From: Ed Beroset 
Subject: Re: Rotation encryption
At 02:18 12/23/97, you wrote:
>
> EJ>  Tried running a bios-dump through a disassembler?
>
>PM> Nope. You mean I should check some bios interrupt and
>PM> dump all memory around it, looking for INs to the
>PM> keyboard or int 16h ?
>
> Dump the ROM-code (it's at F000:0000, right?) and run it through a
> disassembler. If it's any good it will mark out string-references for
> you (look for references to 'Password', for instance). Finding the
> relevant code from there shouldn't be too hard.
That technique will fail completely on all but the most ancient BIOS.
>PM> Anyone know for sure if parts of the BIOS setup program
>PM> are left in RAM after boot?
>
> It's ROM. Where would it go? :-)
Actually, the part you can see at F000:0000 is only the tip of the iceberg.
 In a typcial machine, part of it gets mapped into SMI, part of it (POST)
gets mapped off the PCI bus entirely, and sometimes the boot loader code is
still visible at 4G.  Things have changed a LOT since 1980.
Ed
-!-
---
---------------