用 bochs 的反組譯功能來觀察保護模式程式碼

idt.S 從真實模式切換到保護模式再切回真實模式。本篇主要討論切換模式時, jmp 的長相。這是透過自己寫的 loader, 將 idt.com (idt.S) 載入到 0x7000:0x100, 再用 bochs 的 debug 反組譯 jmp 的程式碼。

idt.S

  1 /*
  2    ref: Orange'S：一个操作系统的实现
  3    do the 5M memory r/w
  4  */
  5 /* chapter3/1/loader.S
  6
  7    Author: Wenbo Yang <solrex@gmail.com> <http://solrex.cn>
  8
  9    This file is part of the source code of book "Write Your Own OS with Free
 10    and Open Source Software". Homepage @ <http://share.solrex.cn/WriteOS/>.
 11
 12    This file is licensed under the GNU General Public License; either
 13    version 3 of the License, or (at your option) any later version. */
 14
 15 #include "pm.h"
 16
 17 .code16
 18 .text
 19     jmp LABEL_BEGIN     /* jump over the .data section. */
 20
 21 /* NOTE! Wenbo-20080512: Actually here we put the normal .data section into
 22    the .code section. For application SW, it is not allowed. However, we are
 23    writing an OS. That is OK. Because there is no OS to complain about
 24    that behavior. :) */
 25
 26 /* Global Descriptor Table */
 27 LABEL_GDT:          Descriptor  0,                        0, 0
 28 LABEL_DESC_NORMAL:  Descriptor  0,         0xffff, DA_DRW    # Normal descriptor is for back to real mode.
 29 LABEL_DESC_CODE32:  Descriptor  0,       (SegCode32Len - 1), (DA_C + DA_32)
 30 LABEL_DESC_CODE16:  Descriptor    0,         0xffff, DA_C      # 非一致程式碼段, 16
 31 LABEL_DESC_DATA:   Descriptor    0,      DataLen-1, DA_DRW    # Data
 32 LABEL_DESC_STACK:  Descriptor    0,     TopOfStack, DA_DRWA+DA_32 # Stack, 32 位
 33 LABEL_DESC_TEST: Descriptor 0x500000, 0xffff, DA_DRW
 34 LABEL_DESC_VIDEO:   Descriptor  0xB8000, 0xffff, DA_DRW
 35
 36 .set GdtLen, (. - LABEL_GDT)  /* GDT Length */
 37
 38 GdtPtr: .2byte  (GdtLen - 1)  /* GDT Limit */
 39         .4byte  0             /* GDT Base */
 40
 41 /* GDT Selector */
 42 .set SelectorNormal, (LABEL_DESC_NORMAL - LABEL_GDT) 
 43 .set    SelectorCode32, (LABEL_DESC_CODE32 - LABEL_GDT)
 44 .set SelectorCode16, (LABEL_DESC_CODE16 - LABEL_GDT)
 45 .set SelectorData, (LABEL_DESC_DATA         - LABEL_GDT)
 46 .set SelectorStack, (LABEL_DESC_STACK        - LABEL_GDT)
 47 .set SelectorTest, (LABEL_DESC_TEST         - LABEL_GDT)
 48 .set    SelectorVideo,  (LABEL_DESC_VIDEO  - LABEL_GDT)
 49
 50
 51 /* Program starts here. */
 52 LABEL_BEGIN:
 53     mov     %cs, %ax    /* Move code segment address(CS) to data segment */
 54     mov     %ax, %ds    /* register(DS), ES and SS. Because we have      */
 55     mov     %ax, %es    /* embedded .data section into .code section in  */
 56     mov     %ax, %ss    /* the start(mentioned in the NOTE above).       */
 57
 58     movw     $0x100, %sp
 59     nop
 60     movw %ax, (LABEL_GO_BACK_TO_REAL+3) # modify segment value, indexed memory mode, ref  professional aeesmbly language p 102.
 61     movw     %sp, (SPValueInRealMode)
 62
 63
 64     /* Initialize 16-bits code segment descriptor. */
 65     xor     %eax, %eax
 66     mov     %cs, %ax
 67     shl     $4, %eax
 68     addl    $(LABEL_SEG_CODE16), %eax
 69     movw    %ax, (LABEL_DESC_CODE16 + 2)
 70     shr     $16, %eax
 71     movb    %al, (LABEL_DESC_CODE16 + 4)
 72     movb    %ah, (LABEL_DESC_CODE16 + 7)
 73
 74     /* Initialize 32-bits code segment descriptor. */
 75     xor     %eax, %eax
 76     mov     %cs, %ax
 77     shl     $4, %eax
 78     addl    $(LABEL_SEG_CODE32), %eax
 79     movw    %ax, (LABEL_DESC_CODE32 + 2)
 80     shr     $16, %eax
 81     movb    %al, (LABEL_DESC_CODE32 + 4)
 82     movb    %ah, (LABEL_DESC_CODE32 + 7)
 83
 84  # initialize data segment descriptor
 85  xor %eax, %eax
 86  mov %ds, %ax
 87  shl $4, %eax
 88  addl $(LABEL_DATA), %eax
