Defining protected-mode segment-descriptors An example of a protected-mode

Defining protected-mode segment-descriptors An example of a protected-mode bootsector application that draws a message to the video display

What will we do once there? • Let’s explore writing a bootsector program that will do something perceptible while in protected-mode, namely: show a message • We won’t be able to call BIOS functions (they’re designed to work in real-mode) • We must write directly to video memory

Recall PC Memory Layout 0 x. F 0000 0 x. C 0000 0 x. A 0000 ROM-BIOS VIDEO-BIOS VRAM 0 x 00000 1 -MB

Three VRAM zones COLOR TEXT 32 -KB MONOCHROME TEXT 32 -KB GRAPHICS 64 -KB 0 x. B 8000 0 x. B 0000 0 x. A 0000

Array of picture-elements • • Text-mode VRAM is organized as an array Each array-element occupies one word Word’s LSB holds ascii character-code Word’s MSB holds a color-number pair 12 11 15 bgcolor nybble 0 8 7 fgcolor ASCII character-code nybble byte

Color-Attribute Byte Blink R G background color attribute B Intense R G foreground color attribute B

Screen-element locations 80 columns characters 0. . 79 characters 80. . 159 25 rows characters 1920. . 1999 Video screen

x 86 “Little-Endian” storage • Intel’s x 86 CPUs use little-endian storage • The “little end” of any multibyte value is stored at the smaller operand-address • Example: EAX = 0 x 12345678 mov [0 x 9000], EAX Memory-addresses occupied by operand 0 x 78 0 x 9000 0 x 56 0 x 9001 0 x 34 0 x 9002 0 x 12 0 x 9003

Drawing a character-string • Setup DS: SI with string’s starting address • Setup ES: DI with initial address on screen • Clear DF-bit (Direction Flag) in FLAGS register • Setup desired color attribute-byte in AH register again: lodsb ; next character to AL or al, al ; is final null-byte? jz finis ; yes, exit from loop stosw ; write char & colors jmp again ; go back for another finis:

Planning our memory usage • To draw a screen-message in protectedmode, our program will need to address these memory-segments: – its code (executable, at 0 x 07 C 00) – its data (readable and writable, at 0 x 07 C 00) – its stack (readable, writable, expand-down) – the video ram (32 KB, writable, at 0 x. B 8000) • For its return to real-mode, our program will need 64 KB code and data segments

VRAM segment-descriptor 31 16 Base[31. . 24] RA D CR Limit GDS V P P SX / / A [19. . 16] VL L DW Base[15. . 0] Base[23. . 16] Limit[15. . 0] 0 15 VRAM Base-Address = 0 x 000 B 8000 VRAM Segment-Limit = 0 x 07 FFF (32 -KB) Segment-attributes: P=1, A=0, S=1, X=0, D=0, W=1 DPL=0, G=0, D=0 (RSV=0, AVL=0). WORD 0 x 7 FFF, 0 x 8000, 0 x 920 B, 0 x 0000

CODE segment-descriptor 31 16 Base[31. . 24] RA D CR Limit GDS V P P SX / / A [19. . 16] VL L DW Base[15. . 0] Base[23. . 16] Limit[15. . 0] 0 15 CODE Base-Address = 0 x 00007 C 00 CODE Segment-Limit = 0 x 0 FFFF (64 -KB) Segment-attributes: P=1, A=0, S=1, X=1, C=0, R=1 DPL=0, G=0, D=0 (RSV=0, AVL=0). WORD 0 x. FFFF, 0 x 7 C 00, 0 x 9 A 00, 0 x 0000

DATA segment-descriptor 31 16 Base[31. . 24] RA D CR Limit GDS V P P SX / / A [19. . 16] VL L DW Base[15. . 0] Base[23. . 16] Limit[15. . 0] 0 15 DATA Base-Address = 0 x 00007 C 00 DATA Segment-Limit = 0 x 0 FFFF (64 -KB) Segment-attributes: P=1, A=0, S=1, X=0, D=0, W=1 DPL=0, G=0, D=0 (RSV=0, AVL=0). WORD 0 x. FFFF, 0 x 7 C 00, 0 x 9200, 0 x 0000

STACK segment-descriptor 31 16 Base[31. . 24] RA D CR Limit GDS V P P SX / / A [19. . 16] VL L DW Base[15. . 0] Base[23. . 16] Limit[15. . 0] 0 15 STACK Base-Address = 0 x 00007 C 00 STACK Segment-Limit = 0 x 001 FF (512 -Bytes) Segment-attributes: P=1, A=0, S=1, X=0, D=1, W=1 DPL=0, G=0, D=0 (RSV=0, AVL=0). WORD 0 x 01 FF, 0 x 7 C 00, 0 x 9600, 0 x 0000

Setting up the GDT • Base-Address must be quadword-aligned. ALIGN 8 • NULL-Descriptor occupies first quadward the. GDT: . WORD 0, 0, 0, 0 • GDT base-address and segment-limit: base: #0 x 00007 C 00 + #the. GDT limit: 8 * (number of descriptors) - 1

Loading register LDTR GDTR BASE_ADDRESS LIMIT 48 -bits • We can load LDTR from our stack: mov add mov push lgdt add eax, #0 x 00007 C 00 eax, #the. GDT dx, #0 x 27 eax dx [esp] esp, #6 ; boot location ; add GDT offset ; five descriptors ; push bits 47. . 16 ; push bits 15. . 0 ; load 48 -bit LDTR ; discard 3 words

Entering protected-mode • No interrupts from any peripheral devices (since BIOS’s real-mode ISRs won’t work) • Set the PE-bit to 1 (in register CR 0) • Do a far-jump (to load the CS attributes) • Load SS: SP with stacktop and attributes • Setup DS and ES for data and vram • Write character-string to video memory

Leaving protected-mode • Be sure segment-registers are loaded with selectors for descriptors that have suitable segment-limits and segment-attributes for correct execution when back in real-mode • Reset PE-bit to 0 (in register CR 0) • Do a far-jump (to load CS with paragraph) • Load SS: SP with real-mode stack-address • Wait for user’s keypress before rebooting

Demo-program • We have a bootsector program on website (‘pmhello. s’) which illustrates the principles just discussed • Try assembling and installing it: – $ as 86 pmhello. s –b pmhello. b – $ dd if=pmhello. b of=/dev/fd 0 • Restart machine, use the GRUB memu to select this bootsector as execution-option

In-class exercises • What happens if you changed the ‘code’ descriptor’s access-rights byte from 0 x 9 A to 0 x 9 C (i. e. , conforming code-segment)? • Where exactly in does the ‘expand-down’ stack-segment reside? – BASE_ADDRESS = 0 x 00007 C 00 – SEGMENT_LIMIT = 0 x 001 FF