Hi
Some years ago I debugged Award 4.51 PG BIOS (I wanted to find and change the 'universal password' of this BIOS
)
After dumping the code I've replaced all E000: and F000: references to not write-protected free segment (p.e. 2000: and 3000: ). Award used original form of jumps - they didn't use "jmp far F000:FF95" but "push FF95, push F000, ret", and changing the segment was easy.
Then I manually replaced loaded code (in softice 2.8) to appropriate segment, set EP to 3000:FFF0 and the session started...
It was possible to trace through most of POST procs, only a few of them hanged the system.
Of course, this way of debugging is not exactly related to how BIOS runs during real boot.
Regards
amigo