如何修复 "qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0000"

How to fix "qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0000"

我正在开发自己的引导加载程序 + 内核。我创建了一个项目并将其放在 github: https://github.com/rprata/ubootlua (branch tmp-libc-implemenation)

我尝试使用 QEMU 运行 我的 boot.bin:

qemu-system-i386 -fda boot.bin -nographic -serial stdio -monitor none


> qemu-system-i386 -fda ./deploy/boot.bin -nographic -serial stdio -monitor none
> WARNING: Image format was not specified for './deploy/boot.bin' and probing guessed raw.
>         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
>         Specify the 'raw' format explicitly to remove the restrictions.
> qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0000
> EAX=00000055 EBX=00018eb4 ECX=00018eb3 EDX=00000000
ESI=00000001 EDI=00000000 EBP=00016058 ESP=00015f94
EIP=0009ffae EFL=00000896 [-OS-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT=     00007c36 00000018
IDT=     00000000 000003ff
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
CCS=00000055 CCD=000000d1 CCO=ADDB    
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
> makefile:26: recipe for target 'run' failed
> make: *** [run] Aborted (core dumped)

我的 boot.asm 和 linker.ld:

section .boot
bits 16                     ; We're working at 16-bit mode here
global boot

    mov ax, 0x2401          
    int 0x15                ; Enable A20 bit 

    mov ax, 0x3             ; Set VGA text mode 3
    int 0x10                ; Otherwise, call interrupt for printing the char   

    mov [disk],dl

    mov ah, 0x2             ;read sectors
    mov al, 60              ;sectors to read
    mov ch, 0               ;cylinder idx
    mov dh, 0               ;head idx
    mov cl, 2               ;sector idx
    mov dl, [disk]          ;disk idx
    mov bx, copy_target     ;target pointer
    int 0x13

    cli                     ; Disable the interrupts
    lgdt [gdt_pointer]      ; Load the gdt table
    mov eax, cr0            ; Init swap cr0...
    or eax,0x1              ; Set the protected mode bit on special CPU reg cr0
    mov cr0, eax
    jmp CODE_SEG:boot32     ; Long jump to the code segment

; base a 32 bit value describing where the segment begins
; limit a 20 bit value describing where the segment ends, can be multiplied by 4096 if granularity = 1
; present must be 1 for the entry to be valid
; ring level an int between 0-3 indicating the kernel Ring Level
; direction:
;  > 0 = segment grows up from base, 1 = segment grows down for a data segment
;  > 0 = can only execute from ring level, 1 = prevent jumping to higher ring levels
; read/write if you can read/write to this segment
; accessed if the CPU has accessed this segment
; granularity 0 = limit is in 1 byte blocks, 1 = limit is multiples of 4KB blocks
; size 0 = 16 bit mode, 1 = 32 bit protected mode
    dq 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10011010b
    db 11001111b
    db 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10010010b
    db 11001111b
    db 0x0
    dw gdt_end - gdt_start
    dd gdt_start
    db 0x0

CODE_SEG equ gdt_code - gdt_start
DATA_SEG equ gdt_data - gdt_start

;; Magic numbers
times 510 - ($ - $$) db 0

dw 0xaa55
bits 32
    msg:    db "Hello, World more than 512 bytes!", 0

    mov ax, DATA_SEG
    mov ds, ax
    mov es, ax
    mov fs, ax
    mov gs, ax
    mov ss, ax  
    ;mov esi, msg            ; SI now points to our message
    ;mov ebx, 0xb8000       ; vga memory position (0) 

.loop   lodsb               ; Loads SI into AL and increments SI [next char]
    or al, al               ; Checks if the end of the string
    jz halt                 ; Jump to halt if the end
    or eax,0x0200           ; The top byte defines the character colour in the buffer as an int value from 0-15 with 0 = black, 1 = blue and 15 = white. 
                            ; The bottom byte defines an ASCII code point
    mov word [ebx], ax      
    add ebx, 2              
    jmp .loop               ; Next iteration of the loop

    mov esp, kernel_stack_top
    extern __start
    call __start
    hlt                     ; CPU command to halt the execution

section .bss
align 4
kernel_stack_bottom: equ $
    resb 16384 ; 16 KB

        . = 0x7c00;
        .text :

        .rodata :

        .data :

        .bss :

我的 makefile 的相关部分是:

