GMABooster? Accelerate?

I decided to publish the results of my research on the GMABooster program, which was presented to habrazhiteley just yesterday. At once I will say, the analysis would not have been carried out so quickly, if it were not for the completely unfamiliar habrayuzer Werat , which remotely tested my code from the admin on my Acer Aspire One a150 (the same person ventured).

With my topic, I would like to emphasize the importance of open products, the freedom to exchange information between people [and remind everyone complaining and crying that Habr is a cake!].
')
Disclaimer: The analysis is provided solely for educational and peaceful purposes, the last thing I would like to reduce the amount of donations towards the author of the program. In any case, they carried out work that deserves respect. Also, I have to consider an “alternative” solution for some platforms, due to the fact that GMABooster is not convenient for several criteria, especially for Linux and Mac users.



The topic has risen quite interesting, in the topic there were thoughts about a possible deception and it was decided to check for yourself. Being the owner of Acer Aspire 8735G, it was not easy to do this, so I went from the reverse and started doing reverse engineering. Immediately I will clarify, we will not bypass the protection of the author.

Nutro under Windows

At the moment from the official site you can download two versions of GMABooster'a. For GMA900 and GMA950. In fact, there is only one version and one distribution. Unpack and dive into the content analysis - we immediately discard the uninstaller, presets for different frequencies, documentation. Leave the following set of files:

Auto.exe is a console utility for changing the frequency. This utility can be invoked with command line parameters that set the frequency value.

As you can see, it is implemented on .Net (language is not important). GUI, launchers and other presets are written on .Net. Here is such a wild mix of drivers and high-level frameworks. Decompilation lovers can use .Net Reflector to find out everything they want. The license agreement forbids me to decompile, while I accept the conditions of the game and look for other ways.

Porttalk.sys is actually some kind of driver. Googling, you can find out that this is really PortTalk - a driver for the NT-family of Windows OS, which allows you to directly access the I / O ports. He really does not have x64 support, and the last update was in the 2002th year. By the way, PortTalk uses tricky tricks to provide access (yes, it was all just in Windows 9x). I recommend to read more on the project page, especially the project is open and free.

Helper.exe - absolutely by chance noticed in the PortTalk documentation that it comes with the AllowIO program, which allows you to start a third-party application and open for it certain (or all) ports through the installed PortTalk driver. Actually, this is AllowIO.exe, except that the author renamed it and made funny changes:

The links to the official site PortTalk are overwritten and the copyright as a class has been destroyed. It became sad.

GMABooster's workflow is becoming clearer. Someone launches Helper.exe, which gives the application access to I / O ports. The application should now access the ports and make a series of requests. ASM-inserts in .Net will not be entirely appropriate (and, in this form, impossible), so the author was obliged to bring them into separate modules. Let's look further.

AsmDll.dll and AsmDll2.dll - the actual implementation of communication at the level of I / O ports [0CF8h / 0CFCh, configuring PCI]. Well, we will not decompile, for sure there will be something painfully classic (although I am far enough from this):

Set the Bus / Device / Function / Register parameters and execute the query + write the value of the parameter. More information can be found on the links: PCI Configuration Space and it is the same, but for programmers .

Let us dwell only on AsmDll.dll (they are practically the same between them, just Auto.exe does not use AsmDll2 at all, respectively, you can cope without it). I will not tell you how I got the prototype of a single exported function [ int32 AsmAdd (int32, int32) ], but here I am clean before the law. More than once I stopped at the fact that we will not decompile, so a replacement of the AsmDll library was written, which also exported only one AsmAdd function and output the flown information to the log. Having a little tortured Mr. Werat 'a and his netbook, the values ​​of the input parameters for each frequency were obtained.

166 MHz [0xF0, 0x34646000] [0xF0, 0x34646500] [0xF0, 0x34646000]
200 MHz [0xF0, 0x34646000] [0xF0, 0x34640534]
250 MHz [0xF0, 0x34646000] [0xF0, 0x34640531]
400 Mhz [0xF0, 0x34646000] [0xF0, 0x34640533]

In [], one call was made to AsmAdd by the “frequency switching” utility, respectively, for 166 MHz it was triggered three times (perhaps this is an error, or some author's watermark - I will not judge, for an amateur), for the others twice.

Actually for me, 0x34640533 will remain the magic number, I am sure that there will be someone on Habré who can explain what / where and how.

Alternative

Thus, to overclock your Intel-based GPU to a frequency of 400 MHz (according to GMABooster'a), it is enough to write to the hardware registers.

For example, the script for Mac OS will look something like this:
reggie_se -w 0x34646000 -D PCI -i 16 -a 0xF0 -B 32
reggie_se -w 0x34640533 -D PCI -i 16 -a 0xF0 -B 32

You can add it to autoload without any problems. I am sure that a utility similar to reggie_se is also available in Linux.

Conclusions for yourself

1. I do not want to talk about changing the frequency, because the voltage does not change, I'm sure of it;
2. The utility is safe (in terms of malware);
3. The utility performs the simplest (from the point of view of implementation) action - writing a certain value to the register, a specific change in the configuration of the PCI device. Why the author keeps it secret and makes the headache for users [weekly update, etc.], I personally do not understand;
4. Changes made work until the moment of going to sleep / hibernation / shutdown;
5. Author GMABooster'a many hoisted on the needle :)
6. Based on numerous reviews, a slight acceleration is indeed observed;
7. I was wrong, using a slightly blurry floomby jpg-image in the topic.

I do not deny the merits of the author, I would still like to see him on Habré, hear the story of the appearance of the magic number and apologize to him for my article.

I would very much like to find people who could competently use the results (implementation for x64, for example). I will also be happy to hear any additions from knowledgeable specialists - being far from such low-level things, I can not understand everything, let alone explain, for which I apologize.

Update # 1 News from the front of the makovods , there the owner of the Mac paid attention to the way GMABooster works (it turns out to be the same reggie_se) and suggested its own version of the script + gave quite funny comments. And more useful material (not verified, true) for Linux owners