 89  movw %ax, (LABEL_DESC_DATA + 2)
 90  shr $16, %eax
 91  movb %al, (LABEL_DESC_DATA + 4)
 92  movb %ah, (LABEL_DESC_DATA + 7)
 93
 94  # initialize stack segment descriptor
 95  xor %eax, %eax
 96  mov %ds, %ax
 97  shl $4, %eax
 98  addl $(LABEL_STACK), %eax
 99  movw %ax, (LABEL_DESC_STACK + 2)
100  shr $16, %eax
101  movb %al, (LABEL_DESC_STACK + 4)
102  movb %ah, (LABEL_DESC_STACK + 7)
103
104     /* Prepared for loading GDTR */
105     xor     %eax, %eax
106     mov     %ds, %ax
107     shl     $4, %eax
108     add     $(LABEL_GDT), %eax      /* eax <- gdt base*/
109     movl    %eax, (GdtPtr + 2)
110
111   movb $'Z', _SavedIDTR
112
113 #  mov $0xb800,%ax
114 #  mov %ax,%gs
115 #  mov $0xa,%ah
116 #  mov _SavedIDTR,%al
117 #  mov %ax,%gs:((80*0)*2)
118
119     /* Load GDTR(Global Descriptor Table Register) */
120     lgdtw   GdtPtr
121
122     /* Clear Interrupt Flags */
123     cli
124
125     /* Open A20 line. */
126     inb     $0x92, %al
127     orb     $0b00000010, %al
128     outb    %al, $0x92
129
130     /* Enable protect mode, PE bit of CR0. */
131     movl    %cr0, %eax
132     orl     $1, %eax
133     movl    %eax, %cr0
134
135     /* Mixed-Size Jump. */
136     ljmp $SelectorCode32, $0       /* Thanks to earthengine@gmail, I got */
137                                     /* this mixed-size jump insn of gas.  */
138                                     /* this calls far jump (ptr 16:32) in intel manual) */
139
140 LABEL_REAL_ENTRY:               # 從保護模式跳回到實模式就到了這裡
141         mov     %cs, %ax
142         mov     %ax, %ds
143         mov     %ax, %es
144         mov     %ax, %ss
145
146 #        mov     sp, [SPValueInRealMode]
147         movw     (SPValueInRealMode), %sp
148
149 #  movb $0xc, %ah
150 #  movb _SavedIDTR, %al
151
152   mov $0xb800,%ax
153   mov %ax,%gs
154   mov $0xc,%ah
155   mov _SavedIDTR,%al
156   #mov $'U',%al
157   mov %ax,%gs:((80*0+39)*2)
158
159
160
161         in      $0x92, %al
162         and     $0b11111101, %al   #  close A20 line
163         out     %al, $0x92
164
165         sti                     # 開中斷
166         jmp .
167
168         mov     $0x4c00, %ax
169         int     $0x21             #  回到 DOS
170 # END of .code16
171
172 LABEL_SEG_CODE32:
173 .code32
174
175  mov $(SelectorData), %ax
176  mov %ax, %ds   # 資料段選擇子
177  mov $(SelectorTest), %ax
178  mov %ax, %es   # 測試段選擇子
179
180
181
182
183
184  mov $(SelectorStack), %ax
185  mov %ax, %ss   # 堆疊段選擇子
186
187  mov $(TopOfStack), %esp
188
189     mov     $(SelectorVideo), %ax
190     mov     %ax, %gs                /* Video segment selector(dest) */
191
192     movl    $2, %edi
193     movb    $0xC, %ah               # 0000: Black Back 1100: Red Front
194     movb    $'8', %al
195     movw    %ax, %gs:(%edi)
196
197     ljmpl     $SelectorCode16,$0
198     # jmpl     $SelectorCode16,$0 # it works
199
200 # ------------------------------------------------------------------------
201 TestRead:
202  xor %esi, %esi
203  mov $8, %ecx
204 .loop:
205  mov %es:(%esi), %al
206  call DispAL
207  inc %esi
208  loop .loop
209  call DispReturn
210
211  ret
212 # TestRead 結束-----------------------------------------------------------
213
214
215 # ------------------------------------------------------------------------
216 TestWrite:
217  pushl %esi
218  pushl %edi
219  xor %esi, %esi
220  xor %edi, %edi
221  mov $(OffsetStrTest), %esi # data offset
222  cld # Clear Direction Flag, ref: http://www.fermi.mn.it/linux/quarta/x86/cld.htm
223             # After CLD is executed, string operations will increment the index
224             # (SI and/or DI) that they use.
225 .6:
226  lodsb # For legacy mode, Load byte at address DS:(E)SI into AL.