SRC_C:=./src/init/boot.c ./src/init/init.c ./src/init/version.c
CFLAGS:=-Wall -Werror -m32 -fno-pie -ffreestanding -mno-red-zone -fno-exceptions -nostdlib -I./src/include

export ARCH:=i386
export ZLIB_SUPPORT:=false

ifeq ($(ZLIB_SUPPORT),true)

    mkdir -p $(DEPLOY)
    mkdir -p $(BUILD)
    $(NASM) $(SRC_NASM) -f elf32 -o $(OBJ_NASM)
    $(CC) $(SRC_C) $(OBJ_NASM) -o $(BIN) $(CFLAGS) -T $(LINKER) $(LDFLAGS)

    qemu-system-i386 -fda $(BIN) -nographic -serial stdio -monitor none


此错误 ("Trying to execute code outside RAM or ROM at 0x000a0000") 通常表示控制流问题 - 例如CPU 跳转或调用或返回到一个狡猾的地址,然后开始在未初始化的 RAM 中执行零(被 CPU 解释为 add 指令)直到 CPU 到达旧版 VGA 区域(位于 0x000A0000)。


我之所以没有真正去看,是因为这并不重要。最终你的引导加载程序必须做一些事情,比如从 BIOS 获取内存映射(例如 "int 0x15, eax=0xE820"),将想要 auto-detect 内核的大小(而不是假设内核总是恰好是 30 KiB) ,要么想要处理大于 1 MiB 的内核(例如 Linux 通常大于 5 MiB),要么也想要加载某种 "initial RAM disk"(对于 micro-kernels,这是您可以假设内核小于您可以在实模式下访问的 ~640 KiB RAM 的唯一可能情况),可能需要解压缩内核 and/or "initial RAM disk",将要检查是否内核是健全的(例如可能通过检查 headers 和 CRC),并且可能希望能够设置一个漂亮的图形视频模式(例如 1920*1600 有数百万种颜色)。它还将需要 "BIOS Parameter Block"(对于未分区的设备 - 例如软盘)或必须处理分区方案(并且不假设分区从磁盘的开头开始)。

所有这些(以及更多,比如检查 A20 是否实际启用)将太大而无法容纳 512 个字节(所有这些都意味着在前 512 个字节中切换到保护模式总是一个错误)。

这意味着您需要重新设计然后重写您的代码,并且无论您 find/fix 当前是否 bug/s,现有代码都将被丢弃,因此没有理由花费时间 finding/fixing 当前 bug/s.

主要问题是您没有将整个内核读入内存。您的代码最终会执行未初始化的内存(很可能充满零),到达扩展 BIOS 数据区(就在 0xa0000 处的视频内存下方),然后最终开始在 0xa0000 处执行视频内存。 QEMU 不允许执行视频内存,因此您得到错误的来源。

解决这个问题并不像乍看起来那么容易。你在我系统上的代码大约是 47300 字节。 MBR 1 个扇区,内核 92 个扇区。第一个问题是并非所有硬件(和仿真器)都可以一次读取 92 个扇区。 QEMU 和 BOCHs 最大输出为 72 软盘驱动器和 128 硬盘驱动器。对于某些硬件,此数字可能更小(低至每个磁道的扇区数)。


  • 超出 64KiB 段限制。
  • 跨越不止一首曲目。并非所有 BIOS 都支持多轨读写。 QEMU 和 BOCHS 确实支持它们。
  • 如果 BIOS 使用直接内存访问 (DMA) 传输进行磁盘访问,您可能无法写入许多跨越 64KiB 边界(在物理内存中)的扇区。这意味着如果写入在物理地址 0x10000 之前开始并在之后结束,则不能保证写入成功。与 0x20000、0x30000、0x40000 ... 0x90000 相同。 QEMU 和 BOCHS 不允许跨越这种边界的磁盘传输。

使用 BOCHS 和 QEMU 加载高达 64KiB 的内核的一个简单技巧是将 64 个扇区 (32KiB) 读取到物理地址 0x0000:0x8000,然后将 64 个扇区复制到 0x1000:0x0000 .您可以通过读取额外的 32KiB 块来读取更大的内核。 0x0000:0x7e00 和 0x0000:0x8000 之间的 512 个字节将不会被使用。唯一真正的问题是确定用于 Int 21h/AH=02 磁盘读取的气缸盖扇区 (CHS) 值1


