Hello,
Can someone take a look and help me out with unlocking Advanced menu in G9-792 bios.
I have tried and read for days(tried unlocking some hidden setting in tabs I already have and it makes sense but I am suck with getting advanced tab unlocked).
https://www.mediafire.com/file/3v4hk06gk…G9-792.bin/file
Also any1 who needs G9-792 bios dump can try this dump. My bios was bricked and every bios dump I found on net was not working on my pc(power light turned on but no cpu or gpu voltages). My backup dump got corrupted(tnx ch341) but I was able to get it working by extracting bios part from acer website and merging it with my dump.
Upload an archive of images of your BIOS, then I’ll see if I can help. Do you have flash programmer? If not, I would not flash mod BIOS, it may brick the board again. Or have you already flashed in BIOS mod attempts and your edits didn’t brick the board, but nothing unlocked?
If the latter, then great, should be OK without programmer, but since it’s only $6 total for CH341A + SOIC8 test clip cable on ebay, I’d go ahead and order a set now. Let me know if you need some linked examples/
Yes I have programmer and I already tried to unlock some hidden options and flashed it using programmer but nothing unlocked.
Used UEFI tool to extract SetupUtility part → used universal IFR extractor on SetupUtility - > located different menu entry offsets in extracted txt fail and tried to change suppress if true/false using HxD editor → exported modded SetupUtility back with UEFI tool → Flashed with programmer.
Can you explain what do you mean “archive of images of your BIOS”.
Pictures of available options in bios?: http://www.mediafire.com/file/nm9eaa4ge7…iosimg.zip/file
And yes board is still unbricked 
Board have its own problems that’s why I need advanced menu to try different setting if it changes anything.
Tutorials I have used:
http://web.archive.org/web/2016091621211…power-tabs.html
http://web.archive.org/web/2016091621434…n-settings.html
and also this forum.
Good you have programmer. Changing “Suppressed” or "“Gray’d out” things only applies to individual settings, not menus, and it only helps in an already visible menu section.
Archive means zip or rar or 7zip archive. So yes, thanks for the archived BIOS images, I will check it out and see if I can get this figured out for you.
First one is too blurry (Info), please send a new one, and feel free to edit out your serial if you want so it’s not sitting there open in an image, but it’s already in your dumped BIOS above so not really necessary.
Also, please resize the image, no need for 4-5K images just to have a glancing look at a BIOS page, 1000px wide and less than 500KB is plenty.
I resized the 4 good images to 1000px wide and saved as jpg = 300KB total for all four 
I hate Insyde BIOS, but can sometimes get it sorted out. This is done in assembly / hex, similar to the guides you linked
Donovan6000’s blog is great, but that method doesn’t apply easily to your BIOS, tabs aren’t displayed or stored in the same way.
Link to non blurred info tab: https://www.mediafire.com/view/cg3wd3ur6…fo_Tab.jpg/file
I also tried IDA pro like in Donovan6000’s tutorial, but thats some heavy sh*t
I found function? sub_844F0 which included all of my tab locations , but for now im clueless whats next 
(nevermind im delusional)
Thanks for image. Yes, that is the sub I was eyeballing too, still open in IDA to that, it’s missing first/top security though. Could test 76 0F to 76 00 jump at the first jbe on 844F0 - if you want me to send you this test let me know.
At first I thought it’s not the one we need to edit, that sub is like the one he says “This isn’t it, this controls switching”, but so do several others as well, so I’m lost on this one.
I’m thinking Sub_82F10 or Sub_83510 or Sub_83610, or Sub_836D0/84850 (both look like a switching ones too, but few items are being bypassed on right side of 836D0), also 927F0
Yes you could send me this test.
I followed your instructions changing first jbe 844F0 76 0F to 76 00:
https://www.mediafire.com/view/mfbc1qok1…_76_00.png/file
I dont know if you thought same change but I wanted to try it :). After this change pc will not enter into BIOS, pressing F2 does nothing and soon after boot logo “No boot device found” appears.
Maybe you can explain a little what does this 76 0F and 76 00 do/mean?
First byte is jump type and second is where it’s going to jump? But why change it do 00… no jump?
