Saturday, March 17, 2012

Lab1-Part A: Boot a PC (BIOS Run)





Exercise01:
Just read inline assembly
Ref Link Linux assemblers: A comparison of GAS and NASM


Exercise2:
Just run GDB for remote debugging by the given script. See the GAS code if you can.

Boot ASM code explanation.
  1. [f000:fff0] 0xffff0:    ljmp   $0xf000,$0xe05b  //For Real-Mode's ljmp
  2. jmp 0xfc85e
  3. %cr0 = %cr0  0x9ffffff  0 For  follows
    30CDCache disableGlobally enables/disable the memory cache
    29NWNot-write throughGlobally enables/disable write-back caching
  4. cli
  5. cld
  6. set port 0x70 = 0x8f
    •  to enable NMI- Non Maskable Interrupt
  7. port 0x71 
    • RTC是否為0 此例中為0 故續往下exec
  8. set %ss =0  and %esp = 0x7000 
    • to form SS:[ESP] stack segment (PS: Code Segment: CS:[EIP])
  9. mov $0xf4b2c, %edx 
    • //for  DMA controller setup section.
  10. jmp 0xfc719 
  11. enable 0x92 ; System devices A20 line. fast A20
  12. 0xfc726: in     $0x71,%al
    0xfc728: in     $0x92,%al
    0xfc72a: or     $0x2,%al
    0xfc72c: out    %al,$0x92
    for (11.)
  13. lidtw  %cs:-0x31cc    
    • set IDT
  14. lgdtw  %cs:-0x3188 
    •  set GDT
  15. enable %Cr0's 1st bit. 
    • Enable Protected Mode
  16. 0xfc744:    ljmpl  $0x8,$0xfc74c 
    • //For Protected Mode's ljmp, 換code segment 並跳至其code segment 下的0xfc74c
  17. set ds es ss fs gs 為0x10 from gdt
  18. jmp to *%edx  (look item.9) 
  19. out 0 to slave dma controller- port: 0xd
  20. out 0 to master dma controller-port 0xda/0xd6/0xd4
  21. jmp to 0x7c00
    •  The address in ram to load the boot sector into.
  22. #
After Lesson:
Question1: Why did not I find  /boot/boot.S, /boot/main.c by GDB: info sources ; Its symbol
                   readelf -a obj/boot/main.o
Ans: That belongs to the boot loader placed on the #1 sector at disk. and load it into 0x7C00 to execute.
#


Question2: Where is the Code's symbol?
Ans: Symbol is in obj/boot/boot.out.$file obj/boot/boot.out
#


Question3: How to Assume It? when ljmp called show the following msg.
                  "The target architecture is assumed to be i386"
Ans: Not Yet.
#


Question4: In BIOS ROM code, when to set %cs value, so as to use for (item13/14)
 Ans: %CS為0xf0000 因為是BIOS section.
#


Question5: How/What did MIT patch the QEMU?
Ans: Not Yet.
#

Question6: Why did BIOS need to switch to Protected Mode?
Ans: It wants to use the Protected Mode's functionality .
        Like ljmp mem48 :In Real Address Mode or Virtual 8086 mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register
        Ref Link: bootloader - switching processor to protected mode By Stackoverflow
#
  1. cr0
    BitNameFull NameDescription
    31PGPagingIf 1, enable paging and use the CR3 register, else disable paging
    30CDCache disableGlobally enables/disable the memory cache
    29NWNot-write throughGlobally enables/disable write-back caching
    18AMAlignment maskAlignment check enabled if AM set, AC flag (in EFLAGS register) set, and privilege level is 3
    16WPWrite protectDetermines whether the CPU can write to pages marked read-only
    5NENumeric errorEnable internal x87 floating point error reporting when set, else enables PC style x87 error detection
    4ETExtension typeOn the 386, it allowed to specify whether the external math coprocessor was an 80287 or 80387
    3TSTask switchedAllows saving x87 task context only after x87 instruction used after task switch
    2EMEmulationIf set, no x87 floating point unit present, if clear, x87 FPU present
    1MPMonitor co-processorControls interaction of WAIT/FWAIT instructions with TS flag in CR0
    0PEProtected Mode EnableIf 1, system is in protected mode, else system is in real mode

No comments:

Post a Comment

歡迎正面積極的討論。