227               # For 64-bit mode load byte at address (R)SI into AL.
228               # ref: http://siyobik.info/main/reference/instruction/LODS%2FLODSB%2FLODSW%2FLODSD%2FLODSQ
229
230  test %al, %al
231  jz .5 # zf = 1 jump
232 # mov [es:edi], al
233  mov %al, %es:(%edi)
234  inc %edi
235  jmp .6
236 .5:
237
238  popl %edi
239  popl %esi
240  ret
241 # TestWrite 結束----------------------------------------------------------
242
243
244 # ------------------------------------------------------------------------
245 # 顯示 AL 中的數字
246 # 默認地:
247 # 數字已經存在 AL 中
248 # edi 始終指向要顯示的下一個字元的位置
249 # 被改變的暫存器:
250 # ax, edi
251 # ------------------------------------------------------------------------
252 DispAL:
253  pushl %ecx
254  pushl %edx
255
256  movb $0x0c, %ah # 0000: 黑底    1100: 紅字
257  movb %al, %dl
258  shr $4, %al
259  movl $2, %ecx
260 .begin:
261  andb $0x0f, %al
262  cmp $9, %al
263  ja .3          # cf=0, zf=0, above 9 (>9)
264  #addb $'0', %al
265  addb $0x30, %al
266  jmp .4
267 .3:
268  sub $0x0A, %al
269  #add $'A', %al
270  add $0x41, %al
271 .4:
272  #mov [gs:edi], ax
273  mov %ax, %gs:(%edi)
274  add $2, %edi
275
276  mov %dl, %al
277  loop .begin
278  add $2, %edi
279
280  popl %edx
281  popl %ecx
282
283  ret
284 # DispAL 結束-------------------------------------------------------------
285
286
287 # ------------------------------------------------------------------------
288 DispReturn:
289  pushl %eax
290  pushl %ebx
291  mov %edi, %eax
292  movb $160, %bl
293  divb %bl          # %eax/160, 商 al, 餘數 ah.
294  and $0x0FF, %eax
295  inc %eax         # ++ %eax
296  mov $160, %bl
297  mul %bl
298  mov %eax, %edi
299  popl %ebx
300  popl %eax
301  ret
302 # DispReturn 結束---------------------------------------------------------
303
304 /*
305 kmain:
306         pushl   %ebp
307         movl    %esp, %ebp
308         popl    %ebp
309         ret
310         .size   kmain, .-kmain
311         .ident  "GCC: (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2"
312 */
313 #        .section        .note.GNU-stack,"",@progbits
314
315
316 /* Get the length of 32-bit segment code. */
317 .set    SegCode32Len, . - LABEL_SEG_CODE32
318
319 #[SECTION .data1]         ; 資料段
320 #ALIGN   32
321 #[BITS   32]
322 LABEL_DATA:
323 SPValueInRealMode: .2byte 0x0
324 _SavedIDTR: .4byte 0x12345678
325 _SavedIDTR__: .4byte 0xabcdef35
326 .set saved_idtr_offset, (. - LABEL_DATA)
327 _SavedIMREG: .byte 0x0
328 .set saved_imreg_offset, (. - LABEL_DATA)
329 # string
330 PMMessage:              .ascii      "In Protect Mode now. ^-^\0"   # 在保護模式中顯示
331 .set    OffsetPMMessage, (PMMessage - LABEL_DATA)
332 #StrTest:                .ascii "B\0"
333 StrTest:                .ascii "ABCDEFGHIJKLMNOPQRSTUVWXYZ\0"
334 #OffsetStrTest           equ     StrTest - $$
335 .set OffsetStrTest , (StrTest - LABEL_DATA)
336 #DataLen                 equ     $ - LABEL_DATA
337 .set DataLen, .  - LABEL_DATA
338 /* 32-bit global stack segment. */
339 LABEL_STACK:
340 .space  512, 0
341 .set    TopOfStack, (. - LABEL_STACK - 1)
342
343 # END of [SECTION .data1]
344
345
346 LABEL_SEG_CODE16:
347 .code16
348     #jmp     .
349         # back to real mode
350         mov     $SelectorNormal, %ax
351         mov     %ax, %ds
352         mov     %ax, %es
353         mov     %ax, %fs
354         mov     %ax, %gs
355         mov     %ax, %ss
356
357         mov     %cr0, %eax
358         and     $0b11111110, %al
359         mov     %eax, %cr0
360
361
362 LABEL_GO_BACK_TO_REAL:
363 #.2byte 0xea66
364 #.4byte 0x00000000
365 #.2byte LABEL_REAL_ENTRY
366     jmp     $0, $LABEL_REAL_ENTRY      # 段位址會在程序開始處被設置成正確的值
367
368
369 .set Code16Len, . - LABEL_SEG_CODE16
370
371
372

