[SerialICE] r90 - trunk/SerialICE/scripts
svn at coresystems.de
svn at coresystems.de
Mon Dec 7 18:05:07 CET 2009
Author: stepan
Date: 2009-12-07 18:05:07 +0100 (Mon, 07 Dec 2009)
New Revision: 90
Modified:
trunk/SerialICE/scripts/serialice.lua
Log:
Update SerialICE LUA script. It is really time that we start
using the device model.
- add global variable "ip_logging" to enable/disable logging
[CS:IP] for every access.
- only register physical memory for RAM if it did not happen before
- reset Qemu CPU when target is reset with 0xcf9
- Implement Intel CPU microcode update faking in the MSR read/write filters.
It would be a relatively easy hack to add microcodes to the SerialICE image
and even run them, by having the msr write point to the correct address, in
case that should ever be needed.
- add a lot of automation triggers to increase SerialICE speed on my
test hardware.
Signed-off-by: Stefan Reinauer <stepan at coresystems.de>
Modified: trunk/SerialICE/scripts/serialice.lua
===================================================================
--- trunk/SerialICE/scripts/serialice.lua 2009-12-05 16:37:58 UTC (rev 89)
+++ trunk/SerialICE/scripts/serialice.lua 2009-12-07 17:05:07 UTC (rev 90)
@@ -41,10 +41,14 @@
ram_is_initialized = false
--- Whether to log read access (code fetches) to 0xe0000 to 0xfffff
+-- Set to "true" to log read access (code fetches) to 0xe0000 to 0xfffff
log_rom_access = false
+-- Set to "true" to log CS:IP for each access
+
+ip_logging = false
+
-- Remember the PCI device selected via IO CF8
SerialICE_pci_device = 0
@@ -84,6 +88,15 @@
-- **********************************************************
--
+ if ( port == 0x60 and data_size == 1 ) then
+ if ( regs.eip == 0xbd6d and regs.eax == 0x8aa and regs.ecx == 0x00fffff0 ) then
+ -- f000:bd6d
+ printf("Skipping keyboard timeout...\n")
+ regs.eax = 0x01aa
+ regs.ecx = 0x0010
+ end
+ end
+
return caught, data
end
@@ -227,15 +240,40 @@
-- permanently from the target (several reads/writes per
-- decompressed byte).
- if port == 0x80 and data == 0xff37 then
+ if port == 0x80 and data == 0xff37 and ram_is_initialized == false then
ram_is_initialized = true
-- Register low RAM 0x00000000 - 0x000dffff
SerialICE_register_physical(0x00000000, 0xa0000)
-- SMI/VGA memory should go to the target...
SerialICE_register_physical(0x000c0000, 0x20000)
printf("\nLow RAM accesses are now directed to Qemu.\n")
+
+ return false, data
end
+ if port == 0xcf9 and data == 0x06 then
+ SerialICE_system_reset()
+ return false, data
+ end
+
+ if ( port == 0xed and data == 0x40 ) then
+ if ( regs.eip == 0x3ed and regs.ecx == 0x00000290 ) then
+ printf("Skipping IO delay...\n")
+ -- f100:03ed
+ regs.ecx = 0x05
+ end
+ end
+
+ if ( port == 0xed and data == 0x83 )
+ then
+ if ( regs.eip == 0x1bb and regs.ecx == 0x0000fff0 ) then
+ printf("Skipping IO delay...\n")
+ -- e002:01bb
+ regs.ecx = 0x10
+ regs.ebx = 0x01
+ end
+ end
+
return false, data
end
@@ -384,6 +422,17 @@
-- Don't send writes to the target for speed reasons.
