Hi,
I want to write some asm to allow me to run code in real mode (for VESA, etc.) but I don't know how to switch to real mode and back to protected mode.
Can anyone give me an example of how to switch to real mode from protected mode with MASM?
Quoteknow how to switch to real mode and back to protected mode.
any need to switch /
;
; ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
; º This file is generated by The Interactive Disassembler (IDA) º
; º Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> º
; º Licensed to: Freeware version º
; ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
;
; File Name : C:\masm32\SOURCE\NONAME.com
; Format : MS-DOS COM-file
; Base Address: 1000h Range: 10100h-10146h Loaded length: 46h
.686p
.mmx
.model tiny
; ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
; Segment type: Pure code
seg000 segment byte public 'CODE' use16
assume cs:seg000
org 100h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
; ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ S U B R O U T I N E ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
public start
start proc near
mov ax, 12h
int 10h ; - VIDEO - SET VIDEO MODE
; AL = mode
mov dx, 3C8h
mov al, 0
out dx, al
mov dx, 3C9h
mov al, 0
out dx, al
mov al, 0
out dx, al
mov al, 3Fh
out dx, al
xor ax, ax
int 33h ; - MS MOUSE - RESET DRIVER AND READ STATUS
; Return: AX = status
; BX = number of buttons
mov ax, 1
int 33h ; - MS MOUSE - SHOW MOUSE CURSOR
; SeeAlso: AX=0002h, INT 16/AX=FFFEh
loc_10120: ; CODE XREF: start+31�j start+43�j
mov ah, 1
int 16h ; KEYBOARD - CHECK BUFFER, DO NOT CLEAR
; Return: ZF clear if character in buffer
; AH = scan code, AL = character
; ZF set if no character in buffer
jnz short locret_10145
mov ax, 3
int 33h ; - MS MOUSE - RETURN POSITION AND BUTTON STATUS
; Return: BX = button status, CX = column, DX = row
and bx, 1
cmp bx, 0
jz short loc_10120
mov ax, 2
int 33h ; - MS MOUSE - HIDE MOUSE CURSOR
; SeeAlso: AX=0001h, INT 16/AX=FFFFh
mov ah, 0Ch
mov al, 0Fh
int 10h ; - VIDEO - WRITE DOT ON SCREEN
; AL = color of dot, BH = display page
; CX = column, DX = row
mov ax, 1
int 33h ; - MS MOUSE - SHOW MOUSE CURSOR
; SeeAlso: AX=0002h, INT 16/AX=FFFEh
jmp short loc_10120
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
locret_10145: ; CODE XREF: start+24�j
retn
start endp
seg000 ends
end start
QuoteCSEG segment
assume cs:CSEG
org 100h
Begin:
mov ax,12h
INT 10h
mov dx,3c8h
mov al,0
out dx,al
mov dx,3c9h
mov al,0
out dx,al
mov al,0
out dx,al
mov al,63
out dx,al
xor ax,ax
int 33h
mov ax,1h
int 33h
above:
mov ah, 1h
int 16h
jne exit
mov ax,3h
int 33h
and bx, 01h
cmp bx, 00h
je above
mov ax,2h
int 33h
mov ah, 0ch
mov al, 15
int 10h
mov ax,1h
int 33h
jmp above
exit:
ret
CSEG ends
end Begin
IDA (http://smiles.kolobok.us/light_skin/download.gif) *sorry, in Russian the same word mean: pump and download, so such smile use in sence download, he is pump a file from Internet
I use this free from TASM
BOMZ, do NOT post binaries that you do not own, Sourcer is commercial software protected by COPYRIGHT.
Switching from real to protected mode and back is as simple as toggling bit 0 of cr0.
If you want to use VESA in Windows there is no need to switch modes, Windows will emulate real mode for you (except for 64-bit Windows), up to XP I think (for full screen).
