• Please review our updated Terms and Rules here

Is it possible to map RAM over top of ROM?

Anonymous Coward

Anonymous Coward

Veteran Member
Joined
Aug 11, 2004
Messages
1,555
Location
Shandong, China
I would like to alter the contents of the byte located at F000:E6FA. This is where the BIOS resides. Is it possible to map RAM overtop of the ROM that exists at this locations so that programs reading it will see the contents of the RAM rather than the ROM?
 
It depends on the machine.

In general, the answer is no. Address decoding is a hardware function and a given address presented on the address bus will be served either by ROM or RAM, but not both. (Another possibility is that there is nothing that serves the decoded address, in which case the data read is undefined.)

When chipset vendors started implementing "shadow ROM" that changed. The chipset was given the ability to copy the ROM areas into RAM and then change the address decoding so that a given address presented on the bus hit the RAM copy instead of the ROM copy. This was also probably combined with a write protect, as the intent was to take advantage of the faster RAM speed.

That was a cheap and easy way to make full use of the RAM present on the system while dealing with the ROM and adapter address area between 640K and 1MB. The elegant solution would have been to shift that overlapping RAM up 384KB in the address space, but that would require additional hardware and have performance impacts. The shadow ROM was a more "hackish" solution that did not allow you use make full use of that 384KB of RAM, but it did provide some performance benefit. Which became obsolete as soon as operating systems stopped using the machine BIOS to do anything, but that's a different problem ...

If you can figure out how your chipset handles the shadow ROM function you might be able to do it. There might be a write protect register that you can find that would allow you to change the contents of the RAM after the ROM copy is done.
 
Not to nitpick, but it's certainly possible; whether it's feasible depends on the machine, ROM type, and the OP's ability and (possibly) willingness to make some simple mods and/or add a component or two.
 
I'm working with a 486 with the BIOS mapped into the F segment. It has a BIOS ROM Shadow. Is it possible for me to identify the location of the ROM shadow, disable the write protect and change one of the bytes?
 
AC -

You really need to find the spec sheet for the chipset that you are using. I know that at a high level the ROM gets copied to the RAM and then the RAM is used from that point on. But I don't know enough about chipsets to tell you if that is something you have any control over or can tweak in any way.


Mike
 
The SiS 8c406/8c411 does allow write de-protect on shadowed memory as I'm using a UMB enabler to use that memory. The only program that seems to work right with it is "The Last Byte Memory Manager". c't had an article back in 1993 documenting the chipsets, but alas, it is in German. Don't know what you are trying to accomplish, but editing the BIOS while the machine is running could break things in a hurry.
 
It's not too hard to do it safely. After all, when you load a device driver or TSR that hooks to an interrupt chain the same problem applies.

The trick is to disable interrupts and not use the areas of the BIOS that you are going to be changing while the change is being made. x86 is extremely good about handling self-modifying code, so even if the code that you alter is in the processor cache the processor will detect it and flush the cache accordingly.
 
You could remove the ROM chip from the motherboard have some kind of custom ISA card to put it on instead with some specialized address decoding circuitry to redirect the proper area to some SRAM or something. It would be kind of tricky. Do you need to change the contents of the memory multiple times? If you just want to put some custom fixed data there, dump the BIOS ROM, modify the image, burn that to an EEPROM and use it instead of the original chip.
 
I'd be surprised if any exist. There's probably no documentation available from the vendor with the information required to know how to do that. You'd probably have to be an assembly wizard with a lot of time on your hands to disassemble and study the BIOS.
 
The ISA/SRAM idea seems achievable - the board would just need a battery to keep the SRAM alive whilst the power is off and selectable configuration between say E000 and F000h. Then boot with it at E000 and copy the ROM. Power down, remove the ROM chip, change the SRAM board to F000 and power back up.

The IBM PC/XT would need the card in slot 8 for it to work... other (in this case, newer) hardware might also similarly have that segment hard-wired to certain hardware (i.e. the ROM chip).

I suppose the ISA card could connect back to the ROM socket via ribbon cable and pin-headers... easy enough if it's a DIP32 chip. That said, any system with ROM shadowing capabilities probably just copies the slow-to-use 8-bit ROM straight to RAM and write-protects it anyway. Would modifying the ROM at E000h then using that via a reboot suffice for whatever it is you're testing?
 
Last edited:
You must log in or register to reply here.
Back
Top