return false, true, data
elseif addr >= 0x00100000 and addr <= 0xcfffffff then
+ if addr == 0x00100000 then
+ if regs.cs == 0xe002 and regs.eip == 0x07fb then
+ -- skip high memory wipe
+ regs.ecx = 0x10
+ end
+ if regs.cs == 0xe002 and regs.eip == 0x076c and regs.edi == 0x3f then
+ -- skip high memory test
+ regs.edi=1;
+ end
+ end
+
-- 3.25 GB RAM ... This is handled by SerialICE
return true, false, data
else
@@ -394,16 +443,31 @@
return true, false, data
end
+
+function log_cs_ip()
+ if (ip_logging) then printf("[%04x:%04x] -- ", regs.cs, regs.eip) end
+end
+
function SerialICE_msr_read_filter(addr, hi, lo)
+ -- Intel CPU microcode revision check.
+ if addr == 0x8b then
+ -- fake microcode revision of my 0x6f6 Core 2 Duo Mobile
+ return true, 0xc7, 0x00
+ end
+
return false, hi, lo
end
function SerialICE_msr_write_filter(addr, hi, lo)
+ -- Intel CPU microcode update
+ if addr == 0x79 then
+ return true, 0, 0xffff0000
+ end
+
return false, hi, lo
end
function SerialICE_cpuid_filter(in_eax, in_ecx, eax, ebx, ecx, edx)
-
-- Set number of cores to 1 on Core Duo and Atom to trick the
-- firmware into not trying to wake up non-BSP nodes.
if in_eax == 1 then
@@ -428,6 +492,8 @@
return
end
+ log_cs_ip()
+
if size == 1 then printf("MEM: writeb %08x <= %02x", addr, data)
elseif size == 2 then printf("MEM: writew %08x <= %04x", addr, data)
elseif size == 4 then printf("MEM: writel %08x <= %08x", addr, data)
@@ -463,6 +529,8 @@
return
end
+ log_cs_ip()
+
if size == 1 then printf("MEM: readb %08x => %02x", addr, data)
elseif size == 2 then printf("MEM: readw %08x => %04x", addr, data)
elseif size == 4 then printf("MEM: readl %08x => %08x", addr, data)
@@ -485,6 +553,8 @@
end
function SerialICE_io_write_log(port, size, data, target)
+ log_cs_ip()
+
if size == 1 then printf("IO: outb %04x <= %02x\n", port, data)
elseif size == 2 then printf("IO: outw %04x <= %04x\n", port, data)
elseif size == 4 then printf("IO: outl %04x <= %08x\n", port, data)
@@ -500,9 +570,18 @@
bit.band(0x7,bit.rshift(SerialICE_pci_device, 8)),
bit.band(0xff,SerialICE_pci_device + (port - 0xcfc) ))
end
+
+ -- **********************************************************
+ --
+
+ if port == 0xcf9 then
+ printf("Reset triggered at %04x:%04x\n", regs.cs, regs.eip);
+ end
end
function SerialICE_io_read_log(port, size, data, target)
+ log_cs_ip()
+
if size == 1 then printf("IO: inb %04x => %02x\n", port, data)
elseif size == 2 then printf("IO: inw %04x => %04x\n", port, data)
elseif size == 4 then printf("IO: inl %04x => %08x\n", port, data)
@@ -521,14 +600,17 @@
end
function SerialICE_msr_write_log(addr, hi, lo, filtered)
+ log_cs_ip()
printf("CPU: wrmsr %08x <= %08x.%08x\n", addr, hi, lo)
end
function SerialICE_msr_read_log(addr, hi, lo, filtered)
+ log_cs_ip()
printf("CPU: rdmsr %08x => %08x.%08x\n", addr, hi, lo)
end
function SerialICE_cpuid_log(in_eax, in_ecx, out_eax, out_ebx, out_ecx, out_edx, filtered)
+ log_cs_ip()
printf("CPU: CPUID eax: %08x; ecx: %08x => %08x.%08x.%08x.%08x\n",
in_eax, in_ecx, out_eax, out_ebx, out_ecx, out_edx)
end
More information about the SerialICE
mailing list