>Don't do that. As I said, run the command "ioprobe" instead. The
>command does the same thing as GRUB does at the startup time.
> See the values of "IP" and "CS". If GRUB doesn't stop dumping
>registers, their values should be repeated periodically. Write down
>the repeated values, reboot your machine, and dump the memory regions
>indicated by the addresses. In real mode, (CS << 4 | IP) represents
>a currently executed (linear) address. So you can dump a target memory
>region by "read ((CS << 4) | IP)". Note that GRUB doesn't evaluate any
>expression, so you have to pass a pre-computed value to the command
>"read". Then, you can disassemble the dumped binary code. If anything
>is difficult for you, feel free to ask me.
I did and here are the results:
CS = F0000
IP: Address(dez): Value:
71B8 1012152 021146F6
BC 54 0B750211
C9 69 538000B8
CC 72 568B5153
CD 73 00568B51
CE 74 8300568B
D1 77 B707C283
D4 80 37B90CB7
D6 82 E8B737B9
D9 85 F87588E8
E764 1042276 90F88A53
67 79 75C90B90
68 80 0C7FC90B
6A 82 FE590C75
78 96 22D88AEC
79 97 C422D88A
7B 1042300 74C73AC4
7D 02 871974C7
7F 04 90DB8719
9A 30 C38AE432
9C 32 C35BC38A
9E 34 7AE8C35B
9F 35 497AE8C3
71DC 1012188 74E40AF8
DD 89 0174E40A
DF 91 59790174
E2 94 53C35B59
E3 95 5153C35B
E4 96 325153C3
701A 1011738 0192820F
1E 42 468ACAFE
20 44 EE02468A
23 47 E8EBE6EE
24 48 8FE8EBE6
26 50 0F018FE8
71B8 1012152 021146F6
The same stuff is attached as hexdump.txt. the other file is my compiled stage1 and
stage2 (gz-tared)
Actually, now that I have all this data, I do not know what to do next. I tried to
find the memory values in stage2 but could not find them. Even if I had found them I
would not have known what to do. So, please help :-)
Volker
stages.tar.gz
CS = F0000
IP: Address(dez): Value:
71B8 1012152 021146F6
BC 54 0B750211
C9 69 538000B8
CC 72 568B5153
CD 73 00568B51
CE 74 8300568B
D1 77 B707C283
D4 80 37B90CB7
D6 82 E8B737B9
D9 85 F87588E8
E764 1042276 90F88A53
67 79 75C90B90
68 80 0C7FC90B
6A 82 FE590C75
78 96 22D88AEC
79 97 C422D88A
7B 1042300 74C73AC4
7D 02 871974C7
7F 04 90DB8719
9A 30 C38AE432
9C 32 C35BC38A
9E 34 7AE8C35B
9F 35 497AE8C3
71DC 1012188 74E40AF8
DD 89 0174E40A
DF 91 59790174
E2 94 53C35B59
E3 95 5153C35B
E4 96 325153C3
701A 1011738 0192820F
1E 42 468ACAFE
20 44 EE02468A
23 47 E8EBE6EE
24 48 8FE8EBE6
26 50 0F018FE8
71B8 1012152 021146F6