I am currently trying to create a custom bootloader. It does work on real mode, but when I try to enter protected mode, it triple faults on QEMU.
The bootloader is in 2 stages. The first stage load the second stage to avoid the 512 bytes limit (by the way, the stage 2 is far from the 512 bytes), then the stage 2 enter in protected mode (it tries... ), and jump the the 32 bits code which is in the stage 2 binary.
Code: Select all
gdt:
.byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9b, 0xdf, 0x00
.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x93, 0xdf, 0x00
gdtptr:
.short 0x18
.long (gdt + STAGE2_BOOTSEG * 0x10 + STAGE2_BOOTOFF)
_start:
/* Initializing segments */
movw $STAGE2_BOOTSEG, %ax
movw %ax, %ds
movw %ax, %es
movw $STAGE2_STACKSEG, %ax
movw %ax, %ss
movw $STAGE2_STACKP, %sp
/* Reset disks */
movb $0x0, %ah
int $0x13
/* Setup GDT and enable protected mode */
cli
lgdt gdtptr
movl %cr0, %eax
orl $0x00000001, %eax
movl %eax, %cr0
/* Setup kernel segments */
movl $STAGE2_BOOTSEG, %eax
movl %eax, %ds
movl %eax, %es
movl %eax, %fs
movl %eax, %gs
movl $STAGE2_STACKSEG, %eax
movl %eax, %ss
movl $STAGE2_STACKP, %esp
/* Jump to kernel */
ljmp $STAGE2_BOOTSEG, $test
.code32
test:
movb $0x41, 0xb8a00
jmp .
Code: Select all
.equ STAGE2_BOOTSEG, 0x0820
.equ STAGE2_STACKSEG, 0x0860
.equ STAGE2_STACKP, 0x0400
Code: Select all
SMM: enter
EAX=00000001 EBX=0000000b ECX=02000000 EDX=02000628
ESI=00000000 EDI=02000000 EBP=00000007 ESP=00006d68
EIP=000ef2e5 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
CS =0008 00000000 ffffffff 00cf9b00 DPL=0 CS32 [-RA]
SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT= 000f7180 00000037
IDT= 000f71be 00000000
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
DR6=ffff0ff0 DR7=00000400
CCS=00000080 CCD=00000001 CCO=LOGICB
EFER=0000000000000000
SMM: after RSM
EAX=00000001 EBX=0000000b ECX=02000000 EDX=02000628
ESI=00000000 EDI=02000000 EBP=00000007 ESP=00006d68
EIP=000ef2e5 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
CS =0008 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA]
SS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
FS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
GS =0010 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT= 000f7180 00000037
IDT= 000f71be 00000000
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
DR6=ffff0ff0 DR7=00000400
CCS=00000000 CCD=000a7fe4 CCO=EFLAGS
EFER=0000000000000000
* Why is there so many lines on QEMU output ? Also it looks like protected mode is enabled, disabled, etc...
* What hint could lead me to the solution ?
If you have got hints apart the GDT problem, about the flags, code conventions or else, do not hesitate to inform me
Thank you