IDA cool (http://smiles.kolobok.us/light_skin/tender.gif)
:naughty: :tdownNOBODY UNDERSTAND!!! I AM WRITING A DRIVER IN MASM TO SWITCH TO REAL MODE FROM PROTECTED MODE BECAUSE I WANT TO USE BIOS INTERRUPTS(VESA) AND IT IS NOT SIMPLE AS TOGGLING THE PE BITS IN THE CR0 REGISTER!!! I NEED TURN OFF PAGING, CREATE A NEW GDT WITH A 16 BIT DATA AND CODE SEGMENT, LOAD IVT, FAR JUMP TO REAL MODE, RELOAD DS, ES, FS, GS, SS WITH APPROPRIATE REAL MODE VALUES, THAT I DON'T KNOW WHAT VALUES, AND SET THE PE BIT IN THE CR0, TO USE BIOS INTERRUPTS AND I NEED I SOURCE CODE TO DO IT, IN MASM!!!
READ THE FUCKING MANUAL
http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
Here's a bit of reading for you
http://www.sudleyplace.com/pmtorm.html
donkey, I read the link but at this link I don't know what I put at DataSelector, DataSegment, RMDATA and StackPointer. I want to know what means these fields.
(http://smiles.kolobok.us/light_skin/girl_sigh.gif)
Just begin from the very begining. What you want?? slowly and very detailed, so that aborigine from the jungle, who never see computer understand you
When you switch on your computer and bios loaded - it's works in real mode. When Windows load ntldr it switch processor to protected mode (real mode may be emulated ) you can't back processor to real mode under Windows. If you load DOS - processor steal in Real mode. So if you make driver for DOS or under BIOS no need to switch. as for Windows any need for switch and it's impossible
Something like that
May be you mean virtualization - I don't know is it possible real/protected
Quote from: OneX on December 16, 2011, 11:27:17 AM
donkey, I read the link but at this link I don't know what I put at DataSelector, DataSegment, RMDATA and StackPointer. I want to know what means these fields.
Hi OneX,
I haven't really tried it but I would assume that the loader would set the location of those for you.
http://msdn.microsoft.com/en-US/library/6hzta43h%28v=VS.80%29.aspx
For the selectors I would think they would be allocated in the GDT/LDT.
sinsi,
+1
If you are already in protected mode then some OS has changed it, more than likely it will not allow any sort of mode switch unless there's an API (like DPMI).
There are also certain privileged instructions, these can only be executed in ring 0, whereas most programs run in ring 3, least privileged.
That's one reason it's called protected mode - the controlling program is protected against things like that.
A Windows program can't do it, a DOS program can, depending on himem/emm386/dpmi. It's not easy either for your own OS.
You show me your code, I'll show you mine...
Find theoretic tutorial how back to real mode. it have sense only if you making your own OS
Under DOS back to real mode use HIMEM.SYS and Dos4GW, Windows 3.
http://sasm.narod.ru/docs/pm/pm_in/chap_10.htm code from here. as author says it's really working example. I am just descriptor understanding - the begining
Removed by admin.
1 warning, any further nonsense of this type and we will assist you in finding another forum that will tolerate bad manners.
(http://smiles.kolobok.us/light_skin/mosking.gif)
General descriptor table and Local(?) descriptor table - just read about it. Studied to ask questions.
You can't back from windows to real mode. You may only use Real Virtual Mode. (virtual-8086 mode) or V-Mode
of course you do - but you can't find microsoft documentation how save windows, and you must do this from system kernel not from driver. patch ntoskrnl.exe
http://technet.microsoft.com/ru-ru/sysinternals/bb469930
http://hex.pp.ua/nt-native-applications-shell-eng.php
Fun club NT kernel applications
http://website.masm32.com/kmdtute/index.html
This just working example for MASM32 without any comments now. To protected without back to Real. But it work.
(http://s1.ipicture.ru/uploads/20111220/WUqtdL7b.gif)
Prepare GDT - General Desriptor Table with ZERO Descriptor, Descriptor for Code, Data, Stack and Video buffer. Set GDTR register to this GDT. Set processor to protected mode and print String. Than infinite loop
Sad I can't translate all site, but author very good and main - very simple explain all about Protected mode, and you move to make your own half-OS
(http://s2.ipicture.ru/uploads/20111220/Y6LM2nFy.gif)
Add some comments in English. and find some English URL's. can't say that this is the best.
