Page 1 of 1

BIOS dumping

Posted: Tue Jan 31, 2012 9:26 pm
by wadders1988
Hi All,

I need to extract a live version of my BIOS to compare with a version taken from a BIOS programmer for the same chip ...

I need to prove that the machine changes values within the BIOS code once the machine is running and comunicating with other hardware...

Does anyone know of an academic article / journal that would support this theory?

Looking forward to hearing from you

Re: BIOS dumping

Posted: Wed Feb 01, 2012 9:47 am
by edwin
The only way of doing so is through DMI and SMBIOS:
http://en.wikipedia.org/wiki/Desktop_Ma ... _Interface
http://en.wikipedia.org/wiki/System_Management_BIOS

The only places the DATA is changed is in the areas that are designed to save information about the connected hardware IE hotpluggable stuff like USB devices. The CODE is not changed at all during runtime.

Re: BIOS dumping

Posted: Wed Feb 01, 2012 12:14 pm
by wadders1988
Thank you for your reply.

You say only the area designed to save information about attached hardware is change.

This is what i need to identify as the BIOS dump will be from a forensic prespective so even 1 value changing is important to note!! and i will be viewing the bios file and a complete .BIN file.

I have an application that can dump BIOS and I also have a BIOS programmer so I can view the code without it interacting with other hardware.

I just need to find an academic reference that says that values change within the BIOS when the computer is running. (prefereably a journal or book)

Many thanks for your reply!!

Re: BIOS dumping

Posted: Wed Feb 01, 2012 1:45 pm
by edwin
If you actually have been reading the two articles referenced you would see you can change other areas as well during runtime from within the operating system. What would help too is do some reading in the reference manuals from the big bios manufacturers like AMI/Award/Phoenix/Insyde...

Re: BIOS dumping

Posted: Wed Feb 01, 2012 4:07 pm
by wadders1988
I read through both of the articles that you linked. Whilst they are useful for personal reading I already knew 90% of the information. My original question asked if anybody knew of an "Academic journal or book" that supports this theory. As for my university work I am NOT allowed to reference wikipedia.

I may be able to use a manufacturers manual, but the ones that i have looked at already dont include any information on the BIOS.

Ill keep looking though

Thanks for your help

Re: BIOS dumping

Posted: Thu Feb 02, 2012 1:49 pm
by edwin