[Tool] SmokelessRuntimeEFIPatcher (SREP)

AkizukiKaguya · June 10, 2025, 5:20am

I also found this issue, But somehow the original one is also missing.

So i was thinking how this can work lol
(Sorry for i dont know how to use the quote correctly)

So finally, the correct struct will be like this ?

# Type  Size    String ID   String ID   Question ID                     Form ID     Question Id    Form GUID
#               of name     of desc
# 0F    0F      BE 1A       E5 1A       02 00       00 00 FF FF 00      03  E1      29 02          0A8212861A000000120619000000160212061600010016022902198212860D000300
# 0F    21      BE 1A       E5 1A       02 00       00 00 FF FF 00      99  00      01 00          9E76D4C6487F2A4D98E987ADCCF35CCC290229022902290229022902290229022902
# 0F    21      BE 1A       E5 1A       02 00       00 00 FF FF 00      01  00      01 D2          4CFD01432B8145B9CD380EDEEF508129022902290229022902290229022902290200

EDIT: I did a try with this config:

Op Patch
Pattern
0F0FBE1AE51A02000000FFFF0003E129020A8212861A000000120619000000160212061600010016022902198212860D000300
0F21BE1AE51A02000000FFFF00010001D24CFD01432B8145B9CD380EDEEF508129022902290229022902290229022902290200

The BIOS crashed when i clicked the General Settings, the parent menu of the Network Boot Settings lol

EDIT: Another try with:

Op Patch
Pattern
0F0FBE1AE51A02000000FFFF0003E129020A8212861A000000120619000000160212061600010016022902198212860D000300
0F21BE1AE51A02000000FFFF0099000100D24CFD01432B8145B9CD380EDEEF5081290229022902290229022902290229022902

Somehow its still crash when i click the Network Boot Settings.

# Type  Size    String ID   String ID   Question ID                     Form ID    Question Id     Form GUID
#               of name     of desc
# 0F    0F      BE 1A       E5 1A       02 00       00 00 FF FF 00      03 E1      29 02           0A8212861A000000120619000000160212061600010016022902198212860D000300
# 0F    21      BE 1A       E5 1A       02 00       00 00 FF FF 00      99 00      01 00           9E76D4C6487F2A4D98E987ADCCF35CCC290229022902290229022902290229022902
# 0F    21      BE 1A       E5 1A       02 00       00 00 FF FF 00      01 00      01 00           D24CFD01432B8145B9CD380EDEEF5081290229022902290229022902290229022902
# 0F    21      BE 1A       E5 1A       02 00       00 00 FF FF 00      99 00      01 00           D24CFD01432B8145B9CD380EDEEF5081290229022902290229022902290229022902

EDIT: Finally, Thank you ! I’ve understanded how to modify it correctly, By this:

Op Patch
Pattern
0F0FBE1AE51A02000000FFFF0003E129020A8212861A000000120619000000160212061600010016022902198212860D000300
0F21BE1AE51A02000000FFFF0001000100D24CFD01432B8145B9CD380EDEEF5081290229022902290229022902290229022902

The Network Boot Settings will open the menu of Performance Tunning.
Again, Thank you !

Edit by Fernando: Thread title customized

Sweet_Kitten · June 13, 2025, 4:00am

I investigated my attempt inserting REF3 in Setup back in 2023. And as the srep dev said, patching loaded module is tricky…

Somehow certain IFR opcodes cannot be altered in Setup by srep, but certain can be, i.e. Questions, Statements, Operators (ifs, end ifs and etc.). I already knew that, but it took a lot of time to realize that it was the reason for my fail in the past.

Finally, I’ve managed to add a link to some other FormSet, by srep patch on a generic Clevo laptop.

AkizukiKaguya · June 13, 2025, 4:51am

Is this means like replace menu direct to another menu ? Can you share how ?

And btw, Do you know how to extract H2OFormBrowserDxe data, its all of string piece in non-hex mode. Someone says some menu were hidden inside H2OFormBrowserDxe, I want to check out by my self.

EDIT: Another question, If the Advanced menu has been removed from the BIOS Image, Is there a way to load a advanced menu by outside file or its impossible to unlock then ? Thank you.

Sweet_Kitten · June 13, 2025, 5:41am

I mean the following

Advanced Chipset Control refs to form 0x1 in Power tab. Basically, this is the same as what you did.

There’s no IFR data in this module. You can’t extraxt what doesn’t exist.

Perhaps, you're looking for this array

By the file you mean bios image file? If so, you can’t simply take IFR from other bios and insert into yours.
Setup module means very little. What matters is efi variables. In order for the new features to work, other bios modules have to support them.

AkizukiKaguya · June 13, 2025, 5:50am

Ah, I see, Replace ref struct to submenu if i think correctly ?

Yes, I don’t know if this array defines if the menu should be appear, By my search on internet it should be, But how them got the menu name ?

Which means if advanced was deleted, There is no way to adjust CPU, unlock configs ?

Sweet_Kitten · June 13, 2025, 5:59am

It does define which formset should appear. See SREP-Patches/Configs/Acer/Lenovo Metro Display Engine_Insyde_BiosUnlock.cfg at master · Maxinator500/SREP-Patches · GitHub
The bios tab name gets retrieved from the formset ifr data.

I think yes.

AkizukiKaguya · June 13, 2025, 6:07am

Are there any tools to check ?

That is bad, Well anyway thank you for your patience and reply.

Sweet_Kitten · June 13, 2025, 6:11am

Don’t know. I use the method of sharp seeing.

AkizukiKaguya · June 13, 2025, 6:22am

kk, Thank you for your information !