search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
50.93k stars 5.81k forks source link

Video Cards BIOS headers #6986

Open bog-dan-ro opened 2 days ago

bog-dan-ro commented 2 days ago

It will be great if ghidra will be able to read the GPU's rom headers, this way it can provide a great decompile experience.

Legacy PCI Expansion ROM Header:

struct pci_expansion_rom_header {
    uint16_t signature;        // 0x55AA
    uint8_t  size;             // Size of the ROM image in 512-byte blocks
    uint8_t  initialization[3];// Initialization code
    uint16_t pci_data_offset;  // Offset to PCI Data Structure
    uint16_t pnp_data_offset;  // Offset to PnP Expansion Header (optional)
};

struct pci_data_structure {
    uint32_t signature;        // "PCIR" (0x52494350)
    uint16_t vendor_id;
    uint16_t device_id;
    uint16_t device_list_offset;// Pointer to list of supported devices
    uint16_t pci_data_structure_length;
    uint8_t  pci_data_structure_revision;
    uint8_t  class_code[3];
    uint16_t image_length;     // Length of the entire ROM image in 512-byte blocks
    uint16_t revision_level;
    uint8_t  code_type;        // Type of code in this ROM (0 = x86, 1 = Open Firmware)
    uint8_t  last_image_indicator;
    uint16_t max_runtime_image_length;
};

UEFI PCI Expansion ROM Header:

struct efi_pci_expansion_rom_header {
    struct pci_expansion_rom_header legacy_header;
    struct pci_data_structure pci_data_structure;
    uint16_t efi_signature;    // 0x0EF1
    uint16_t efi_subsystem;
    uint16_t efi_machine_type;
    uint16_t compression_type;
    uint8_t  reserved[8];
    uint16_t efi_image_header_offset;
    uint16_t pcir_offset;
};

struct efi_image_header {
    uint32_t signature;        // "PE\0\0" or "TE\0\0" for compressed images
    uint16_t machine;
    uint16_t number_of_sections;
    uint32_t time_date_stamp;
    uint32_t pointer_to_symbol_table;
    uint32_t number_of_symbols;
    uint16_t size_of_optional_header;
    uint16_t characteristics;
    // ... more fields follow in the actual PE/COFF header
};
ryanmkurtz commented 2 days ago

Something like this would typically be done by a Ghidra Loader. Are you using a 3rd party loader for this type of binary?

bog-dan-ro commented 2 days ago

Something like this would typically be done by a Ghidra Loader. Are you using a 3rd party loader for this type of binary?

Nope, I'm using the official ghidra 11.1.2

ryanmkurtz commented 14 hours ago

This is pretty niche...have you considered just making the structures in Ghidra and saving them off for your future projects?