snare · Freddrickk · Feb 16, 2018 · Mar 6, 2018 · Mar 5, 2018 · May 10, 2018
diff --git a/README.md b/README.md
@@ -8,39 +8,52 @@ This package contains the following files:
 
 2. `efiguids.py` - A collection of known GUIDs for EFI protocols
 
-3. `efiguids_ami.py` - A collection of known GUIDs for protocols used in the AMI BIOS
+3. `efiguids_ami.py` - A collection of known GUIDs for protocols used in the AMI
+BIOS
 
-4. `behemoth.h` - A giant header containing a collection of type and structure definitions for EFI
+4. `behemoth.h` - A giant header containing a collection of type and structure
+definitions for EFI
 
-5. `structs.idc` - An IDC script containing some struct definitions (superseded by `behemoth.h`)
+5. `structs.idc` - An IDC script containing some struct definitions (superseded
+by `behemoth.h`)
 
 6. `te_image.bt` - An 010 Editor template for TE binary images
 
 7. `te_loader.py` - An IDA Pro loader script for TE binary images
 
-This is my first attempt at IDA scripting, so please forgive me and let me know if I've reinvented wheels/done anything silly.
+This is my first attempt at IDA scripting, so please forgive me and let me know
+if I've reinvented wheels/done anything silly.
 
 ## Functions
 
-The main useful functions are described below. See code and docstrings for more information on other functions.
+The main useful functions are described below. See code and docstrings for more
+information on other functions.
 
 ### `rename_tables()`
 
-Finds the first entry point for the binary, tries to track the parameters that were passed to the entry point function and rename global variables in which the key EFI tables are stored. The following renaming operations are performed:
+Finds the first entry point for the binary, tries to track the parameters that
+were passed to the entry point function and rename global variables in which the
+key EFI tables are stored. The following renaming operations are performed:
 
 1. Global where `ImageHandle` ends up is renamed to `gImageHandle`.
 
 2. Global where `SystemTable` ends up is renamed to `gSystemTable`.
 
-3. Global where `SystemTable->BootServices` ends up is renamed to `gBootServices`.
+3. Global where `SystemTable->BootServices` ends up is renamed to
+`gBootServices`.
 
-4. Global where `SystemTable->RuntimeServices` ends up is renamed to `gRuntimeServices`.
+4. Global where `SystemTable->RuntimeServices` ends up is renamed to
+`gRuntimeServices`.
 
-Call instructions will only be followed one level deep, as most executables copy the table references in the entry point or a function called from the entry point. Change `MAX_STACK_DEPTH` if necessary.
+Call instructions will only be followed one level deep, as most executables copy
+the table references in the entry point or a function called from the entry
+point. Change `MAX_STACK_DEPTH` if necessary.
 
 ### `update_structs()`
 
-Finds cross-references to tables renamed above, and updates their names to be struct offsets from the appropriate structs. If `rename_tables()` failed you'll need to rename things manually as above for this to work properly.
+Finds cross-references to tables renamed above, and updates their names to be
+struct offsets from the appropriate structs. If `rename_tables()` failed you'll
+need to rename things manually as above for this to work properly.
 
 
 For example:
@@ -55,7 +68,14 @@ Becomes:
 
 ### `rename_guids()`
 
-Finds GUIDs in data segments and renames them. 470 protocol GUIDs were pulled out of the TianoCore source, and proprietary Apple (and other vendor) GUIDs will be added as they are encountered.
+Finds GUIDs in data segments and renames them. 470 protocol GUIDs were pulled
+out of the TianoCore source, and proprietary Apple (and other vendor) GUIDs will
+be added as they are encountered.
+
+### `update_protocols()`
+
+Finds protocol's interfaces resolved using the `LocateProtocol` function and
+applies the struct offsets on calls made to its references.
 
 ### `go()`
 
@@ -65,14 +85,16 @@ Convenience method that does all of the above.
 
 1. Load up your EFI binary in IDA Pro
 
-2. Import `behemoth.h` to define the necessary data structures
-
-3. Add the structures from local types to your IDB
+2. Run `efiguids.py` to add it to python's path (or do this by some other
+method)
 
-4. Run `efiutils.py` to add it to python's path (or do this by some other method)
+3. Run `efiutils.py` to add it to python's path (or do this by some other
+method)
 
-5. Have a look at the code/docstrings, but probably:
+4. Have a look at the code/docstrings, but probably:
 
 		import efiutils; efiutils.go()
 
-To use the `te_loader.py` TE image loader, install it as you would any other loader. On OS X this is done by copying or symlinking it inside the loaders folder at `idaq.app/Contents/MacOS/loaders/`.
+To use the `te_loader.py` TE image loader, install it as you would any other
+loader. On OS X this is done by copying or symlinking it inside the loaders
+folder at `idaq.app/Contents/MacOS/loaders/`.
diff --git a/efiguids.py b/efiguids.py
@@ -190,6 +190,7 @@
 'EFI_EXT_SCSI_PASS_THRU_PROTOCOL_GUID':[0x143b7632, 0xb81b, 0x4cb7, 0xab, 0xd3, 0xb6, 0x25, 0xa5, 0xb9, 0xbf, 0xfe],
 'EFI_FAULT_TOLERANT_WRITE_PROTOCOL_GUID':[0x3ebd9e82, 0x2c78, 0x4de6, 0x97, 0x86, 0x8d, 0x4b, 0xfc, 0xb7, 0xc8, 0x81],
 'EFI_FFS_VOLUME_TOP_FILE_GUID':[0x1BA0062E, 0xC779, 0x4582, 0x85, 0x66, 0x33, 0x6A, 0xE8, 0xF7, 0x8F, 0x09],
+'EFI_FILE_INFO_ID': [0x09576e92, 0x6d3f, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b], 
 'EFI_FILE_SYSTEM_INFO_ID_GUID':[0x9576e93, 0x6d3f, 0x11d2, 0x8e, 0x39, 0x0, 0xa0, 0xc9, 0x69, 0x72, 0x3b],
 'EFI_FILE_SYSTEM_VOLUME_LABEL_INFO_ID_GUID':[0xDB47D7D3, 0xFE81, 0x11d3, 0x9A, 0x35, 0x00, 0x90, 0x27, 0x3F, 0xC1, 0x4D],
 'EFI_FIND_FV_PPI_GUID':[0x36164812, 0xa023, 0x44e5, 0xbd, 0x85, 0x5, 0xbf, 0x3c, 0x77, 0x0, 0xaa],