Now I want re-read all from the begining, optimizing code and go to Protected IRQ's. (Than memory, multiple tasks...)
http://www.coralcdn.org/05au-cs240c/lab/i386/s05_01.htm
http://www.rcollins.org/ddj/Aug98/Aug98.html
http://www.cs.cmu.edu/~410/doc/segments/segments.html
http://linuxgazette.net/issue82/raghu.html - Writing your own Toy OS By Raghu and Chitkala
http://en.wikibooks.org/wiki/X86_Assembly/Global_Descriptor_Table
Hi bomz,
Not working here on XP SP2. Which assembler, which linker are you using? Which commandline options?
MASM32 10, ML.EXE 8.0, batch file for compiling and DOS floppy image in first ZIP file. If you want try it on real machine may boot it with GRUB4DOS
Quote@ECHO OFF
COLOR 9F
C:\masm32\bin\ml.exe /AT /omf NONAME.asm
C:\masm32\bin\LINK16.EXE /TINY NONAME.obj,NONAME.com,nul,,,
del NONAME.obj
pause
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4580
http://support.microsoft.com/kb/958162/en
Grub4Dos
http://code.google.com/p/grub4dos-chenall/downloads/list
menu.lst
Quotemap --mem /DOS.IMA (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)
Not working on XP Sp3 Home Edition.
Does it only work in a virtual box ?
Wait. I try it now on real machine. reboot need. 5-10 min
All OK. Put to system disk with XP files from this archive: grldr, DOS.IMA, menu.lst. Add to BOOT.INI string
QuoteC:\grldr="Grub4Dos"
Reboot your computer and PRESS F5 (or F8) - In Windows menu choose
Grub4Dostype in DOS command prompt
PMODEhttp://zalil.ru/32327924
http://reboot.pro/ forum about Grub4Dos. This is universal Boot Manager which including allow boot ISO (CD), IMG (HD) and IMA (floppy) images so that BIOS see them like real devices
Allow BOOT devices, MBR, PBR, files from devices like NTLDR IO.SYS, PXE, universal linux bootloader....... changes devices by places( hd0-hd1 hd1-hd0), hide devices and partition...
Quote.386
.model flat, stdcall
option casemap :none
include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
.data
mestitle db "Bomz",0
form db "Adress GDTR: %u", 13, 10, "Limit GDTR: %u", 13, 10, 13, 10
db "Adress IDTR: %u", 13, 10, "Limit IDTR: %u", 13, 10, 13, 10
db "Adress LDT: %u",0
.data?
buffer db 512 dup(?)
value fword ?
value1 fword ?
value2 word ?,?
.code
start:
SGDT value
SIDT value1
SLDT value2
mov eax, dword ptr[value+2]
movzx ebx, word ptr[value]
mov ecx, dword ptr[value1+2]
movzx edx, word ptr[value1]
mov esi, dword ptr[value2]
invoke wsprintf,ADDR buffer,ADDR form,eax, ebx,ecx,edx,esi
invoke MessageBox,0,ADDR buffer,ADDR mestitle,MB_ICONASTERISK
invoke ExitProcess,0
end start
(http://s1.ipicture.ru/uploads/20111221/y20pUNzO.png)
When you create a virtual floppy using Vmware, it create a file fully filled with zeros, with the same size of one floppy.
The code below is one that I have found inside this board, is a simply boot. Just give the resulting file as a floppy image to vmware and boot it.
I remember that Sr agner have write some code that switch betwen real and protected mode (pcmdos).
