续上一篇 bootsect.s讲解
功能描述
setup程序的主要作用是利用ROM BIOS中断读取机器系统数据,并将这些数据保存到0x90000开始的位置为什么保存在0x90000开始的位置呢?因为0x90000之前保存的bootsect程序已经执行完毕,可以覆盖掉了 将system模块从0x10000-0x8ffff(512KB)整体向下移动到内存绝对地址0x00000处。加载中断描述符表寄存器idtr和全局描述符表寄存器gdtr,开启A20地址线,重新设置两个中断控制芯片8259A,将硬件中断号重新设置为0x20 - 0x2f。最后设置CPU的控制寄存器CR0,从而进入32位保护模式运行,并跳转到位于system模块最前面部分的head.s继续运行。
代码分析
首先是数据声明部分INITSEG = 0x9000 ! we move boot here - out of the way
SYSSEG = 0x1000 ! system loaded at 0x10000 (65536).
SETUPSEG = 0x9020 ! this is the current segment
.globl begtext, begdata, begbss, endtext, enddata, endbss
.text
begtext:
.data
begdata:
.bss
begbss:
.text
先读取当前坐标,保存起来以备后续使用entry start
start:
! ok, the read went well so we get current cursor position and save it for
! posterity.
mov ax,#INITSEG ! this is done in bootsect already, but...
mov ds,ax
mov ah,#0x03 ! read cursor pos
xor bh,bh
int 0x10 ! save it in known place, con_init fetches
mov [0],dx ! 返回结果保存在dx寄存器中,然后将结果保存到0x90000处。it from 0x90000.
获取从0x10000开始的扩展内存大小(KB)! Get memory size (extended mem, kB)
mov ah,#0x88
int 0x15
mov [2],ax ! 返回值保存在ax中,ax=从0x100000开始的扩展内存大小(KB)
获取显卡相关信息并保存起来! Get video-card data:
mov ah,#0x0f
int 0x10
mov [4],bx ! bh = display page ,当前页数
mov [6],ax ! al = video mode 显示模式, ah = window width 字符列数
获取VGA相关信息,并保存起来! check for EGA/VGA and some config parameters
mov ah,#0x12
mov bl,#0x10
int 0x10
mov [8],ax
mov [10],bx ! 0x9000A = 安装的显示内存, 0x9000B = 显示模式(彩色/单色)
mov [12],cx ! 显示卡特性参数
获取硬盘相关的信息,并保存! Get hd0 data ! 取0号硬盘的参数表,是中断0x41的向量值,一共取0x10个字节
mov ax,#0x0000
mov ds,ax
lds si,[4*0x41]
mov ax,#INITSEG
mov es,ax
mov di,#0x0080
mov cx,#0x10
rep
movsb
! Get hd1 data ! 取1号硬盘的参数表,是中断0x46的向量值,一共取0x10个字节
mov ax,#0x0000
mov ds,ax
lds si,[4*0x46]
mov ax,#INITSEG
mov es,ax
mov di,#0x0090
mov cx,#0x10
rep
movsb
! Check that there IS a hd1 :-)
mov ax,#0x01500
mov dl,#0x81
int 0x13
jc no_disk1
cmp ah,#3 ! ah==3表示是硬盘
je is_disk1
no_disk1: ! 如果不是硬盘则对hd1硬盘表清0
mov ax,#INITSEG
mov es,ax
mov di,#0x0090
mov cx,#0x10
mov ax,#0x00
rep
stosb ! 该指令的作用:将al赋值给es:di
is_disk1:
准备进入保护模式了,先将系统起始地址从0x10000移动到0x00000! now we want to move to protected mode ...
