Sunday 24 July 2011

Using the PCI sysfs interface to dump the Video BIOS ROM

The Linux PCI core driver provides a useful (and probably overlooked) sysfs interface to read PCI ROM resources.  A PCI device that has a ROM resource will have a "rom" sysfs file associated with it, writing anything other than 0 to it will enable one to then read the ROM image from this file.

For example, on my laptop, to find PCI devices that have ROM images associated with them I used:

find /sys/devices -name "rom"
/sys/devices/pci0000:00/0000:00:02.0/rom

and this corresponds to my Integrated  Graphics Controller:

lspci | grep 02.0
00:02.0 VGA compatible controller: Intel Corporation Mobile GM965/GL960 Integrated Graphics Controller (primary) (rev 0c)

To dump the ROM I used:

echo 1 | sudo tee /sys/devices/pci0000\:00/0000\:00\:02.0/rom
sudo cat /sys/devices/pci0000\:00/0000\:00\:02.0/rom > vbios.rom

To disassemble this I used ndisasm:

sudo apt-get install nasm
ndisasm -k 0,3 vbios.rom | less

..and just use strings on the ROM image to dump out interesting text, e.g.

strings vbios.rom
000000000000
00IBM VGA Compatible BIOS.
PCIR
(00`
*@0p
H?@0b
..


..and then used a tool like bvi to edit the ROM.

4 comments:

  1. Hi there, i was trying to dump my vga bios into my hdd, from linux ubuntu natty.

    i wonder when i try using your instruction i can't get proper rom,

    instead of gain proper rom, i got rom files with filled by "echo 1 | sudo tee /sys/devices/pci0000\:00/0000\:00\:02.0/rom"

    the silly thing is that is the command.

    question :

    is this command on your instruction 1 command or 2 command?

    echo 1 | sudo tee /sys/devices/pci0000\:00/0000\:00\:02.0/rom
    sudo cat /sys/devices/pci0000\:00/0000\:00\:02.0/rom > vbios.rom

    ReplyDelete
  2. two distinct commands:

    echo 1 | sudo tee /sys/devices/pci0000\:00/0000\:00\:02.0/rom

    then

    sudo cat /sys/devices/pci0000\:00/0000\:00\:02.0/rom > vbios.rom

    ReplyDelete
  3. Thank you for this, had a hard time dumping my VBIOS in Windows, this worked great

    ReplyDelete
  4. I'm curious, do you know what linux is doing when you do the "echo 1 > rom"? I have a question posted about this on stackoverflow but I doubt it will be answered...
    stackoverflow.com/questions/16241986/what-does-echo-1-rom-for-pci-devices-do-and-how-can-i-do-it-programatically

    ReplyDelete