  • 当将磁盘扇区读入内存时,您应该将堆栈 (SS:SP) 设置到您不会无意中覆盖的位置。如果您在引导加载程序之后加载内核,一个好的位置是引导加载程序下方的 SS:SP 0x0000:0x7c000。为避免在设置 SS:SP 时发生中断,请在紧跟加载 SS[=121= 的指令之后的指令中设置 SP =].
  • 切勿依赖包含您期望值的任何通用寄存器或段寄存器的值。 DL 是一个例外,因为在现代硬件上几乎所有情况下它都会包含引导驱动器编号。有关详细信息,请参阅我的
  • QEMU 和其他模拟器可能无法读取文件中不存在的扇区。如果您读取的扇区多于磁盘映像中的扇区,则读取扇区可能会失败。为了解决这个问题,创建一个磁盘映像(一个 1.44MiB 的软盘映像很方便)并将内核和引导加载程序的内容复制到文件的开头而不截断磁盘映像。 DD 可用于此目的。
  • 为了帮助调试而不是将链接器脚本输出为 binary,将其默认为在 ELF 中输出。使用 OBJCOPY 将 ELF 文件复制到二进制文件。 ELF 文件可用于存储调试信息。这在使用 QEMU 和 GDB 作为远程调试器时很有用。
  • 您不能依赖包含零的内存。 GCC 要求 .bss 部分被清零填充。使用链接器脚本确定 .bss 部分的范围,并在调用 C 入口点之前将内存清零。
  • 在调用 C 入口点之前,GCC 要求清除方向标志 (DF),以便字符串指令默认为向前移动。
  • 在您的 makefile 中,您使用 GCC 进行链接。如果不使用交叉编译器,GCC 可能会生成一个名为 .note.gnu.build-id 的特殊部分,它会干扰您的链接描述文件。要解决此问题,您可以使用 LDFLAGS:=-Wl,--build-id=none 告诉 GCC 抑制此特殊部分。如果您直接与 LD 链接,则不会创建此部分。



    . = 0x7c00;
    .boot :
    /* Place kernel right after boot sector on disk but set the
     * VMA (ORiGin point) to 0x8000 */
    . = 0x8000;
    __kernel_start = .;
    __kernel_start_seg = __kernel_start >> 4;
    .text : AT(0x7e00)
    .rodata :
    .data :
    /* Compute number of sectors that the kernel uses */
    __kernel_end = .;
    __kernel_size_sectors = (__kernel_end - __kernel_start + 511) / 512;

    .bss :
        __bss_start = .;
        . = ALIGN(4);
        __bss_end = .;
        /* Compute number of DWORDS that BSS section uses */
        __bss_sizel = (__bss_end - __bss_start) / 4;


section .boot
bits 16                     ; We're working at 16-bit mode here
global boot

    xor ax, ax
    mov ds, ax
    mov ss, ax
    mov sp, 0x7c00          ; Set SS:SP just below bootloader

    cld                     ; DF=0 : string instruction forward movement
    mov ax, 0x2401
    int 0x15                ; Enable A20 bit

    mov ax, 0x3             ; Set VGA text mode 3
    int 0x10                ; Otherwise, call interrupt for printing the char

    mov [disk],dl

    ; Read 64 sectors from LBA 1, CHS=0,0,2 to address 0x0800:0
    mov ax, 0x0800
    mov es, ax              ;ES = 0x800

    mov ah, 0x2             ;read sectors
    mov al, 64              ;sectors to read
    mov ch, 0               ;cylinder idx
    mov dh, 0               ;head idx
    mov cl, 2               ;sector idx
    mov dl, [disk]          ;disk idx
    mov bx, 0               ;target pointer, ES:BX=0x0800:0x0000
    int 0x13

    ; Read 64 sectors from LBA 65, CHS=1,1,12 to address 0x1000:0
    mov ax, 0x1000
    mov es, ax              ;ES=0x1000

    mov ah, 0x2             ;read sectors
    mov al, 64              ;sectors to read
    mov ch, 1               ;cylinder idx
    mov dh, 1               ;head idx
    mov cl, 12              ;sector idx
    mov dl, [disk]          ;disk idx
    mov bx, 0x0000          ;target pointer, ES:BX=0x1000:0x0000
    int 0x13

    cli                     ; Disable the interrupts
    lgdt [gdt_pointer]      ; Load the gdt table
    mov eax, cr0            ; Init swap cr0...
    or eax,0x1              ; Set the protected mode bit on special CPU reg cr0
    mov cr0, eax
    jmp CODE_SEG:boot32     ; Long jump to the code segment

