnP FOUND $PnP
  149. # at 1Ah possible offset to expansion header structure; new for Plug aNd Play
  150. >>26 uleshort x at %#x PNP
  151. # Plug and Play vendor+device ID like: 0 0x000f1000 (2975BIOS.BIN) 0x31121095 (4243.bin) 0x04904215 (adaptec1542.bin)
  152. #>>(26.s+0x0A) ulelong !0 NOT-nullID=%8.8x
  153. >>(26.s+0x0A) uleshort !0
  154. # show PnP Vendor identification in human readable text form instead of numeric
  155. # For adaptec_ava1515_bios_585201-00.bin reverted endian! BUT IS THIS ALWAYS TRUE?
  156. >>>(26.s+0x0C) use \^PCI-vendor
  157. >>>(26.s+0x0A) ubeshort x device=%#4.4x
  158. # 3 byte Device type code; probably the same meaning as in PCI section?
  159. # OK for storage controller SCSI (2975BIOS.BIN adaptec1542.bin)
  160. # and network controller ethernet (efi-e1000.rom efi-rtl8139.rom)
  161. >>(26.s+0x12) use PCI-class
  162. # structure revision like: 01h
  163. >>(26.s+4) ubyte !1 \b, revision %u
  164. # PnP Header structure length in multiple of 16 bytes like: 2
  165. >>(26.s+5) uleshort !2 \b, length %u*16
  166. # offset to next header; 0 if none
  167. >>(26.s+7) uleshort !0 \b, at %#x next header
  168. # reserved byte; seems to be zero
  169. >>(26.s+8) ubyte !0 \b, reserved %#x
  170. # 8-bit checksum for this header; calculated and patched by patch2pnprom
  171. >>(26.s+9) ubyte !0 \b, CRC %#x
  172. # pointer to optional manufacturer string; like: 0 (4243.bin) 59h 5ch 60h c7h 14eh 27ch 296h 324h 3662h
  173. >>(26.s+0x0E) uleshort >0 \b, at %#x
  174. >>>(26.s+0x0C) uleshort x
  175. # manufacturer ASCII-Z string like "http://ipxe.org" "Plop - Elmar Hanlhofer www.plop.at" "QEMU"
  176. >>>>(&0.s) string x "%s"
  177. # pointer to optional product string; like: 0 (2975BIOS.BIN) 6ch 70h 7ch d9h 160h 281h 29bh 329h
  178. >>(26.s+0x10) uleshort >0 \b, at %#x
  179. >>>(26.s+0x0E) uleshort x
  180. # often human readable product ASCII-Z string like "iPXE" "Plop Boot Manager"
  181. # "multiboot loader" "Intel UNDI, PXE-2.0 (build 082)"
  182. >>>>(&0.s) string x "%s"
  183. # PnP Device indicators; contains bits that identify the device as being capable of bootable
  184. #>>(26.s+0x15) ubyte x \b, INDICATORS %#x
  185. # device is a display device
  186. >>(26.s+0x15) ubyte &0x01 \b, display
  187. # device is an input device
  188. >>(26.s+0x15) ubyte &0x02 \b, input
  189. # device is an IPL device
  190. >>(26.s+0x15) ubyte &0x04 \b, IPL
  191. #>>(26.s+0x15) ubyte &0x08 reserved
  192. # ROM is only required if this device is selected as a boot device
  193. >>(26.s+0x15) ubyte &0x10 \b, bootable
  194. # indicates ROM is read cacheable
  195. >>(26.s+0x15) ubyte &0x20 \b, cacheable
  196. # ROM may be shadowed in RAM
  197. >>(26.s+0x15) ubyte &0x40 \b, shadowable
  198. # ROM supports the device driver initialization model
  199. >>(26.s+0x15) ubyte &0x80 \b, InitialModel
  200. # boot connection vector; an offset to a routine that hook into INT 9h, INT 10h, or INT 13h
  201. # 0 means disabled 0x0429 (4650_sr5.bin) 0x0072 (adaptec1542.bin)
  202. >>(26.s+0x16) uleshort !0 \b, boot vector offset %#x
  203. # disconnect vector; offset to routine that do cleanup from an unsuccessful boot attempt
  204. >>(26.s+0x18) uleshort !0 \b, disconnect offset %#x
  205. # bootstrap entry point/vector (BEV); offset to a routine (like RPL) that hook into INT 19h
  206. # 0 means disabled 0x3c (multiboot.bin) 0x358 (efi-rtl8139.rom) 0xae7 (PXE-Intel.rom)
  207. >>(26.s+0x1A) uleshort !0 \b, bootstrap offset %#x
  208. # 2nd reserved area; seems to be zero
  209. >>(26.s+0x1C) uleshort !0 \b, 2nd reserved %#x
  210. # static resource information vector; 0 means disabled
  211. >>(26.s+0x1E) uleshort !0 \b, static offset %#4.4x
  212. ################################################################################
  213. # 4 bytes ASCII Signature "PCIR" for PCI Data Structure
  214. #>(24.s) string =PCIR FOUND PCIR
  215. >(24.s) string =PCIR \b;
  216. # pointer to PCI data structure like: 1Ch 38h 104h 8E44h
  217. >>24 uleshort x at %#x PCI
  218. # Vendor identification (ID) https://pci-ids.ucw.cz/v2.2/pci.ids
  219. #>>(24.s+4) uleshort x ID=%4.4x
  220. # show Vendor identification in human readable text form instead of numeric
  221. >>(24.s+4) use PCI-vendor
  222. # device identification (ID)
  223. >>(24.s+6) uleshort x device=%#4.4x
  224. # Base+sub class code https://wiki.osdev.org/PCI
  225. >>(24.s+0x0D) use PCI-class
  226. # pointer to vital product data (VPD); 0 indicates no VPD; WHAT EXACTLY iS VPD?