! 进入保护模式的相关工作
cli ! no interrupts allowed ! 关中断
! first we move the system to it's rightful place
mov ax,#0x0000
cld ! 'direction'=0, movs moves forward,清方向标志,表示每次移动si+=1, di+=1
do_move:
mov es,ax ! destination segment
add ax,#0x1000 ! 每次循环ax+=0x1000,即每次移动一个段=64kb
cmp ax,#0x9000 !判断是否移动完毕
jz end_move
mov ds,ax ! source segment
sub di,di
sub si,si
mov cx,#0x8000 ! 这里计算一下:0x8000次,由于使用movsw即每次双字节,那么0x8000*2=0x10000=64kb=段大小
rep
movsw
jmp do_move
加载中断描述符表寄存器和全局描述符表寄存器! then we load the segment descriptors
end_move:
mov ax,#SETUPSEG ! right, forgot this at first. didn't work :-),回到本程序所在的段
mov ds,ax
lidt idt_48 ! load idt with 0,0 将48位中断描述符表寄存器加载到idt_48变量处,在后面定义
lgdt gdt_48 ! load gdt with whatever appropriate,同上
打开A20地址线,关于A20地址线:参考博客, A20是一个为了解决80286的一个bug引入的,之后为了实现向下兼容而一直保留。! that was painless, now we enable A20
call empty_8042 ! 必须等待缓冲区为空
mov al,#0xD1 ! command write,发送禁止键盘操作命令
out #0x64,al
call empty_8042 ! 再次等待缓冲区为空
mov al,#0xDF ! A20 on, 将A20打开的命令
out #0x60,al
call empty_8042 ! 等待到缓冲区为空,A20就打开了
下面设置中断,为了避免与保留的硬件中断发生冲突,所以中断的起始号是0x20。因为IBM并没有这么做,所以我们需要重新对8259芯片编程,下面代码都是操作8259的,笔者没有仔细去研究,对8259感兴趣的读者可以去查一下关于8259的资料! well, that went ok, I hope. Now we have to reprogram the interrupts :-(
! we put them right after the intel-reserved hardware interrupts, at
! int 0x20-0x2F. There they won't mess up anything. Sadly IBM really
! messed this up with the original PC, and they haven't been able to
! rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f,
! which is used for the internal hardware interrupts as well. We just
! have to reprogram the 8259's, and it isn't fun.
mov al,#0x11 ! initialization sequence
out #0x20,al ! send it to 8259A-1
.word 0x00eb,0x00eb ! jmp $+2, jmp $+2, 这里其实是两个指令,用来起延时作用的
out #0xA0,al ! and to 8259A-2
.word 0x00eb,0x00eb
mov al,#0x20 ! start of hardware int's (0x20)
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x28 ! start of hardware int's 2 (0x28)
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x04 ! 8259-1 is master
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x02 ! 8259-2 is slave
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x01 ! 8086 mode for both
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0xFF ! mask off all interrupts for now
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
开启保护模式(很简单的操作,3行代码搞定),就是将CR0的PE位置1! well, that certainly wasn't fun :-(. Hopefully it works, and we don't
! need no steenking BIOS anyway (except for the initial loading :-).
! The BIOS-routine wants lots of unnecessary data, and it's less
! "interesting" anyway. This is how REAL programmers do it.
!
! Well, now's the time to actually move into protected mode. To make
! things as simple as possible, we do no register set-up or anything,
! we let the gnu-compiled 32-bit programs do that. We just jump to
! absolute address 0x00000, in 32-bit protected mode.
mov ax,#0x0001 ! protected mode (PE) bit
lmsw ax ! This is it! LMSW:Load Machine State Word 加载机器状态字,将PE位置1,开启保护模式
jmpi 0,8 ! jmp offset 0 of segment 8 (cs), 这里是段选择符
解析:
lmsw:Load Machine State World。其中机器状态字的0位为PE位,为保护模式的标志,所以执行这条指令就能打开保护模式。打开保护模式后,需要跳转到system代码处执行,因为打开了保护模式所以跳转指令也不一样了: jmpi 0, 8。上面的0表示偏移为0,8表示段选择符。其中位0-1表示特权级,这里为系统级特权。位2表示使用全局描述符表。位3-15表示描述符表项的索引值,这里为1,表示使用的是下文代码中的第一个描述符,其基址是0。表示跳转到段基址为0,偏移为0处继续执行。 剩余代码! This routine checks that the keyboard command queue is empty
! No timeout is used - if this hangs there is something wrong with
! the machine, and we probably couldn't proceed anyway.
empty_8042:
.word 0x00eb,0x00eb ! 两个跳转指令,起到延时的作用
in al,#0x64 ! 8042 status port
test al,#2 ! is input buffer full?
jnz empty_8042 ! yes - loop
ret
gdt:
.word 0,0,0,0 ! dummy ! 这是一个没用的描述符,但是必须有
! 第一个描述符
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb)
.word 0x0000 ! base address=0 ! 段基址
.word 0x9A00 ! code read/exec ! 代码段
.word 0x00C0 ! granularity=4096, 386
! 第二个描述符
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb)
.word 0x0000 ! base address=0 ! 段基址
.word 0x9200 ! data read/write ! 数据段
.word 0x00C0 ! granularity=4096, 386
idt_48:
.word 0 ! idt limit=0
.word 0,0 ! idt base=0L
gdt_48:
.word 0x800 ! gdt limit=2048, 256 GDT entries
.word 512+gdt,0x9 ! gdt base = 0X9xxxx
.text
endtext:
.data
enddata:
.bss
endbss:
上面涉及描述符表的,看这张图: 涉及到的额外的知识:
BIOS int 0x10硬盘基本参数(int 0x41)A20地址问题8259中断控制芯片Intel CPU 32位保护运行模式,包括段选择符,段描述符,页表寻址机制等。
本系列博客目录 下一篇:head.s程序分析