在 bochs 設定檔加入
debugger_log: debugger.out
就可將 bochs 操作過程存到 debugger.out

173 (0) [0x00000000000701fd] 7000:000001fd (unk. ctxt): ljmp 0010:0000 ; ea00001000

136     ljmp $SelectorCode32, $0       /* Thanks to earthengine@gmail, I got */

這裡從真實模式轉到保護模式, 0x0010 已經是 selector, 指到 LABEL_SEG_CODE32:, 所以接下來的程式碼從這裡開始

對應的就是 idt.S

175  mov $(SelectorData), %ax

而 SelectorData 32 = 0x20, 符合 bochs 反組譯 l:176 的結果。

176 (0) [0x0000000000070228] 0010:00000000 (unk. ctxt): movw $0x0020, %ax         ; 66b82000

215 (0) [0x0000000000070252] 0010:0000002a (unk. ctxt): ljmp 0018:00000000 ; ea000000001800

197     ljmpl     $SelectorCode16,$0

這裡切到 .code16 的 LABEL_SEG_CODE16:, 雖然還在保護模式, 不過這裡已經是 16 bit 程式碼

245 (0) [0x0000000000070523] 0018:0015 (unk. ctxt): ljmp 7000:0202 ; ea02020070

366     jmp     $0, $LABEL_REAL_ENTRY      # 段位址會在程序開始處被設置成正確的值

這是從保護模式切回真實模式, 0x7000 是真實模式的 segment, 不再是 selector

bochs debugger.out

  1 Next at t=0
  2 (0) [0x00000000fffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b         ; ea5be000f0
  3 vb 0x7000:0x100
  4 c
  5 (3217570324) Breakpoint 3217568584, in 7000:0100 (0x00070100)
  6 Next at t=175332956
  7 (0) [0x0000000000070100] 7000:0100 (unk. ctxt): jmp .+70 (0x00070148)     ; eb46
  8 n
  9 Next at t=175332957
 10 (0) [0x0000000000070148] 7000:0148 (unk. ctxt): mov ax, cs                ; 8cc8
 11 n
 12 Next at t=175332958
 13 (0) [0x000000000007014a] 7000:014a (unk. ctxt): mov ds, ax                ; 8ed8
 14 u switch-mode
 15 n
 16 Next at t=175332959
 17 (0) [0x000000000007014c] 7000:014c (unk. ctxt): movw %ax, %es             ; 8ec0
 18 n
 19 Next at t=175332960
 20 (0) [0x000000000007014e] 7000:014e (unk. ctxt): movw %ax, %ss             ; 8ed0
 21 n
 22 Next at t=175332961
 23 (0) [0x0000000000070150] 7000:0150 (unk. ctxt): movw $0x0100, %sp         ; bc0001
 24 n
 25 Next at t=175332962
 26 (0) [0x0000000000070153] 7000:0153 (unk. ctxt): nop                       ; 90
 27 n
 28 Next at t=175332963
 29 (0) [0x0000000000070154] 7000:0154 (unk. ctxt): movw %ax, %ds:0x526       ; a32605
 30 n
 31 Next at t=175332964
 32 (0) [0x0000000000070157] 7000:0157 (unk. ctxt): movw %sp, %ds:0x2cf       ; 8926cf02
 33 n
 34 Next at t=175332965
 35 (0) [0x000000000007015b] 7000:015b (unk. ctxt): xorl %eax, %eax           ; 6631c0
 36 n
 37 Next at t=175332966
 38 (0) [0x000000000007015e] 7000:015e (unk. ctxt): movw %cs, %ax             ; 8cc8
 39 n
 40 Next at t=175332967
 41 (0) [0x0000000000070160] 7000:0160 (unk. ctxt): shll $0x04, %eax          ; 66c1e004
 42 n
 43 Next at t=175332968
 44 (0) [0x0000000000070164] 7000:0164 (unk. ctxt): addl $0x0000050e, %eax    ; 66050e050000
 45 n
 46 Next at t=175332969
 47 (0) [0x000000000007016a] 7000:016a (unk. ctxt): movw %ax, %ds:0x11c       ; a31c01
 48 n
 49 Next at t=175332970
 50 (0) [0x000000000007016d] 7000:016d (unk. ctxt): shrl $0x10, %eax          ; 66c1e810
 51 n
 52 Next at t=175332971
 53 (0) [0x0000000000070171] 7000:0171 (unk. ctxt): movb %al, %ds:0x11e       ; a21e01
 54 n
 55 Next at t=175332972
 56 (0) [0x0000000000070174] 7000:0174 (unk. ctxt): movb %ah, %ds:0x121       ; 88262101
 57 n
 58 Next at t=175332973
 59 (0) [0x0000000000070178] 7000:0178 (unk. ctxt): xorl %eax, %eax           ; 6631c0
