On Fri, May 17, 2019 at 11:57:23PM +0300, Sam Eiderman wrote:
From: Liran Alon firstname.lastname@example.org
Windows kernel extracts various BIOS information at boot-time. The method it uses to extract SystemBiosDate is very hueristic. It is done by nt!CmpGetBiosDate().
nt!CmpGetBiosDate() works by scanning all BIOS memory from 0xF0000 to 0xFFFF5 (FSEG) in search for a string which is formatted like a date. It then chooses the string which represents the most recent date, and writes it to:
This date should usually be BiosDate located at FSEG(0xFFF5).
FWIW, if you want to ensure a stable date is found, it's probably simpler to force a valid date string to be present in the f-segment. Something like: char win_bios_date VARFSEG = " 04/01/2014 ";
As with my previous emails, I'd recommend using a hard-coded date (not a build date) - as this tends to improve reproducibility.