1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
iobp_write:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
lea ebx, [esi + 0x2338]
loc_00009c83:
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
test al, 1
jne short loc_00009c83 ; jne 0x9c83
push eax
push eax
push dword [ebp + 0xc]
lea eax, [esi + 0x2330]
push eax
call write32 ; call 0x17e8f
add esp, 0xc
push 0x700
push 0xff
push ebx
call and_or_16 ; call 0x18981
lea eax, [esi + 0x2334]
add esi, 0x233a
pop edx
pop ecx
push dword [ebp + 0x10]
push eax
call write32 ; call 0x17e8f
pop eax
pop edx
push 0xf000
push esi
call write16 ; call 0x17e04
pop ecx
pop esi
push 1
push ebx
call or_16 ; call 0x18927
add esp, 0x10
loc_00009ce8:
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
test al, 1
jne short loc_00009ce8 ; jne 0x9ce8
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
and eax, 6
cmp al, 1
sbb eax, eax
not eax
lea esp, [ebp - 8]
and eax, 0x80000007
pop ebx
pop esi
pop ebp
ret
iobp_read:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
lea ebx, [esi + 0x2338]
loc_00009d27:
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
test al, 1
jne short loc_00009d27 ; jne 0x9d27
push eax
push eax
push dword [ebp + 0xc]
lea eax, [esi + 0x2330]
push eax
call write32 ; call 0x17e8f
add esp, 0xc
push 0x600
push 0xff
push ebx
call and_or_16 ; call 0x18981
lea eax, [esi + 0x233a]
pop edx
pop ecx
push 0xf000
push eax
call write16 ; call 0x17e04
pop eax
pop edx
push 1
push ebx
call or_16 ; call 0x18927
add esp, 0x10
loc_00009d7b:
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
test al, 1
jne short loc_00009d7b ; jne 0x9d7b
sub esp, 0xc
push ebx
call read8 ; call 0x17d8b
add esp, 0x10
mov edx, 0x80000007
test al, 6
jne short loc_00009db9 ; jne 0x9db9
sub esp, 0xc
add esi, 0x2334
push esi
call read32 ; call 0x17e4e
mov edx, dword [ebp + 0x10]
add esp, 0x10
mov dword [edx], eax
xor edx, edx
loc_00009db9:
lea esp, [ebp - 8]
mov eax, edx
pop ebx
pop esi
pop ebp
ret
program_iobp:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x20
mov esi, dword [ebp + 0xc]
lea eax, [ebp - 0x1c]
mov edi, dword [ebp + 0x14]
push eax
push esi
push dword [ebp + 8]
call iobp_read ; call 0x9d19
add esp, 0x10
mov ebx, eax
test eax, eax
jns short loc_00009e40 ; jns 0x9e40
call dummy_15479 ; call 0x15479
test al, al
je short loc_00009e0a ; je 0x9e0a
sub esp, 0xc
push edi
push dword [ebp + 0x10]
push esi
push ref_00022017 ; push 0x22017
push 0x80000000
call efi_console_out ; call 0x15487
add esp, 0x20
loc_00009e0a:
call dummy_15480 ; call 0x15480
mov edx, ebx
test al, al
je loc_00009ec3 ; je 0x9ec3
call dummy_15479 ; call 0x15479
test al, al
je short loc_00009e36 ; je 0x9e36
push edi
push ebx
push ref_000206d3 ; push 0x206d3
push 0x80000000
call efi_console_out ; call 0x15487
add esp, 0x10
loc_00009e36:
push esi
push ref_000206f4 ; push 0x206f4
push 0x34
jmp short loc_00009eb4 ; jmp 0x9eb4
loc_00009e40:
mov eax, dword [ebp + 0x10]
and eax, dword [ebp - 0x1c]
push ecx
or eax, edi
push eax
push esi
push dword [ebp + 8]
mov dword [ebp - 0x1c], eax
call iobp_write ; call 0x9c75
add esp, 0x10
mov ebx, eax
mov edx, eax
test eax, eax
jns short loc_00009ec3 ; jns 0x9ec3
call dummy_15479 ; call 0x15479
test al, al
je short loc_00009e84 ; je 0x9e84
sub esp, 0xc
push edi
push dword [ebp + 0x10]
push esi
push ref_00022084 ; push 0x22084
push 0x80000000
call efi_console_out ; call 0x15487
add esp, 0x20
loc_00009e84:
call dummy_15480 ; call 0x15480
mov edx, ebx
test al, al
je short loc_00009ec3 ; je 0x9ec3
call dummy_15479 ; call 0x15479
test al, al
je short loc_00009eac ; je 0x9eac
push edx
push ebx
push ref_000206d3 ; push 0x206d3
push 0x80000000
call efi_console_out ; call 0x15487
add esp, 0x10
loc_00009eac:
push eax
push ref_000206f4 ; push 0x206f4
push 0x40
loc_00009eb4:
push ref_00022050 ; push 0x22050
call dummy_1548c ; call 0x1548c
add esp, 0x10
mov edx, ebx
loc_00009ec3:
lea esp, [ebp - 0xc]
mov eax, edx
pop ebx
pop esi
pop edi
pop ebp
ret
|