 60 n
 61 Next at t=175332974
 62 (0) [0x000000000007017b] 7000:017b (unk. ctxt): movw %cs, %ax             ; 8cc8
 63 n
 64 Next at t=175332975
 65 (0) [0x000000000007017d] 7000:017d (unk. ctxt): shll $0x04, %eax          ; 66c1e004
 66 n
 67 Next at t=175332976
 68 (0) [0x0000000000070181] 7000:0181 (unk. ctxt): addl $0x00000228, %eax    ; 660528020000
 69 n
 70 Next at t=175332977
 71 (0) [0x0000000000070187] 7000:0187 (unk. ctxt): movw %ax, %ds:0x114       ; a31401
 72 n
 73 Next at t=175332978
 74 (0) [0x000000000007018a] 7000:018a (unk. ctxt): shrl $0x10, %eax          ; 66c1e810
 75 n
 76 Next at t=175332979
 77 (0) [0x000000000007018e] 7000:018e (unk. ctxt): movb %al, %ds:0x116       ; a21601
 78 n
 79 Next at t=175332980
 80 (0) [0x0000000000070191] 7000:0191 (unk. ctxt): movb %ah, %ds:0x119       ; 88261901
 81 n
 82 Next at t=175332981
 83 (0) [0x0000000000070195] 7000:0195 (unk. ctxt): xorl %eax, %eax           ; 6631c0
 84 n
 85 Next at t=175332982
 86 (0) [0x0000000000070198] 7000:0198 (unk. ctxt): movw %ds, %ax             ; 8cd8
 87 n
 88 Next at t=175332983
 89 (0) [0x000000000007019a] 7000:019a (unk. ctxt): shll $0x04, %eax          ; 66c1e004
 90 n
 91 Next at t=175332984
 92 (0) [0x000000000007019e] 7000:019e (unk. ctxt): addl $0x000002cf, %eax    ; 6605cf020000
 93 n
 94 Next at t=175332985
 95 (0) [0x00000000000701a4] 7000:01a4 (unk. ctxt): movw %ax, %ds:0x124       ; a32401
 96 n
 97 Next at t=175332986
 98 (0) [0x00000000000701a7] 7000:01a7 (unk. ctxt): shrl $0x10, %eax          ; 66c1e810
 99 n
100 Next at t=175332987
101 (0) [0x00000000000701ab] 7000:01ab (unk. ctxt): movb %al, %ds:0x126       ; a22601
102 n
103 Next at t=175332988
104 (0) [0x00000000000701ae] 7000:01ae (unk. ctxt): movb %ah, %ds:0x129       ; 88262901
105 n
106 Next at t=175332989
107 (0) [0x00000000000701b2] 7000:01b2 (unk. ctxt): xorl %eax, %eax           ; 6631c0
108 n
109 Next at t=175332990
110 (0) [0x00000000000701b5] 7000:01b5 (unk. ctxt): movw %ds, %ax             ; 8cd8
111 n
112 Next at t=175332991
113 (0) [0x00000000000701b7] 7000:01b7 (unk. ctxt): shll $0x04, %eax          ; 66c1e004
114 n
115 Next at t=175332992
116 (0) [0x00000000000701bb] 7000:01bb (unk. ctxt): addl $0x0000030e, %eax    ; 66050e030000
117 n
118 Next at t=175332993
119 (0) [0x00000000000701c1] 7000:01c1 (unk. ctxt): movw %ax, %ds:0x12c       ; a32c01
120 n
121 Next at t=175332994
122 (0) [0x00000000000701c4] 7000:01c4 (unk. ctxt): shrl $0x10, %eax          ; 66c1e810
123 n
124 Next at t=175332995
125 (0) [0x00000000000701c8] 7000:01c8 (unk. ctxt): movb %al, %ds:0x12e       ; a22e01
126 n
127 Next at t=175332996
128 (0) [0x00000000000701cb] 7000:01cb (unk. ctxt): movb %ah, %ds:0x131       ; 88263101
129 n
130 Next at t=175332997
131 (0) [0x00000000000701cf] 7000:01cf (unk. ctxt): xorl %eax, %eax           ; 6631c0
132 n
133 Next at t=175332998
134 (0) [0x00000000000701d2] 7000:01d2 (unk. ctxt): movw %ds, %ax             ; 8cd8
135 n
136 Next at t=175332999
137 (0) [0x00000000000701d4] 7000:01d4 (unk. ctxt): shll $0x04, %eax          ; 66c1e004
138 n
139 Next at t=175333000
140 (0) [0x00000000000701d8] 7000:01d8 (unk. ctxt): addl $0x00000102, %eax    ; 660502010000