I make floppy image with WinImage (or UltaISO). And MS DOS 8.0 boot disk with Windows XP using floppy virtual drive
http://sourceforge.net/projects/vfd/
Back to REAL mode from Windows UNREAL - it's need not only patch NTLDR, to make BACKPOINT, it's need not only find path how call this back from kernel - but it need FULLY reprogramming IRQ controller. Any driver which do this would be very very slowly. and I think this is the reason why windows 95 and higher don't back to real mode, and Windows 2000 nit use DOS at all
How under DOS get RAM Memory full size (include busy for different devices)(http://smiles.kolobok.us/light_skin/dash1.gif)
there is a word in the BIOS data area that tells you how many paragraphs are available
there may also be an INT for this - i forget :P
consult Ralf Brown's Interrupt List
(http://s50.radikal.ru/i130/0908/bb/dd7c8a96f9a4.gif)
This is not 16 bit programming
Quote0
654336
1048576
2145583104
Can't understand - what happen with EBP under Protected Mode.
Under DOS bp~0 sp~0FFFEh. In P-Mode esp set 0, but EBP not change. Why?
Quote from: dedndave on December 21, 2011, 03:05:12 PM
there is a word in the BIOS data area that tells you how many paragraphs are available
there may also be an INT for this - i forget :P
consult Ralf Brown's Interrupt List
Hi,
BIOS INT 12H returns the memory as the number of 1k blocks
in AX. (8088 accessible.)
Regards,
Steve N.
I as always find good tutorial Russian language Determine Memory (http://ru.osdev.wikia.com/wiki/%D0%9E%D0%BF%D1%80%D0%B5%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_%D0%BE%D0%B1%D1%8A%D1%91%D0%BC%D0%B0_%D0%BF%D0%B0%D0%BC%D1%8F%D1%82%D0%B8)
E820h INT 15h - most modern and universal
88h INT 15h - all memory over 1 mb to 16 mb
C7h INT 15h - under 16 mb (last IBM PS/2) back Memory Map
E801h INT 15h
int12h back memory under 640 kb only.
Now I develop code and want make Memory manager, when DOS expander, and last half-OS. So I need to determine all free memory over 1 mb, and map it, considering area which a busy.
ah yes - i remember now :P
we had a guy in here some time ago playing with that
this thread has 9 pages of info
http://www.masm32.com/board/index.php?topic=13415.0
as i recall, Michael had some nice code in there
(http://smiles.kolobok.us/light_skin/thank_you2.gif)
Now I think how allocate memory. Memory under 1 mb may be devided to some part, and prog must distribute it for progs 10 mb 16 mb ....
Quote from: bomz on December 22, 2011, 12:02:39 PM
Can't understand - what happen with EBP under Protected Mode.
Under DOS bp~0 sp~0FFFEh. In P-Mode esp set 0, but EBP not change. Why?
I always think that EBP (BP) is bottom of stack. But EBP is pointer to LOCAL variables, and it's changes each time when PROC call and LOCAL variables exist from the top of stack. any need to set it in P-MODE, it's works itself
Quotedescriptor_XMS_Memory DESCRIPTOR < 0ffffh, 0, 10h, 10010010b, 10001111b, 0>
Granularity 1 (4096 bytes); Limit 4G/4096b-1byte(0fffffh); address segment 1 mb (100000h); Data Type P=1, DPL=00b, S=1, Type=001b, A=0
Is it possible in Protected mode only remap Bios Interrupts Handlers to IDT?
For clock Mouse and keyboard only...
Quote from: bomz on December 23, 2011, 04:58:56 PM
Is it possible in Protected mode only remap Bios Interrupts Handlers to IDT?
Possibly with a protected-mode BIOS, like the IBM PS/2 ABIOS used by OS/2. A normal real-mode BIOS is 16-bit code, that does things that are not allowed in protected mode, such as loading the segment address of the BIOS data area into DS/ES.
UNREAL MODE, FLAT REAL MODE.... change dos versions, change processors in virtual machine. try on real machine. open-close A20. don't work (http://smiles.kolobok.us/light_skin/vava.gif)
http://www.df.lth.se/~john_e/gems/gem0022.html
http://www.assembly.happycodings.com/code54.html
http://devotes.narod.ru/Books/3/ch10_04e.htm
http://wasm.ru/article.php?article=lfbdos
I do it