The MASM Forum Archive 2004 to 2012

Hi,
I have found a protected mode in a Intel Processors book. When I am exexuting it, it causes reset. I have also found a protected mode code in this forum but its using some difficult syntax. I am also searching for a20 line code. Can somebody plz help me to find bug with this protected mode bootsector program?


.MODEL SMALL

.STACK 2048

.386p

GDT_DESCR STRUC
gdt_size              WORD 0
gdt_location          DWORD 0
GDT_DESCR ENDS

GDT_ENTRY STRUC
segment_size15_0 WORD 0
base_addr15_0 WORD 0
base_addr23_16 BYTE 0
p_dpl_s_type BYTE 0
g_db_0_avl_seg19_16 BYTE 0
base_addr31_24 BYTE 0
GDT_ENTRY ENDS

PM_JUMP  MACRO _SEGMENT,_OFFSET
BYTE 0EAh
WORD _OFFSET
WORD _SEGMENT
ENDM

.data

gdt_descriptor GDT_DESCR  <127>

gdt GDT_ENTRY <>, \
<0FFFFh, , , 09Ah, 08Fh>, \ ;08
<0FFFFh, , , 092h, 08Fh>, \     ;10
<0FFFFh, , , 092h, 000h>, \ ;18 a valid 64 kB data descriptor
<0FFFFh, , , 09Ah, 0CFh> ;20 a flat 32 bit code segment

.code

MAIN PROC

mov ax,DGROUP
    mov ds,ax
;Get linear address of GDT
MOV AX, DS
MOVZX EAX, AX
SHL EAX, 4
ADD EAX, OFFSET gdt
MOV gdt_descriptor.gdt_location, EAX

;set decriptor 8 to base of CS
MOV AX, CS
MOVZX EAX, AX
SHL EAX, 4
mov [gdt+1*sizeof GDT_ENTRY].base_addr15_0,ax
    shr eax,16
mov [gdt+1*sizeof GDT_ENTRY].base_addr23_16,al
mov [gdt+1*sizeof GDT_ENTRY].base_addr31_24,ah

;set call to flat 32 bit code
mov ax, _TEXT32
    movzx eax,ax
    shl eax,4
    mov dx, offset start
    movzx edx,dx
    add eax, edx
    mov cs:[xxx], eax

LGDT gdt_descriptor

; Go to PM
CLI
MOV     EAX, CR0
OR      AL, 01h
MOV     CR0, EAX

; Do intersegment jump to set cs and flush instruction queue
    db 66h, 0eah ;jmp fword ptr 20h:start
xxx dd 0
    dw 20h
   
back_in_16_bit::
    mov ax,18h
    mov ds,ax
    mov eax,cr0 ;back to real mode
    and al,0FEh
    mov cr0,eax
    db 0eah
    dw offset in_rm_again
    dw seg _TEXT
in_rm_again:   
    sti
    mov ax,4c00h
    int 21h

MAIN ENDP

_TEXT32 segment use32 dword private 'CODE'

start:
mov ax,10h
    mov ds,ax
    mov bx,0700h
nextloop:   
mov ax,bx
mov cx,80*24
mov edi,0B8000h
    .while (cx)
    mov [edi],ax
        inc edi
        inc edi
        inc al
        dec cx
    .endw
    inc bl
    in al,64h
    and al,1
jz nextloop
    in al,60h
    cmp al,1 ;ESC pressed?
    jnz nextloop
   
    db 0eah
    dw offset back_in_16_bit ;jmp fword ptr 8:back_in_16_bit
    dw 0 ;HIWORD(offset)
    dw 8
   
_TEXT32 ends


END MAIN   






Zulfi.

Quote from: zak100 on December 20, 2009, 03:10:27 PM
Hi,
I have found a protected mode in a Intel Processors book. When I am exexuting it, it causes reset. I have also found a protected mode code in this forum but its using some difficult syntax. I am also searching for a20 line code. Can somebody plz help me to find bug with this protected mode bootsector program?

Yes. It is NO bootsector program, it's a simple DOS program which must be launched when DOS has been booted into real-mode.

Sorry, I posted the wrong one. Actually this is the code which I found on masm forum. My protected mode bootsector program is given below:


.MODEL  SMALL
.386P
.DATA
IDT1 DD 64 dup (?)
DEsC0 DQ 0
DESC1 DW 0FFFFH
     DW 0
     DW 0
     DB 9EH
     DB 8FH
     DB 0
DESC2  DW 0FFFFH
       DW 0
       DB 92H
       DB 8FH
       DB 0
IDT DW 0FFH
IDTA DD 0
GDT  DW 17H
GDTA  DD 0


        .CODE
MAK32 MACRO SEG,OFF
      MOV EAX, 0
      MoV EBX, 0
      MOV AX, SEG
      MOV BX, OFF
      SHL EAX, 4
      ADD EAX, EBX
ENDM

;----------------------------------------------------------------------------------

