You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a collection of tools to help reverse UEFI-based firwmare.
efiperun
Load and run EFI PE image files on your favorite operation system (Linux). See
efiperun/README.md for more information.
guiddb
Scan .dec files (from e.g. TianoCore EDK2) for GUIDs and output them in
C-source file format. A database of known guids is in guiddb/efi_guid.c.
memdmp
Tools to dump UEFI memory. There's a patch against EdkShell that makes the
memmap command dump memory, pipe that to a file called mdmp. Then,
run dmp2seg to convert that output file into many files with the actual
memory contents. Then, run make_elf.rb to make a single ELF file with all
the memory contents. The ELF file is not executable or anything, it's just a
convenient format to store memory segments.
tree
A class file that will provides a Ruby tree abstraction for a firmware tree on
your filesystem previously extracted by UEFIExtract (from UEFITool). Use
UEFITool commit bf2c9f59 or newer.
Also included is an example script that uses said abstraction.
