This is a crazy hack for you if you are brave enough to write a UEFI program and Windows driver in addition to the interfacing program to accomplish what you ask about:
Write a UEFI application. Its role would be 1) get started as an OS loader via UEFI Boot Manager, e.g. you start it manually either via "boot from file" Boot Manager menu or via UEFI "shell" (that in fact is command interpreter and not shell). From UEFI this app gets for free all you ask about - System Table pointer and everything else, because it's contained in the latter. Then this app, using UEFI EFI_FILE_PROTOCOL's Write() (and everything else needed) will dump the needed info into some file, on a FAT volume, that UEFI will certainly can access to. If ESP is present, then it's a good place, say write it into "efi\beta\mycrazyhack.dat" file and then either 1) simple but might (or might not) be unreliable, needs to be checked, just return to UEFI, after what you would just boot Windows a normal way, or 2) the app itself will chainload Windows' bootmgrfw.efi - this is a bit more complicated, I'd go with variant 1 and only if it fails, would start to mess with this one.
Now to the driver/interfacing program part. You create a program that, running as an administrator, starts the driver, you made and sends special requests to it, sending info (for example, UEFI System Table pointer in the system address space (its physical address in other words)), that it takes from the "ESP:\efi\beta\mycrazyhack.dat"***
The driver gets this info and further it needs to find correspondence (mapping) between the input system (physical) address of the System Table, I believe, you would really need the Runtime Services Table address and its virtual address. How to do that?
if you can find PFN database, it's easy. Just go to the appropriate PFN slot, if the physical address is 0xB00B5000, then the slot index will be:
Code:
PfnIndex = Address >> PageSizeExponent; // 0xB00B5000 >> 12 -> 0xB00B5.
So the slot index is 0xB00B5 and PFN entry address is PfnBase[0xB00B5]. there you'll find the virtual address of the page, if it's set up. which could be not the case. But then, you would know, that you cannot access UEFI Runtime Services, probably having to validate, that all the pointers in the RT are also valid and already mapped, otherwise here your driver will crash the system. If you reach this point, you can access to the UEFI Table, in its run time state. On a system, that wasn't intended to support it yet, keep this in mind. But it should work on Itanium XP, shouldn't it? Maybe you have such? Itanium is also abandonware. Unfortunately. btw, don't forget, that on it page size is 8KB so the PageSizeExponent from the above formula is 13.
*** - if the FAT volume, you've taken your dump into
is ESP, then don't forget to attach/assign letter to it before starting your app, so that it would be free of that burden. do it through diskpart. ESP is easily findable. because it's marked as "System". do in the diskpart prompt: lis vol. find ESP volume and its number N. Once you found it, do: select volume N -> assign letter S, S - is a free letter, you want to assign to ESP.
This is all a pure theory and I might be wrong about PFN, because it's how my own PFN is going. I might get it wrong reading about that stuff in Windows.
Anyway, it could be a fun adventure if you wanna access to UEFI guts from XP this badly.
Login
Register
FAQ
Search
(after edited MajorOperatingSystemVersion & MajorSubsystemVersion from 6 to 5)