; base a 32 bit value describing where the segment begins
; limit a 20 bit value describing where the segment ends, can be multiplied by 4096
; if granularity = 1
; present must be 1 for the entry to be valid
; ring level an int between 0-3 indicating the kernel Ring Level
; direction:
;  > 0 = segment grows up from base, 1 = segment grows down for a data segment
;  > 0 = can only execute from ring level, 1 = prevent jumping to higher ring levels
; read/write if you can read/write to this segment
; accessed if the CPU has accessed this segment
; granularity 0 = limit is in 1 byte blocks, 1 = limit is multiples of 4KB blocks
; size 0 = 16 bit mode, 1 = 32 bit protected mode
    dq 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10011010b
    db 11001111b
    db 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10010010b
    db 11001111b
    db 0x0
    dw gdt_end - gdt_start
    dd gdt_start
    db 0x0

CODE_SEG equ gdt_code - gdt_start
DATA_SEG equ gdt_data - gdt_start

;; Magic numbers
times 510 - ($ - $$) db 0
dw 0xaa55

section .data
msg: db "Hello, World more than 512 bytes!", 0

bits 32
section .text.start
    mov ax, DATA_SEG
    mov ds, ax
    mov es, ax
    mov fs, ax
    mov gs, ax
    mov ss, ax
    mov esi, msg        ; SI now points to our message
    mov ebx, 0xb8000    ; vga memory position (0)

    lodsb               ; Loads SI into AL and increments SI [next char]
    or al, al           ; Checks if the end of the string
    jz halt             ; Jump to halt if the end
    or eax,0x0200       ; The top byte defines the character colour in the buffer as
                        ; an int value from 0-15 with 0 = black, 1 = blue and 15 = white.
                        ; The bottom byte defines an ASCII code point
    mov word [ebx], ax
    add ebx, 2
    jmp .loop           ; Next iteration of the loop

    mov esp, kernel_stack_top
    extern __start
    extern __bss_start
    extern __bss_sizel

    ; Zero the BSS section
    mov ecx, __bss_sizel
    mov edi, __bss_start
    xor eax, eax
    rep stosd

    ; Call C entry point
    call __start
    hlt                 ; CPU command to halt the execution

section .bss
align 4
    resb 16384          ; 16 KB stack

通过添加以下 make 变量修改 makefile


修改 makefileLDFLAGS 更改为:


通过将 all 规则更改为:

来修改 makefile
        mkdir -p $(DEPLOY)
        mkdir -p $(BUILD)
        $(NASM) $(SRC_NASM) -f elf32 -o $(OBJ_NASM)
        $(CC) $(SRC_C) $(OBJ_NASM) -o $(ELF) $(CFLAGS) -T $(LINKER) $(LDFLAGS)
        $(OC) -O binary $(ELF) $(BIN)
        $(DD) if=/dev/zero of=$(BIN).tmp count=1440 bs=1024
        $(DD) if=$(BIN) of=$(BIN).tmp conv=notrunc
        mv $(BIN).tmp $(BIN)


鉴于使用 Int 13/AH=2 读取失败的方式有很多种,一次读取一个扇区并始终读取到可被 512 整除的内存位置。




    . = 0x7c00;
    .boot :
    __kernel_start = .;
    __kernel_start_seg = __kernel_start >> 4;
    .text :
    .rodata :
    .data :
    /* Compute number of sectors that the kernel uses */
    __kernel_end = .;
    __kernel_size_sectors = (__kernel_end - __kernel_start + 511) / 512;

    .bss :
        __bss_start = .;
        . = ALIGN(4);
        __bss_end = .;
        /* Compute number of DWORDS that BSS section uses */
        __bss_sizel = (__bss_end - __bss_start) / 4;

主要区别在于此链接描述文件从 0x07e00 而不是 0x08000 开始将内核加载到物理内存中。更精炼的 boot.asm 可以使用链接器生成的值循环遍历所需的扇区,一次读取一个扇区,直到完成:

extern __kernel_size_sectors    ; Size of kernel in 512 byte sectors
extern __kernel_start_seg       ; Segment start of kernel will be laoded at

global boot

STAGE2_LBA_START equ 1          ; Logical Block Address(LBA) Stage2 starts on
                                ;     LBA 1 = sector after boot sector
                                ; Logical Block Address(LBA) Stage2 ends at
STAGE2_LBA_END   equ STAGE2_LBA_START + __kernel_size_sectors
DISK_RETRIES     equ 3          ; Number of times to retry on disk error

bits 16
section .boot

; Include a BPB (1.44MB floppy with FAT12) to be more compatible with USB floppy media
;%include "src/init/bpb.inc"

    xor ax, ax                  ; DS=SS=ES=0 for stage2 loading
    mov ds, ax
    mov ss, ax                  ; Stack at 0x0000:0x7c00
    mov sp, 0x7c00
    cld                         ; Set string instructions to use forward movement

