ROMCOPY: A utility that copies the upper Adapter ROM area (0xA0000-0xFFFFF)
         and stores it in a file. Useful for copying down the ROM BIOS or
         the ROM of any ISA adapter in a legacy PC system.

-----------------------------------------
LIST OF SUBDIRECTORIES AND THEIR CONTENTS
-----------------------------------------

  I. Linux

     Linux version. Uses /dev/mem to copy the adaptor ROM area. Due to the
     wide variation of system builds and platforms, a precompiled binary is
     not provided. You must first "cd" into the directory and type "make".
     This will compile the program (assuming you have GCC and make installed)
     and produce an executable named "romcopy". You can also type
     "make install" to install it in your /usr/sbin directory.

 II. DOS

     DOS version, usable on any DOS-based system (including FreeDOS or
     MS-DOS 3.x and higher).

III. Win31a

     Windows (16-bit) version. Should be perfectly usable on versions as
     early as Windows 3.1 (let me know if it runs on 3.0 and earlier, please?).
     Uses undocumented segment/selector constants from KRNL386.EXE to read
     adapter ROM. Tested and run successfully under Windows 3.1, 95, 98, and
     XP.

 IV. Win31b

     Windows (16-bit) version. Same as Win31a but uses a slightly different,
     more documented approach to copy adapter ROM using obsolete Win16 API
     functions AllocSelector(), etc. Tested and run successfully under
     Windows 3.1, 95, 98, and XP.

  V. Win9x

     Windows (32-bit) version. Exploits the fact that under Windows 95/98
     adapter ROM (0xA0000-0xFFFFF) can be accessed directly from user-space
     by 32-bit applications. Will NOT work under Windows NT/2000/XP (not
     even in Windows 95 "compatibility mode").

 VI. WinWDM

     Windows NT/2000/XP version. Uses device driver ROMCOPY.SYS to read off
     this area. Unlike other Windows-based ROM copying versions this version
     is not affected by the kernel's page mapping because ROMCOPY.SYS uses
     NTOS API function MmMapIoSpace() to map physical memory and copy the
     desired data. This means that if you are stuck with Windows 2000 or XP
     this program is your best bet for getting an accurate copy of this area.
     Requires Windows 2000 or later, tested successfully under Windows XP.
     Will NOT work under Windows 95, 98, ME, or NT 4 or earlier.

     ROMCOPY.SYS was built using the Windows Server 2003 DDK in Windows 2000
     free build mode (for best compatability). This DDK can easily be obtained
     (at this time) from www.microsoft.com/ddk via mail-order.

---------------------
WHAT THE PROGRAM DOES
---------------------

The program takes a snapshot of the legacy adaptor ROM area (0xA0000-0xFFFFF)
and writes it out to a file named ROM.BIN. Windows versions will show a small
window with a progress bar.

--------------------------
PICKING APART THE SNAPSHOT
--------------------------

Since the snapshot begins at 0xA0000, any offset in the file will contain whatever
was at (offset+0xA0000) in memory. On any standard PC system you will find in the
snapshot:

file offset 0x50000 (addr 0xF0000):
     The ROM BIOS, usually 64KB large on most systems.

file offset 0x40000 (addr 0xE0000):
     Expansion BIOS, usually 32KB or 64KB large. On some systems with 128KB sized
     BIOses this contains the other half. Some BIOSes put their entire
     setup/configuration menu program here.

file offset 0x20000 (addr 0xC0000):
     VGA BIOS, varies in size.

file offset 0x18000 (addr 0x18000):
     A copy of your DOS console as it existed in video memory, or a copy of the
     "fake" console made by the Windows NT/2000/XP VDM for backwards compatibility.
     32KB in size. If captured under Linux, this part may contain a copy of your
     Linux console if you weren't using any framebuffer-based graphical console
     drivers, or a partial copy of whatever was on your screen if using a framebuffer
     console or X-windows.

file offset 0x00000 (addr 0x00000):
     The contents of this area depend on the environment. Snapshots taken from
     plain vanilla DOS will have nothing here since in VGA text mode nothing is
     mapped here. If taken from Windows on a system with legacy video hardware
     (the page-mapped kind) you will find here a whole or partial "snapshot"
     of your screen (likely the entire screen if using the default VGA 16-color
     driver!).

Further ROMs provided by the adaptor cards can be found by starting at 0xC0000
and scanning for the signature 0x55 0xAA (this is allowed up until 0xE000). The
size can be determined by looking at the third byte (immediately after the 0xAA)
which is the size in 512-byte pages.

Somewhere in the 0xC000-0xDFFF range you are also likely to find (on recent
computer systems) the ACPI data and AML code.

-------------------------
ISSUES WITH NEWER SYSTEMS
-------------------------

On newer PCI systems with ROM shadowing, the snapshot taken may not be the exact
contents of the BIOS. Some systems I tested this with appear to have a ROM BIOS
that copies itself to RAM (shadowing) then patches over the entry point at
0xF000:0xFFF0 with an INT 19h instruction in case legacy DOS programs attempt to
reboot by jumping there.

----------------------------------------------------
ISSUES REGARDING ROM COPYING UNDER MICROSOFT WINDOWS
----------------------------------------------------

  NOTE: WinWDM\ROMCOPY.EXE does not have this problem due to the use of
        kernel-level driver interfacing.

  The process of copying the ROM is done entirely from user-level application
  code and is subject to whatever memory mapping happened to be in place at
  the time (this is the disadvantage of "386 enhanced Windows"). ROM snapshots
  taken from Windows (even in a DOS-box) will often contain a somewhat
  distorted view of the address space mixed with bits and pieces of various
  Windows drivers and structures. Only the ROM BIOS and the VGA BIOS are
  guaranteed to be copied correctly (though the VGA BIOS might be shifted
  around).

  If however you are running Windows 2000 or Windows XP (or later versions e.g.
  server 2003) your best bet for an accurate snapshot is to use the "WinWDM"
  version, which loads ROMCOPY.SYS and uses NT kernel OS calls to accurately
  map and copy this area of memory (free of Windows and it's odd memory mapping).

  Otherwise, your best bet for an accurate snapshot is finding a way to plain
  vanilla DOS mode and using the DOS ROMCOPY.EXE utility.

--------------------------------
GETTING TO DOS MODE FROM WINDOWS
--------------------------------

If you are running Windows NT/2000/XP:
  - There is no "DOS mode", only Windows. Try creating an MS-DOS boot disk
    and running this program from it.

If you are running Windows 95/98:
  - Select "restart in MS-DOS mode" from the start menu.

           or

  - Reboot your computer. The minute your BIOS attempts to boot the OS quickly
    hit the F8 key (multiple times if necessary). If you have GRUB installed
    select the option to boot Windows and hit Enter, then F8 as quick as you can
    (it takes practice, trust me). The "startup menu" will be displayed and you
    can select "command prompt only" to boot into plain vanilla DOS mode.

           or

  - Create an MS-DOS boot disk.

If you are running Windows ME:
  - There is no "DOS mode", only Windows. I have heard of a successful hack
    though that allows the DOS prompt under ME. Otherwise, create an MS-DOS
    boot disk.

If you are running Windows 3.x:
  - Go to the program manager and select "Exit Windows". You should arrive at
    the DOS prompt very soon after that.

------------
LEGAL ISSUES
------------

This program is provided as-is without any warranty of any kind, etc., etc.
I cannot be held responsible if somehow this causes damage (which is highly
unlikely). Snapshots may contain binary data or code that is copyrighted by
their respective companies, please respect those copyrights and refrain from
illegally sharing ROM images.
