Page 1 of 1

baby steps #7 - big real mode

Posted: Fri May 24, 2002 6:37 pm
by crazybuddha
(a.k.a unreal or voodoo mode.)

While this code is largely just a party trick, understanding it gives a gentle intro to protected mode concepts and possibly avoids some headaches later on 'cause you skipped over this kind of stuff.

The single descriptor in the global descriptor table at the bottom is layed out to match 'baby steps #6'. The 'size' given is 1 MB, the base address is 0x0, and the bit fields you can work out yourself.

The reason for doing this is to enable 32-bit offsets in real mode. However, you won't be able to go past 1 meg quite yet.

In protected mode, the bits 3-15 in the segment register are an index into the descriptor table. That's why in this code 0x08 = 1000b gets you the 1 entry.

When this register given a "selector", a "segment descriptor cache register" is filled with the descriptor values, including the size (or limit). After the switch back to real mode, these values are not modified, regardless of what value is in the 16-bit segment register. So the 64k limit is no longer valid and 32-bit offsets can be used with the real-mode addressing rules (i.e. shift segment 4 bits, then add offset).

Finally, note that IP is unaffected by all this, so the code itself is still limited to 64k.

;==========================================
; nasmw boot.asm -o boot.bin
; partcopy boot.bin 0 200 -f0

[ORG 0x7c00]??????; add to offsets

start:???xor ax, ax???; make it zero
???mov ds, ax???; DS=0
???mov ss, ax???; stack starts at 0
???mov sp, 0x9c00???; 200h past code start
???
???cli??????; no interrupt
???push ds??????; save real mode
???
???lgdt [gdtinfo]???; load gdt register??????
???
???mov eax, cr0???; switch to pmode by
???inc ax??????; toggling last bit
???mov cr0, eax

???mov bx, 0x08???; select descriptor 1
???mov ds, bx???; 8h = 1000b
???
???dec ax??????; switch back to real mode
???mov cr0, eax???; by toggling bit again

???pop ds??????; get back old segment
???sti

???mov bx, 0x0f01???; attrib/char of smiley
???mov eax, 0x0b8000 ; note 32 bit offset
???mov word [ds:eax], bx

???jmp $??????; loop forever???

gdtinfo:
???dw gdt_end - gdt - 1???;last byte in table
???dd gdt?????????;start of table ??????
???
gdt dd 0,0 ; entry 0 is always unused
flatdesc db 0xff, 0xff, 0, 0, 0, 10010010b, 01001111b, 0
gdt_end:

???times 510-($-$$) db 0 ; fill sector w/ 0's
???dw 0xAA55 ; req'd by some BIOSes
;==========================================

Re:baby steps #7 - big real mode

Posted: Sat May 25, 2002 9:36 am
by Pype.Clicker
If i remember well my old tutorials, there is a way to access the whole physical memory (i.e. >1Mb) using this technique: if you enable the A20 gate ...

F_Enable_A20:
;==================================================================
;== init Enable HMA access (real mode)
;== assumes interrupts disabled
;==================================================================
   push ax
   push cx

   call A20@wt      ;wait 8042 to be ready

   mov al,0D1h ;message: writing on port 0x60
   out 64h,al      ;sent to COMMAND PORT
   call A20@wt

   mov al,0DFh      ;enable 32 bits addresses
   out 60h,al
   call A20@wt

   pop cx
   pop ax
   ret

A20@wt:   xor cx,cx      ;WAIT 8042 STATE
A20@00:   in al,64h
   test al,2
   loopne A20@00
   jne A20@01
   ret

A20@01:   add sp,6      ;cleans up the stack
   mov ax,code_16
   mov ds,ax
   mov dx,dat(xmsg4)   ;error message !
   jmp error

Re:baby steps #7 - big real mode

Posted: Sat May 25, 2002 9:46 am
by crazybuddha
Yes. But that is also skipping ahead. First, I intend to show why you enable A20 and what it is. Stopping the memory wrap is a separate issue from protected mode and its differences from real mode - both the obvious ones and problems that are more subtle.

Re:baby steps #7 - big real mode

Posted: Sat May 25, 2002 4:10 pm
by Pype.Clicker
No problemo ... that was just a footnote for those who can't wait (:)
This baby steps series is a good stuff! go on, buddah

--
ps: your avatar's face is really scary :o

Re:baby steps #7 - big real mode

Posted: Tue Aug 20, 2002 12:44 am
by DynatOS
How reliable is this "Unreal Mode"? I've used a similiar example to yours on 2 systems. On Bochs it works fine, on my Intel 486DX 33 it freezes before the switch (infinite loop/no triple fault.)

Re:baby steps #7 - big real mode

Posted: Tue Aug 20, 2002 1:11 am
by df
unreal mode is well documented and heaps of doc files around the net on it. since it was a 'trick' or more or less, something the cpu designers didnt intend, there is no telling how compatible it is with current processors.

a lot of old demos used it before going full pmode, back when all demos were written in assembly.. it was pretty reliable.