    ; Read Stage2 1 sector at a time until stage2 is completely loaded
    mov [bootDevice], dl        ; Save boot drive
    mov di, __kernel_start_seg  ; DI = Current segment to read into
    mov si, STAGE2_LBA_START    ; SI = LBA that stage2 starts at
    jmp .chk_for_last_lba       ; Check to see if we are last sector in stage2

    mov bp, DISK_RETRIES        ; Set disk retry count

    call lba_to_chs             ; Convert current LBA to CHS
    mov es, di                  ; Set ES to current segment number to read into
    xor bx, bx                  ; Offset zero in segment

    mov ax, 0x0201              ; Call function 0x02 of int 13h (read sectors)
                                ;     AL = 1 = Sectors to read
    int 0x13                    ; BIOS Disk interrupt call
    jc .disk_error              ; If CF set then disk error

    add di, 512>>4              ; Advance to next 512 byte segment (0x20*16=512)
    inc si                      ; Next LBA

    cmp si, STAGE2_LBA_END      ; Have we reached the last stage2 sector?
    jl .read_sector_loop        ;     If we haven't then read next sector

    jmp stage2                  ; Jump to second stage

    xor ah, ah                  ; Int13h/AH=0 is drive reset
    int 0x13
    dec bp                      ; Decrease retry count
    jge .retry                  ; If retry count not exceeded then try again

    ; Unrecoverable error; print drive error; enter infinite loop
    mov si, diskErrorMsg        ; Display disk error message
    call print_string
    jmp .error_loop

; Function: print_string
;           Display a string to the console on display page 0
; Inputs:   SI = Offset of address to print
; Clobbers: AX, BX, SI

    mov ah, 0x0e                ; BIOS tty Print
    xor bx, bx                  ; Set display page to 0 (BL)
    jmp .getch
    int 0x10                    ; print character
    lodsb                       ; Get character from string
    test al,al                  ; Have we reached end of string?
    jnz .repeat                 ;     if not process next character

;    Function: lba_to_chs
; Description: Translate Logical block address to CHS (Cylinder, Head, Sector).
;              Works for all valid FAT12 compatible disk geometries.
;   Resources: http://www.ctyme.com/intr/rb-0607.htm
;              https://en.wikipedia.org/wiki/Logical_block_addressing#CHS_conversion
;              Sector    = (LBA mod SPT) + 1
;              Head      = (LBA / SPT) mod HEADS
;              Cylinder  = (LBA / SPT) / HEADS
;      Inputs: SI = LBA
;     Outputs: DL = Boot Drive Number
;              DH = Head
;              CH = Cylinder (lower 8 bits of 10-bit cylinder)
;              CL = Sector/Cylinder
;                   Upper 2 bits of 10-bit Cylinders in upper 2 bits of CL
;                   Sector in lower 6 bits of CL
;       Notes: Output registers match expectation of Int 13h/AH=2 inputs
    push ax                     ; Preserve AX
    mov ax, si                  ; Copy LBA to AX
    xor dx, dx                  ; Upper 16-bit of 32-bit value set to 0 for DIV
    div word [sectorsPerTrack]  ; 32-bit by 16-bit DIV : LBA / SPT
    mov cl, dl                  ; CL = S = LBA mod SPT
    inc cl                      ; CL = S = (LBA mod SPT) + 1
    xor dx, dx                  ; Upper 16-bit of 32-bit value set to 0 for DIV
    div word [numHeads]         ; 32-bit by 16-bit DIV : (LBA / SPT) / HEADS
    mov dh, dl                  ; DH = H = (LBA / SPT) mod HEADS
    mov dl, [bootDevice]        ; boot device, not necessary to set but convenient
    mov ch, al                  ; CH = C(lower 8 bits) = (LBA / SPT) / HEADS
    shl ah, 6                   ; Store upper 2 bits of 10-bit Cylinder into
    or  cl, ah                  ;     upper 2 bits of Sector (CL)
    pop ax                      ; Restore scratch registers

