Page 1 of 1
help me in vm86
Posted: Tue May 03, 2011 6:13 pm
by TheLoST
hello , im new in this forum , my problem exactly
after i create a vm86 task and execute iret
Code: Select all
mov ss , tss.ss0 ; 0x18
mov esp , tss.esp0 ; 0x1F000
push vm86task.gs ; 0x0900
push vm86task.fs ; 0x0900
push vm86task.ds ; 0x0900
push vm86task.es ; 0x0900
push vm86task.ss ; 0x0800
push vm86task.esp ; 0xFFFF
push vm86task.eflags ; 0x20202
push vm86task.cs ; 0x0900
push vm86task.eip ; 0x0
iret
vm86task start correctly and work to int 0x10 for now its cool
my problem at GP exception the stack frame contain
Code: Select all
0x0900 ; gs
0x0900 ; fs
0x0900 ; ds
0x0900 ; es
0x180800 ; ????????????????????????????????????????
0x20202 ; eflags
0x0900 ; cs
0xb ; eip
i dont understand whay th cpu dont pop correct before exception handle
in some book and tuto like this
http://www.logix.cz/michal/doc/i386/chp15-03.htm
info :
_ qemu emulator /Oracle virtualBox
_ gcc compilator
_ ubuntu
thnx , sorry for my english is not good
Re: help me in vm86
Posted: Tue May 03, 2011 10:29 pm
by b.zaar
Code: Select all
0x0900 ; gs
0x0900 ; fs
0x0900 ; ds
0x0900 ; es
0x180800 ; ????????????????????????????????????????
0x20202 ; eflags
0x0900 ; cs
0xb ; eip
You're mixing the ss and esp values together.
should be something like the following
Code: Select all
0x0900 ; gs
0x0900 ; fs
0x0900 ; ds
0x0900 ; es
0x0800 ; ss
0x???? ; esp
0x20202 ; eflags
0x0900 ; cs
0xb ; eip
Re: help me in vm86
Posted: Tue May 03, 2011 11:21 pm
by TheLoST
b.zaar wrote:Code: Select all
0x0900 ; gs
0x0900 ; fs
0x0900 ; ds
0x0900 ; es
0x180800 ; ????????????????????????????????????????
0x20202 ; eflags
0x0900 ; cs
0xb ; eip
You're mixing the ss and esp values together.
should be something like the following
Code: Select all
0x0900 ; gs
0x0900 ; fs
0x0900 ; ds
0x0900 ; es
0x0800 ; ss
0x???? ; esp
0x20202 ; eflags
0x0900 ; cs
0xb ; eip
thnx b.zaar , bat this is my problem the CPU has mixing the ss with ss0 because ss0 value as 0x18 , i dont understande whay the CPU in GP as mixing this value , i need the old esp and old ss to run the vm86 monitor
Re: help me in vm86
Posted: Tue May 03, 2011 11:50 pm
by b.zaar
I think you should be ignoring the 0x18xxxx of ss as it's above the 16 bit limit of a vm86 stack structure, do something like 0x180800 & 0xFFFF to get the low 16 bit value you need.
Re: help me in vm86
Posted: Wed May 04, 2011 9:51 pm
by TheLoST
b.zaar wrote:I think you should be ignoring the 0x18xxxx of ss as it's above the 16 bit limit of a vm86 stack structure, do something like 0x180800 & 0xFFFF to get the low 16 bit value you need.
thnx b.zaar it work my first problem ase resolved now my problem with I/O port
the eflags value : 0x23202 : iopl as 3 but all time i have GP exception , in the monitor i emulate just this instruction
cli , sti , popf pushf , int x , iret , 0xef , 0xed :
in vm task test i call int 10 its work correctly just i dont semilate 0xee , 0xec instruction in google i understand this opcode its
in/out
Re: help me in vm86
Posted: Wed May 04, 2011 10:51 pm
by b.zaar
TheLoST wrote:b.zaar wrote:I think you should be ignoring the 0x18xxxx of ss as it's above the 16 bit limit of a vm86 stack structure, do something like 0x180800 & 0xFFFF to get the low 16 bit value you need.
thnx b.zaar it work my first problem ase resolved now my problem with I/O port
the eflags value : 0x23202 : iopl as 3 but all time i have GP exception , in the monitor i emulate just this instruction
cli , sti , popf pushf , int x , iret , 0xef , 0xed :
in vm task test i call int 10 its work correctly just i dont semilate 0xee , 0xec instruction in google i understand this opcode its
in/out
IOPL = 3 works differently between vm86 mode and protected mode and a vm86 task requires a valid I/O permission bitmap in the task state segment.
Read the section - 17.2.8.1 I/O-Port-Mapped I/O - in the intel manuals from Vol 3 - System Programming Guide.
section - 15.5.1 I/O-Mapped I/O - from you link to the original 386 programmers guide.
Re: help me in vm86
Posted: Thu May 05, 2011 5:00 pm
by TheLoST
b.zaar wrote:
IOPL = 3 works differently between vm86 mode and protected mode and a vm86 task requires a valid I/O permission bitmap in the task state segment.
Read the section - 17.2.8.1 I/O-Port-Mapped I/O - in the intel manuals from Vol 3 - System Programming Guide.
section - 15.5.1 I/O-Mapped I/O - from you link to the original 386 programmers guide.
i extend my tss with 1869 byts like this
Code: Select all
struct tss {
u16 previous_task, __previous_task_unused;
u32 esp0;
u16 ss0, __ss0_unused;
u32 esp1;
u16 ss1, __ss1_unused;
u32 esp2;
u16 ss2, __ss2_unused;
u32 cr3;
u32 eip, eflags, eax, ecx, edx, ebx, esp, ebp, esi, edi;
u16 es, __es_unused;
u16 cs, __cs_unused;
u16 ss, __ss_unused;
u16 ds, __ds_unused;
u16 fs, __fs_unused;
u16 gs, __gs_unused;
u16 ldt_selector, __ldt_sel_unused;
u16 debug_flag, io_map;
} __attribute__ ((packed));
struct extand_tss{
struct tss tss0;
u32 iobitmap[256];
} __attribute__((packed));
struct extand_tss default_tss;
in gdt
i put the desc of tss like this
base : &default_tss
limit : 0x467
default_tss.tss0.io_map = 0x67;
but in my vm86 task i have int 0x10 is not work correctly
Re: help me in vm86
Posted: Fri May 06, 2011 1:10 am
by b.zaar
TheLoST wrote:i extend my tss with 1869 byts like this
Code: Select all
struct tss {
u16 previous_task, __previous_task_unused;
u32 esp0;
u16 ss0, __ss0_unused;
u32 esp1;
u16 ss1, __ss1_unused;
u32 esp2;
u16 ss2, __ss2_unused;
u32 cr3;
u32 eip, eflags, eax, ecx, edx, ebx, esp, ebp, esi, edi;
u16 es, __es_unused;
u16 cs, __cs_unused;
u16 ss, __ss_unused;
u16 ds, __ds_unused;
u16 fs, __fs_unused;
u16 gs, __gs_unused;
u16 ldt_selector, __ldt_sel_unused;
u16 debug_flag, io_map;
} __attribute__ ((packed));
struct extand_tss{
struct tss tss0;
u32 iobitmap[256];
} __attribute__((packed));
struct extand_tss default_tss;
in gdt
i put the desc of tss like this
base : &default_tss
limit : 0x467
default_tss.tss0.io_map = 0x67;
but in my vm86 task i have int 0x10 is not work correctly
Your io_map address should be 0x68, the first byte past the tss, also make sure you clear all the memory in the io_map. The rest looks alright.