def LocateProtocol(context, params):
protocol = params['Protocol']
for handle, guid_dic in context.protocols.items():
if "Handle" in params and params["Handle"] != handle:
continue
if protocol in guid_dic:
# write protocol address to out variable Interface
write_int64(context.ql, params['Interface'], guid_dic[protocol])
return EFI_SUCCESS
return EFI_NOT_FOUND
def hook_ReadSection(ql, address, params):
guid = str(ql.os.read_guid(params["NameGuid"]))
section_type = params["SectionType"] & 0xFF
fw_file = get_firmware_file(ql, guid)
if not fw_file:
return EFI_NOT_FOUND
section = get_section(fw_file, section_type, params["SectionInstance"])
if not section:
return EFI_NOT_FOUND
buffer = read_int64(ql, params["Buffer"])
if buffer == 0:
# The output buffer is to be allocated by ReadSection()
buffer = ql.os.heap.alloc(len(section.data))
ql.mem.write(buffer, section.data)
write_int64(ql, params["BufferSize"], len(section.data))
write_int64(ql, params["Buffer"], buffer)
return EFI_SUCCESS
# The output buffer is caller allocated, ...
buffer_size = read_int64(ql, params["BufferSize"])
if buffer_size < len(section.data):
# But is not big enough
write_int64(ql, params["BufferSize"], len(section.data))
return EFI_BUFFER_TOO_SMALL
# And is big enough
write_int64(ql, params["BufferSize"], len(section.data))
ql.mem.write(buffer, section.data)
return EFI_SUCCESS
def HandleProtocol(context, params): handle = params["Handle"] protocol = params["Protocol"] interface = params['Interface'] if handle in context.protocols: supported = context.protocols[handle] if protocol in supported: write_int64(context.ql, interface, supported[protocol]) return EFI_SUCCESS return EFI_UNSUPPORTED
def InstallProtocolInterface(context, params):
handle = read_int64(context.ql, params["Handle"])
if handle == 0:
handle = context.heap.alloc(1)
dic = context.protocols.get(handle, {})
dic[params["Protocol"]] = params["Interface"]
context.protocols[handle] = dic
write_int64(context.ql, params["Handle"], handle)
context.notify_protocol(params['Handle'], params['Protocol'], params['Interface'], True)
return EFI_SUCCESS
def LocateHandle(context, params): buffer_size, handles = LocateHandles(context, params) if len(handles) == 0: return EFI_NOT_FOUND ret = EFI_BUFFER_TOO_SMALL if read_int64(context.ql, params["BufferSize"]) >= buffer_size: ptr = params["Buffer"] for handle in handles: write_int64(context.ql, ptr, handle) ptr += pointer_size ret = EFI_SUCCESS write_int64(context.ql, params["BufferSize"], buffer_size) return ret
def LocateProtocol(context, params):
protocol = params['Protocol']
for handle, guid_dic in context.protocols.items():
if "Handle" in params and params["Handle"] != handle:
continue
if protocol in guid_dic:
# write protocol address to out variable Interface
write_int64(context.ql, params['Interface'], guid_dic[protocol])
return EFI_SUCCESS
try:
friendly_name = guids_dict[protocol.upper()]
except KeyError:
friendly_name = 'UNKNOWN'
context.ql.log.warning(f'protocol with guid {protocol} not found ({friendly_name})')
return EFI_NOT_FOUND
def InstallProtocolInterface(context, params):
handle = read_int64(context.ql, params["Handle"])
if handle == 0:
handle = context.heap.alloc(1)
dic = context.protocols.get(handle, {})
dic[params["Protocol"]] = params["Interface"]
context.protocols[handle] = dic
for (event_id, event_dic) in context.ql.loader.events.items():
if event_dic['Guid'] == params['Protocol']:
# The event was previously registered by 'RegisterProtocolNotify'.
signal_event(context.ql, event_id)
check_and_notify_protocols(context.ql)
write_int64(context.ql, params["Handle"], handle)
return EFI_SUCCESS
def trigger_next_smi_handler(ql):
(dispatch_handle, smi_params) = ql.os.smm.swsmi_handlers.popitem()
ql.dprint(D_INFO, f"Executing SMI with params {smi_params}")
# IN EFI_HANDLE DispatchHandle
ql.reg.rcx = dispatch_handle
# IN CONST VOID *Context OPTIONAL
ql.mem.write(ql.os.smm.context_buffer, convert_struct_to_bytes(smi_params["RegisterContext"]))
ql.reg.rdx = ql.os.smm.context_buffer
# IN OUT VOID *CommBuffer OPTIONAL
ql.mem.write(ql.os.smm.comm_buffer, convert_struct_to_bytes(smi_params["CommunicationBuffer"]))
ql.reg.r8 = ql.os.smm.comm_buffer
# IN OUT UINTN *CommBufferSize OPTIONAL
size_ptr = ql.os.smm.comm_buffer + ctypes.sizeof(smi_params["CommunicationBuffer"])
write_int64(ql, size_ptr, ctypes.sizeof(smi_params["CommunicationBuffer"]))
ql.reg.r9 = size_ptr
ql.reg.rip = smi_params["DispatchFunction"]
ql.stack_push(ql.loader.end_of_execution_ptr)
return True
def hook_InSmm(ql, address, params):
nonlocal in_smm
write_int64(ql, params["InSmram"], in_smm)
def nitems(self, value: int):
addr = self.system_table + self.__nitems_off
utils.write_int64(self.ql, addr, value)