141 n
142 Next at t=175333001
143 (0) [0x00000000000701de] 7000:01de (unk. ctxt): movl %eax, %ds:0x144      ; 66a34401
144 n
145 Next at t=175333002
146 (0) [0x00000000000701e2] 7000:01e2 (unk. ctxt): movb $0x5a, %ds:0x2d1     ; c606d1025a
147 n
148 Next at t=175333003
149 (0) [0x00000000000701e7] 7000:01e7 (unk. ctxt): lgdt %ds:0x142            ; 0f01164201
150 n
151 Next at t=175333004
152 (0) [0x00000000000701ec] 7000:01ec (unk. ctxt): cli                       ; fa
153 n
154 Next at t=175333005
155 (0) [0x00000000000701ed] 7000:01ed (unk. ctxt): inb $0x92, %al            ; e492
156 n
157 Next at t=175333006
158 (0) [0x00000000000701ef] 7000:01ef (unk. ctxt): orb $0x02, %al            ; 0c02
159 n
160 Next at t=175333007
161 (0) [0x00000000000701f1] 7000:01f1 (unk. ctxt): outb %al, $0x92           ; e692
162 n
163 Next at t=175333008
164 (0) [0x00000000000701f3] 7000:01f3 (unk. ctxt): movl %cr0, %eax           ; 0f20c0
165 n
166 Next at t=175333009
167 (0) [0x00000000000701f6] 7000:01f6 (unk. ctxt): orl $0x00000001, %eax     ; 6683c801
168 n
169 Next at t=175333010
170 (0) [0x00000000000701fa] 7000:01fa (unk. ctxt): movl %eax, %cr0           ; 0f22c0
171 n
172 Next at t=175333011
173 (0) [0x00000000000701fd] 7000:000001fd (unk. ctxt): ljmp 0010:0000            ; ea00001000 # 這裡從真實模式轉到保護模式, 0x0010 已經是 selector, 指到 LABEL_SEG_CODE32:, 所以接下來的程式碼從這裡開始
174 n
175 Next at t=175333012
176 (0) [0x0000000000070228] 0010:00000000 (unk. ctxt): movw $0x0020, %ax         ; 66b82000
177 n
178 Next at t=175333013
179 (0) [0x000000000007022c] 0010:00000004 (unk. ctxt): movw %ax, %ds             ; 8ed8
180 n
181 Next at t=175333014
182 (0) [0x000000000007022e] 0010:00000006 (unk. ctxt): movw $0x0030, %ax         ; 66b83000
183 n
184 Next at t=175333015
185 (0) [0x0000000000070232] 0010:0000000a (unk. ctxt): movw %ax, %es             ; 8ec0
186 n
187 Next at t=175333016
188 (0) [0x0000000000070234] 0010:0000000c (unk. ctxt): movw $0x0028, %ax         ; 66b82800
189 n
190 Next at t=175333017
191 (0) [0x0000000000070238] 0010:00000010 (unk. ctxt): movw %ax, %ss             ; 8ed0
192 n
193 Next at t=175333018
194 (0) [0x000000000007023a] 0010:00000012 (unk. ctxt): movl $0x000001ff, %esp    ; bcff010000
195 n
196 Next at t=175333019
197 (0) [0x000000000007023f] 0010:00000017 (unk. ctxt): movw $0x0038, %ax         ; 66b83800
198 n
199 Next at t=175333020
200 (0) [0x0000000000070243] 0010:0000001b (unk. ctxt): movw %ax, %gs             ; 8ee8
201 n
202 Next at t=175333021
203 (0) [0x0000000000070245] 0010:0000001d (unk. ctxt): movl $0x00000002, %edi    ; bf02000000
204 n
205 Next at t=175333022
206 (0) [0x000000000007024a] 0010:00000022 (unk. ctxt): movb $0x0c, %ah           ; b40c
207 n
208 Next at t=175333023
209 (0) [0x000000000007024c] 0010:00000024 (unk. ctxt): movb $0x38, %al           ; b038
210 n
211 Next at t=175333024
212 (0) [0x000000000007024e] 0010:00000026 (unk. ctxt): movw %ax, %gs:(%edi)      ; 65668907
213 n
214 Next at t=175333025
215 (0) [0x0000000000070252] 0010:0000002a (unk. ctxt): ljmp 0018:00000000        ; ea000000001800 # 這裡切到 .code16 的 LABEL_SEG_CODE16:, 雖然還在保護模式, 不過這裡已經是 16 bit 程式碼
216 n
217 Next at t=175333026