LoadOfs EQU     0
LoadSeg EQU     1000h

;----------------------------------------------------------------------------------

;---------------------- branch to executable code

        ORG     0

Boot0:  jmp short Boot1
nop
;---------------------- OEM identifier

        ORG     3

        DB      "Zulfi OS"

;---------------------- BIOS parameter block for 1.44 Mb floppy disk

        ORG     0Bh

bpbBytesPerSector    DW 512
bpbSectorsPerCluster DB 2; 1
bpbReservedSectors   DW 1
bpbNumberOfFATs      DB 2
bpbRootEntries       DW 112; 224
bpbTotalSectors      DW 1440; 2880
bpbMedia             DB 0F9H; 0F0h
bpbSectorsPerFAT     DW 3; 9
bpbSectorsPerTrack   DW 9; 18; different (18)
bpbHeadsPerCylinder  DW 2
bpbHiddenSectors     DD 0
bpbTotalSectorsBig   DD 0
bsDriveNumber        DB 0
bsUnused             DB 0
bsExtBootSignature   DB 29h
bsSerialNumber       DD 0a0a1a2a3h
bsVolumeLabel        DB "MOS FLOPPY "
bsFileSystem         DB "FAT12   "

;---------------------- initialize SS:SP
msgP db "Press any key to Go to protected mode",0
;--------------------------------
Boot1:  cli                     ;disable maskable interrupts
        xor     di,di
        mov     ss,di
        mov     sp,7C00h        ;SS:SP = 0000:7C00
        sti                     ;enable maskable interrupts

;---------------------- display 'A' character

        cld
        mov     ax,0B800h
        mov     es,ax
        mov     ax,1F41h
        stosw

;---------------------- wait for a keypress

        mov     ah,0
        int     16h
;---------------------msg for protected mode
        xor di, di
        mov ax, 0B800h
        mov es, ax
        mov     ax,cs
        add     ax,LoadOfs/16
        mov     ds,ax
        mov si, offset msgP
       mov ah, 41h; attribute byte
msgloop:
        lodsb; loads al with a byte of data pted by ds:si
        or al, al
        jz P0
        stosw; transfers the contents of al to mem location ptd by es:di
        jmp msgloop
;----------------------------
P0:    mov     ah,0
        int     16h
;-----------------------------switching to protected mode
        MAK32  DS, OFFSET IDT1
        MOV IDTA, EAX
        MAK32 DS, OFFSET DESC0
        MOV GDTA, EAX

        MOV CX, 32
        MOV DI, OFFSET IDT1
        MOV SI, 0
        MOV AX, 0
        MOV ES, AX
.REPEAT
        MAK32 ES:[SI+2], ES:[SI]
        MOV [DI], AX
        SHR EAX, 16
        MOV [DI+6], AX
        MOV WORD PTR [DI+2], 8
        MOV WORD PTR [DI+4], 8F00H
        ADD DI, 8
        ADD SI, 4
.UNTILCXZ
        LIDT FWORD PTR IDT
        LGDT FWORD PTR GDT

        MOV EAX, CR0
        OR EAX, 1
        MOV CR0 , EAX

        JMP START
START:
       MOV AX, 10H
       MOV  DS, AX
       MOV ES, AX
       MOV SS, AX
       MOV GS, AX
       MOV FS, AX
       MOV ESP, 0FFFFF000H
;---------------------- read the bootloader code

        mov     cx,5            ;retry count

Reset0: push    cx
        mov     ah,0            ;reset floppy disk function
        mov     dl,0            ;drive A:
        int     13h

        mov     ax,LoadSeg      ;read sector into address LoadSeg:LoadOfs
        mov     es,ax
        mov     bx,LoadOfs

        mov     cx,2            ;cylinder 0, sector 2
        xor     dx,dx           ;head 0, drive 0
        mov     ax,201h         ;read 1 sector
        int     13h
        pop     cx
        jnc     Exec0

        loop    Reset0

;---------------------- failed 5 times - halt
;---display 'F' character  to show the failure occured
mov ax, 0B800h
mov es, ax
mov Di,4
mov ax, 9c46h
stosw


Halt0:  hlt
      jmp     Halt0

;---------------------- execute the bootloader code


Exec0:
        db      0EAh            ;JMP FAR instruction
        dw      LoadOfs         ;offset
        dw      LoadSeg         ;segment

;---------------------- boot sector signature

        ORG     1FEh

        dw      0AA55h

;----------------------------------------------------------------------------------

        END     Boot0




Zulfi.

Forget about filling an IDT for the moment, you need to write your own 32-bit interrupt code.
Use CLI before you change CR0.PE then don't use STI after (to keep interrupts disabled).
This means that you can't use int 13 to load your second stage or int 16 to check for keypresses.
Unless you have 4GB of ram, setting esp to 0FFFFF000H will cause a few problems too.

The usual place to change to PM is after you have loaded everything from the floppy, not in your boot sector.