  227. >>(24.s+8) uleshort !0 \b, at %#x VPD
  228. # PCI data structure length like: 24h 28h
  229. >>(24.s+0xA) uleshort >0x28 \b, length %u
  230. # PCI data structure revision like: 0 3
  231. >>(24.s+0xC) ubyte >0 \b, revison %u
  232. # image length (hexadecimal) in multiple of 512 bytes like: 54 56 68 6a 76 78 7c 7d 7e 7f 80 81 83
  233. # Apparently this gives the same information as given by byte at offset 2 but as 16-bit
  234. #>>(24.s+0x10) uleshort x \b, length %u*512
  235. # revision level of code/data like: 0 1 201h 502h
  236. >>(24.s+0xC) ubyte >1 \b, code revison %#x
  237. # code type: 0~Intel x86/PC-AT compatible 1~Open firmware standard for PCI42 FF~Reserved
  238. >>(24.s+0x14) ubyte >0 \b, code type %#x
  239. # last image indicator; bit 7 indicates "last image"; bits 0-6 are reserved
  240. >>(24.s+0x15) ubyte >0
  241. >>>(24.s+0x15) ubyte =0x80 \b, last ROM
  242. # THIS SHOULD NOT HAPPEN!
  243. >>>(24.s+0x15) ubyte !0x80 \b, indicator %x
  244. # 3rd reserved area; seems to be zero in most cases but not for
  245. # efi-e1000.rom efi-rtl8139.rom
  246. >>(24.s+0x16) ubeshort !0 \b, 3rd reserved %#x
  247. # Flash descriptors for Intel SPI flash roms.
  248. # From Dr. Jesus <j@hug.gs>
  249. 0 lelong 0x0ff0a55a Intel serial flash for ICH/PCH ROM <= 5 or 3400 series A-step
  250. 16 lelong 0x0ff0a55a Intel serial flash for PCH ROM
  251. # From: Joerg Jenderek
  252. # URL: https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface
  253. # Reference: https://uefi.org/sites/default/files/resources/ACPI_6_3_final_Jan30.pdf
  254. # Note: generated for example by `cat /sys/firmware/acpi/tables/DSDT MyDSDT.aml`
  255. 0 string DSDT
  256. >0 use acpi-table
  257. # not tested or other file format
  258. 0 string APIC
  259. >0 use acpi-table
  260. #0 string ASF!
  261. #>0 use acpi-table
  262. 0 string FACP
  263. >0 use acpi-table
  264. #0 string FACS
  265. #>0 use acpi-table
  266. 0 string MCFG
  267. >0 use acpi-table
  268. 0 string SLIC
  269. >0 use acpi-table
  270. 0 string SSDT
  271. >0 use acpi-table
  272. 0 name acpi-table
  273. # skip ASCII text starting with DSDT by looking for valid "low" revision
  274. >8 ubyte <17 ACPI Machine Language file
  275. # assume that ACPI tables size are lower than 16 MiB
  276. #>4 ulelong <0x01000000
  277. # DSDT for Differentiated System Description Table
  278. >>0 string x '%.4s'
  279. #!:mime application/octet-stream
  280. !:mime application/x-intel-aml
  281. !:ext aml
  282. # the manufacture model ID like: VBOXBIOS BXDSDT
  283. >>16 string >\0 %.8s
  284. # OEM revision of DSDT for supplied OEM Table ID like: 0 1 2 20090511
  285. >>>24 ulelong x %x
  286. # OEM ID like: INTEL VBOX (VirtualBox) BXDSDT (qemu) MEDION or \030\001\0\0 for s3pt.aml
  287. >>10 ubyte >040 by %c
  288. >>>11 ubyte >040 \b%c
  289. >>>>12 ubyte >040 \b%c
  290. >>>>>13 ubyte >040 \b%c
  291. >>>>>>14 ubyte >040 \b%c
  292. >>>>>>>15 ubyte >040 \b%c
  293. # This field also sets the global integer width for the AML interpreter.
  294. # Values less than two will cause the interpreter to use 32-bit.
  295. # Values of two and greater will cause the interpreter to use full 64-bit.
  296. # 16 for asf!.aml, 67 fo rsdp.aml
  297. >>8 ubyte x \b, revision %u
  298. # length, in bytes, of the entire DSDT (including the header)
  299. >>4 ulelong x \b, %u bytes
  300. # entire table must sum to zero
  301. #>>9 ubyte x \b, checksum %#x
  302. # vendor ID for the ASL Compiler like: INTL MSFT ...
  303. >>28 string >\0 \b, created by %.4s
  304. # revision number of the ASL Compiler like: 20051117 20140724 20190703 20200110 ...
  305. >>>32 ulelong x %x