218 (0) [0x000000000007050e] 0018:00000000 (unk. ctxt): movw $0x0008, %ax         ; b80800
219 n
220 Next at t=175333027
221 (0) [0x0000000000070511] 0018:00000003 (unk. ctxt): movw %ax, %ds             ; 8ed8
222 n
223 Next at t=175333028
224 (0) [0x0000000000070513] 0018:00000005 (unk. ctxt): movw %ax, %es             ; 8ec0
225 n
226 Next at t=175333029
227 (0) [0x0000000000070515] 0018:00000007 (unk. ctxt): movw %ax, %fs             ; 8ee0
228 n
229 Next at t=175333030
230 (0) [0x0000000000070517] 0018:00000009 (unk. ctxt): movw %ax, %gs             ; 8ee8
231 n
232 Next at t=175333031
233 (0) [0x0000000000070519] 0018:0000000b (unk. ctxt): movw %ax, %ss             ; 8ed0
234 n
235 Next at t=175333032
236 (0) [0x000000000007051b] 0018:0000000d (unk. ctxt): movl %cr0, %eax           ; 0f20c0
237 n
238 Next at t=175333033
239 (0) [0x000000000007051e] 0018:00000010 (unk. ctxt): andb $0xfe, %al           ; 24fe
240 n
241 Next at t=175333034
242 (0) [0x0000000000070520] 0018:00000012 (unk. ctxt): movl %eax, %cr0           ; 0f22c0
243 n
244 Next at t=175333035
245 (0) [0x0000000000070523] 0018:0015 (unk. ctxt): ljmp 7000:0202            ; ea02020070 # 這是從保護模式切回真實模式, 0x7000 是真實模式的 segment, 不再是 selector
246 n
247 Next at t=175333036
248 (0) [0x0000000000070202] 7000:0202 (unk. ctxt): movw %cs, %ax             ; 8cc8
249 n
250 Next at t=175333037
251 (0) [0x0000000000070204] 7000:0204 (unk. ctxt): movw %ax, %ds             ; 8ed8
252 n
253 Next at t=175333038
254 (0) [0x0000000000070206] 7000:0206 (unk. ctxt): movw %ax, %es             ; 8ec0
255 n
256 Next at t=175333039
257 (0) [0x0000000000070208] 7000:0208 (unk. ctxt): movw %ax, %ss             ; 8ed0
258 n
259 Next at t=175333040
260 (0) [0x000000000007020a] 7000:020a (unk. ctxt): movw %ds:0x2cf, %sp       ; 8b26cf02
261 r
262 eax: 0x60007000 1610641408
263 ecx: 0x00000002 2
264 edx: 0x00000007 7
265 ebx: 0x00000001 1
266 esp: 0x000001ff 511
267 ebp: 0x0000ffea 65514
268 esi: 0x00000000 0
269 edi: 0x00000002 2
270 eip: 0x0000020a
271 eflags 0x00000002: id vip vif ac vm rf nt IOPL=0 of df if tf sf zf af pf cf
272 sreg
273 es:0x7000, dh=0x00009307, dl=0x0000ffff, valid=1
274  Data segment, base=0x00070000, limit=0x0000ffff, Read/Write, Accessed
275 cs:0x7000, dh=0x00009307, dl=0x0000ffff, valid=1
276  Data segment, base=0x00070000, limit=0x0000ffff, Read/Write, Accessed
277 ss:0x7000, dh=0x00009307, dl=0x0000ffff, valid=1
278  Data segment, base=0x00070000, limit=0x0000ffff, Read/Write, Accessed
279 ds:0x7000, dh=0x00009307, dl=0x0000ffff, valid=1
280  Data segment, base=0x00070000, limit=0x0000ffff, Read/Write, Accessed
281 fs:0x0008, dh=0x00009300, dl=0x0000ffff, valid=1
282  Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
283 gs:0x0008, dh=0x00009300, dl=0x0000ffff, valid=1
284  Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
285 ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
286 tr:0x0000, dh=0x00008b00, dl=0x0000ffff, valid=1
287 gdtr:base=0x00070102, limit=0x3f
288 idtr:base=0x00000000, limit=0x3ff
289 r
290 eax: 0x60007000 1610641408
291 ecx: 0x00000002 2
292 edx: 0x00000007 7
293 ebx: 0x00000001 1
294 esp: 0x000001ff 511
295 ebp: 0x0000ffea 65514
296 esi: 0x00000000 0
297 edi: 0x00000002 2
298 eip: 0x0000020a