Well then, we know that’s not the correct edit That edit makes it jump directly to next location, in this case that’s Loc_84700 (Following red arrow on left in original unmodified file, instead of going into the code on the right)
You can test what things do in IDA by looking at hex view then press F2, make an edit, press F2, then go back to IDA view
In that same module, try 8473E: 83 Change to >> 82
I don’t think this is correct module though, but you are correct it’s really only one that shows all menus at their original default offset names, but many others show them all too as mentioned above (Specifically those last two I mentioned I think are the ones we need to figure this out in)
I hate Insyde 
But it’s just because I don’t edit enough to know how to easily spot this stuff when it’s outside the norm like this BIOS.
Try this as well in another edit @ Sub 836D0
0000000000083BE1: 58 >> 00
0000000000083C22: 17 >> 00
0000000000083CEC: 28 >> 00
0000000000083CF8: 1C >> 00
Nada
1. 8473E: 83 >> 82 - F2 does nothing skips bios
2. 0000000000083BE1: 58 >> 00 - Hangs at "" dash on top corner of a screen after pressing F2
3. 0000000000083C22: 17 >> 00 - does nothing can enter bios but nothing changed
4. 0000000000083CEC: 28 >> 00 - does nothing can enter bios but nothing changed
5. 0000000000083CF8: 1C >> 00 - does nothing can enter bios but nothing changed
6. All 4 changes same time 58 to 00, 17 to 00, 28 to 00, 1C to 00 - Hangs at "" dash on top corner of a screen after pressing F2
Did you test 17, 28, 1C >> 00 (Without the 58 >> 00)? You are working on an extracted “Body” correct? If not, please redo all tested changes, I gave changes from an extracted body.
If you are, then onto the next sub 
I’ll try to look again tonight when I have more time.
Yes im working with extracted body and no I didnt try without 58 >> 00. I try that tomorrow.
I started thinking maybe its easier to replace one existing tab to hidden tab like at the end of donovan blog.
lea rax, “existing tab reference” >> lea rax, “hidden tab reference”.
I tried to change(844F0) like he did in his blog but after I changed existing tab to hidden one, the offset is not same and links to different offset(but in hex both values seem same) . But I dont understand this “This is a relative address based off of the current instructions address. And it’s stored in little endian. So if your good with math you can determine the new values with a calculator”. I cannot just change value to same hex, because their instruction addresses are different and offset moves?
Progress(sry for big pic) 
https://www.mediafire.com/view/ey2ooa9ff…174701.jpg/file
I changed 844F0 tab references:
7B850(main) to 7BE80(2nd advanced)
48 8D 05 CD 71 FF FF to 48 8D 05 FD 77 FF FF
I will give more info soon. For now advanced menu is epmty but I guess its because all items are suppressed. Gonna edit them 2morrow.
Good work! 
Why not change orig adv to hidden one instead? Yes, you will probably have to unsupress all the hidden stuff in 2nd adv within setup module, or change that opcode itself to not suppress.
Its done >> https://www.youtube.com/watch?v=TB_KYqB3cjc
After unlocking advanced menu I got my pc running(changed some integrated intel HD video settings, before that pc froze on booting).
Thanks for your help Lost_N_BIOS.
Unlocked bios: https://www.mediafire.com/file/d5utkvgga…edMenu.bin/file
So what was your final edit, just switching them around, or did you find the place they were bypassed in setup and fix it normally? I’ll check the video later, can’t right now so had to ask.
Also, thanks for sharing your editing file for others. Is that based on a stock BIOS edited, or your dumped BIOS edited? If stock OK, but if it’s your dump then others can’t use that (Just share the modified setup module probably best way to share this)
Hello,
Lost_N_BIOS
TammikSi have G9 792 and my laptop is G9 591 but our BIOS has the same number of modules and modules have the same headers.
Can advanced menu be unlocked by only swaping DXE modules between BIOS? Does DXE module contain any data about BIOS version? Could there be a mismatch that would brick the laptop? I’m trying to do everything as safe as possible.
I completely dried my eyes while reading donovan’s blog and it’s useless with modern versions.
As for your last post, if someone is reading this page, should at least know how to use Phoenix tool