; Uncomment these lines if not using a BPB (via bpb.inc)
%ifndef WITH_BPB
numHeads:        dw 2           ; 1.44MB Floppy has 2 heads & 18 sector per track
sectorsPerTrack: dw 18

bootDevice:      db 0x00
diskErrorMsg:    db "Unrecoverable disk error!", 0

; Pad boot sector to 510 bytes and add 2 byte boot signature for 512 total bytes
TIMES 510-($-$$) db  0
dw 0xaa55

section .data
msg: db "Hello, World more than 512 bytes!", 0

; base a 32 bit value describing where the segment begins
; limit a 20 bit value describing where the segment ends, can be multiplied by 4096
; if granularity = 1
; present must be 1 for the entry to be valid
; ring level an int between 0-3 indicating the kernel Ring Level
; direction:
;  > 0 = segment grows up from base, 1 = segment grows down for a data segment
;  > 0 = can only execute from ring level, 1 = prevent jumping to higher ring levels
; read/write if you can read/write to this segment
; accessed if the CPU has accessed this segment
; granularity 0 = limit is in 1 byte blocks, 1 = limit is multiples of 4KB blocks
; size 0 = 16 bit mode, 1 = 32 bit protected mode
    dq 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10011010b
    db 11001111b
    db 0x0
    dw 0xFFFF
    dw 0x0
    db 0x0
    db 10010010b
    db 11001111b
    db 0x0
    dw gdt_end - gdt_start
    dd gdt_start
    db 0x0

CODE_SEG equ gdt_code - gdt_start
DATA_SEG equ gdt_data - gdt_start

bits 16
section .text.start
    cli                         ; Disable the interrupts
    mov ax, 0x2401
    int 0x15                    ; Enable A20 bit

    lgdt [gdt_pointer]          ; Load the gdt table
    mov eax, cr0                ; Init swap cr0...
    or eax,0x1                  ; Set the protected mode bit on special CPU reg cr0
    mov cr0, eax
    jmp CODE_SEG:startpm        ; FAR JMP to the code segment

bits  32
    mov ax, DATA_SEG
    mov ds, ax
    mov es, ax
    mov fs, ax
    mov gs, ax
    mov ss, ax
    mov esi, msg                ; SI now points to our message
    mov ebx, 0xb8000            ; vga memory position (0)

    lodsb                       ; Loads SI into AL and increments SI [next char]
    or al, al                   ; Checks if the end of the string
    jz halt                     ; Jump to halt if the end
    or eax,0x0200               ; The top byte defines the character colour in the
                                ; buffer as an int value from 0-15 with 0 = black,
                                ; 1 = blue and 15 = white.
                                ; The bottom byte defines an ASCII code point
    mov word [ebx], ax
    add ebx, 2
    jmp .loop                   ; Next iteration of the loop

    mov esp, kernel_stack_top
    extern __start
    extern __bss_start
    extern __bss_sizel

    ; Zero the BSS section
    mov ecx, __bss_sizel
    mov edi, __bss_start
    xor eax, eax
    rep stosd

    ; Call C entry point
    call __start
    hlt                         ; CPU command to halt the execution

section .bss
align 4
    resb 16384                  ; 16 KB stack

这个 boot.asm 大致基于我在另一个 中提出的引导加载程序。主要区别在于链接器通过链接器脚本计算大部分所需信息,而不是直接在汇编文件中 coded/included。此代码还将 A20 线的启用和进入保护模式移动到第二阶段。如果您将来需要扩展引导加载程序的功能,这将释放 space。

如果您正在构建要在真实硬件上用作未分区媒体的引导加载程序 - 可以在文件 中找到 1.44MiB BIOS 参数块 (BPB) 的副本。这对于使用软盘仿真 (FDD) 在 USB 介质上引导非常有用。要启用它,只需从此行中删除 ;

; %include "src/init/bpb.inc"


  • 1有一个将基于零的逻辑块地址转换为一组CHS值:

    C = LBA ÷ (HPC × SPT)
    H = (LBA ÷ SPT) mod HPC
    S = (LBA mod SPT) + 1

    LBA 0 是引导扇区。如果内核位于引导加载程序之后的连续扇区中,则内核的起始位置为 LBA 1。内核的第二个 32KiB 块将位于 LBA 65(64+1)。对于 1.44MiB 软盘 HPC=2 和 SPT=18。从计算 LBA 0=CHS(0,0,2) 和 LBA 65= CHS(1,1,12)。这些是第一个版本boot.asm.

  • 中64扇区磁盘读取使用的值