299 eflags 0x00000002: id vip vif ac vm rf nt IOPL=0 of df if tf sf zf af pf cf
300 n
301 Next at t=175333041
302 (0) [0x000000000007020e] 7000:020e (unk. ctxt): movw $0xb800, %ax         ; b800b8
303 r
304 eax: 0x60007000 1610641408
305 ecx: 0x00000002 2
306 edx: 0x00000007 7
307 ebx: 0x00000001 1
308 esp: 0x00000100 256
309 ebp: 0x0000ffea 65514
310 esi: 0x00000000 0
311 edi: 0x00000002 2
312 eip: 0x0000020e
313 eflags 0x00000002: id vip vif ac vm rf nt IOPL=0 of df if tf sf zf af pf cf
314 n
315 Next at t=175333042
316 (0) [0x0000000000070211] 7000:0211 (unk. ctxt): movw %ax, %gs             ; 8ee8
317 n
318 Next at t=175333043
319 (0) [0x0000000000070213] 7000:0213 (unk. ctxt): movb $0x0c, %ah           ; b40c
320 n
321 Next at t=175333044
322 (0) [0x0000000000070215] 7000:0215 (unk. ctxt): movb %ds:0x2d1, %al       ; a0d102
323 n
324 Next at t=175333045
325 (0) [0x0000000000070218] 7000:0218 (unk. ctxt): movw %ax, %gs:0x4e        ; 65a34e00
326 n
327 Next at t=175333046
328 (0) [0x000000000007021c] 7000:021c (unk. ctxt): inb $0x92, %al            ; e492
329 n
330 Next at t=175333047
331 (0) [0x000000000007021e] 7000:021e (unk. ctxt): andb $0xfd, %al           ; 24fd
332 n
333 Next at t=175333048
334 (0) [0x0000000000070220] 7000:0220 (unk. ctxt): outb %al, $0x92           ; e692
335 n
336 Next at t=175333049
337 (0) [0x0000000000070222] 7000:0222 (unk. ctxt): sti                       ; fb
338 n
339 Next at t=175333050
340 (0) [0x0000000000070223] 7000:0223 (unk. ctxt): movw $0x4c00, %ax         ; b8004c
341 n
342 Next at t=175333051
343 (0) [0x0000000000070226] 7000:0226 (unk. ctxt): int $0x21                 ; cd21
344 n
345 Next at t=175333053
346 (0) [0x0000000000070228] 7000:0228 (unk. ctxt): movl $0xd88e0020, %eax    ; 66b820008ed8
347 n
348 Next at t=175333054
349 (0) [0x000000000007022e] 7000:022e (unk. ctxt): movl $0xc08e0030, %eax    ; 66b830008ec0
350 n
351 Next at t=175333055
352 (0) [0x0000000000070234] 7000:0234 (unk. ctxt): movl $0xd08e0028, %eax    ; 66b828008ed0
353 n
354 Next at t=175333056
355 (0) [0x000000000007023a] 7000:023a (unk. ctxt): movw $0x01ff, %sp         ; bcff01
356 n
357 Next at t=175333057
358 (0) [0x000000000007023d] 7000:023d (unk. ctxt): addb %al, %ds:(%bx,%si,1) ; 0000
359 n
360 Next at t=175333058
361 (0) [0x000000000007023f] 7000:023f (unk. ctxt): movl $0xe88e0038, %eax    ; 66b838008ee8
362 n
363 Next at t=175333059
364 (0) [0x0000000000070245] 7000:0245 (unk. ctxt): movw $0x0002, %di         ; bf0200
365 n
366 Next at t=175333060
367 (0) [0x0000000000070248] 7000:0248 (unk. ctxt): addb %al, %ds:(%bx,%si,1) ; 0000
368 n
369 Next at t=175333061
370 (0) [0x000000000007024a] 7000:024a (unk. ctxt): movb $0x0c, %ah           ; b40c
371 n
372 Next at t=175333062
373 (0) [0x000000000007024c] 7000:024c (unk. ctxt): movb $0x38, %al           ; b038
374 n
375 Next at t=175333063
376 (0) [0x000000000007024e] 7000:024e (unk. ctxt): movl %eax, %gs:(%bx,1)    ; 65668907
377 n
378 Next at t=175333064
379 (0) [0x0000000000070252] 7000:0252 (unk. ctxt): ljmp 0000:0000            ; ea00000000
380 quit
381 (0).[175333064] [0x0000000000070252] 7000:0252 (unk. ctxt): ljmp 0000:0000            ; ea00000000

人體汽肛 - 風馳電掣, 人車一體

blog 文章

2012年2月28日星期二