[syslinux] PXE stack access via com32

jesse barker jessebarker5 at yahoo.com
Mon Jan 8 09:23:58 PST 2007 

Also, it's worth noting that upon return from intcall(), outputRegs.eflags.l == 0x2, which isn't a documented value (at least not in the docs in version 3.11 or on the web docs).

Thanks again,
Jesse


----- Original Message ----
From: jesse barker <jessebarker5 at yahoo.com>
To: H. Peter Anvin <hpa at zytor.com>
Cc: syslinux at zytor.com
Sent: Saturday, January 6, 2007 11:30:07 AM
Subject: Re: [syslinux] PXE stack access via com32

----- Original Message ----
From: H. Peter Anvin <hpa at zytor.com>
To: jesse barker <jessebarker5 at yahoo.com>
Cc: syslinux at zytor.com
Sent: Saturday, January 6, 2007 11:16:22 AM
Subject: Re: [syslinux] PXE stack access via com32

jesse barker wrote:
> 
> I started with a PXENV_GET_CACHED_INFO struct as described in the spec (version 2.1).  I filled it out like this:
> 
> s_PXENV_GET_CACHED_INFO args;
> BOOTPLAYER cachedInfo; /* As described on page 50 of PXE 2.1 */
> 
> memset(&args, 0, sizeof(args));
> memset(&cachedInfo, 0, sizeof(cachedInfo));
> 
> args.PacketType = PXENV_PACKET_TYPE_DHCP_ACK; /* 2 */
> args.BufferSize = sizeof(cachedInfo);
> args.Buffer.segment = SEG(&cachedInfo);
> args.Buffer.offset = OFFS(&cachedInfo);
> 
> memcpy(__com32.cs_bounce, &args, sizeof(args);

>> cachedInfo also needs to be in the bounce buffer!  Here you're 
>> allocating it out of high memory, so the SEG:OFFS pointer that it 
>> produces is totally random (and invalid.)

Right.  That detail was at the end of my previous response:

> And then, as I say, eax contains 'PXENV_EXIT_FAILURE' (and the status
field contains 
> 'PXENV_STATUS_FAILURE').  While debugging this, I
noticed that the pointer to the BOOTPLAYER 
> struct (&cachedInfo) had
some more significant bits than could be used by 'SEG()' and 'OFFS()'

> (i.e. the original pointer could not be reconstructed from the segment
and offset values in the argument struct), 
> so I moved to using the
bounce buffer to contain both structs and copied appropriately, though,
that did not seem 
> to have made a difference.

In reailty what I've done is something like:

void* pxeArgs = __com32.cs_bounce+sizeof(cachedInfo);
void* pxeData = __com32.cs_bounce;

args.Buffer.segment = SEG(pxeData);
args.Buffer.offset = OFFS(pxeData);

memcpy(pxeArgs, &args, sizeof(args));

And then followed with the register settings as previously described where:

inputRegs.es         = SEG(pxeArgs);
inputRegs.edi.w[0] = OFFS(pxeArgs);

But, again, this doesn't seem to have made a difference.  I still get 'PXENV_EXIT_FAILURE' and 'PXENV_STATUS_FAILURE' on return from __intcall().

cheers,
Jesse





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX at zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Syslinux mailing list