在 QEMU 中加载并 运行 一个带有 32 位代码的原始二进制文件
Loading and running a raw binary file with 32-bit code in QEMU
我有一个程序集 (NASM) 文件:
bits 32
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
这会生成一个二进制文件,其中包含:
C7 05 00 80 0B 00 4F 2F 4B 2F F4
有没有办法在 QEMU 中执行这个二进制文件中的代码而不更改代码并且不添加 headers(如 Multiboot 或类似的)?我希望保持二进制文件原样。
我不知道您为什么不希望为您的代码使用 ELF 可执行文件,尤其是当您正在编写内核时。
无法让 QEMU 直接 运行 任意二进制文件。同样,您拥有的代码需要处于 32 位保护模式才能正确 运行(因为它使用 bits 32)。您给出的唯一要求是 QEMU 中的 运行 和包含指令 and/or 数据的二进制文件不被修改。
Multiboot 规范允许您使用简单的 ELF 文件和适当的 Multiboot header。在这里使用多重启动是最好的选择,因为它已经设置了 32 位保护模式;启用 A20 线;并将数据和代码加载到内存中。您无需自己编写大量代码。
您可以做的是在 NASM 中创建一个 Multiboot 包装器,其中包含一个简单的 Multiboot header 并包含带有代码的二进制文件。以下示例将创建一个符合多重引导的 ELF 可执行文件,它在内存中的 0x100000 处具有 header,在 0x101000 处具有内核。此代码使用 NASM 的 incbin 指令将二进制文件直接包含到包含 Multiboot header 和入口点的程序集文件中。
mboot.asm
bits 32
global _start
MB1_MAGIC equ 0x1badb002
MB1_FLAGS equ 0x00000000
MB1_CHECKSUM equ -(MB1_MAGIC+MB1_FLAGS)
section .data
align 4
dd MB1_MAGIC
dd MB1_FLAGS
dd MB1_CHECKSUM
section .text
_start:
incbin "kernel.bin"
kernel.asm
bits 32
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
您首先必须将您的 kernel.asm 构建为一个名为 kernel.bin 的二进制文件:
nasm -fbin kernel.asm -o kernel.bin
然后你必须 assemble 多重引导包装器:
nasm -felf32 mboot.asm -o mboot.o
最后 link 它到一个名为 kernel.elf 的 ELF 可执行文件,其中:
ld -Ttext=0x101000 -Tdata=0x100000 -melf_i386 mboot.o -o kernel.elf
这个 Multiboot 兼容的 ELF 可执行文件可以 运行 在 QEMU 中带有 -kernel 选项,如下所示:
qemu-system-i386 -kernel kernel.elf
运行 时的输出应该类似于:
补充说明
随着内核二进制文件的增长,您需要通过标签引用绝对内存位置,您需要告诉 NASM 加载内核二进制文件的虚拟内存地址 (VMA) 为 0x101000 .这可以使用 ORG 指令来完成,如下所示:
bits 32
org 0x101000
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
此代码不需要 ORG 指令,因为它不需要代码中任何位置的标签的绝对地址,但这可能会随着您的代码在未来的扩展而改变。如果您没有正确指定 ORG(原点),将无法运行的代码示例如下:
; Example program that uses an absolute reference to a label
; that won't work unless a proper ORG is used. Removing the ORG
; or using the wrong value will cause the code to not work as
; expected
org 0x101000
bits 32
start:
mov eax, [okmsg] ; Using an absolute reference to a label
mov dword [0xb8000], eax ; Write value to display
hlt
okmsg: dd 0x2f4b2f4f
如答案开头所述,我并不真正推荐这种方法,但我提供了一个解决方案,允许您 运行 您提供的代码被放置在您所说的二进制文件中无法更改。
加载和运行保护模式内核的软盘引导加载程序
如果您不想使用 Multiboot 并希望创建磁盘映像,这个相当简化的引导加载程序:
- 启用 A20 行
- 从磁盘加载 code/data 到内存,从 @ 0x00008000
开始
- 进入 32 位保护模式
- 执行代码
此代码基于我的其他几个回答中的代码。一个是bootloader that executes code in 16-bit real mode. I modified it with code I used in a question that enables A20,进入保护模式。
boot.asm
STAGE2_ABS_ADDR equ 0x08000
STAGE2_RUN_SEG equ 0x0000
STAGE2_RUN_OFS equ STAGE2_ABS_ADDR
; Run stage2 with segment of 0x0000 and offset of 0x8000
STAGE2_LOAD_SEG equ STAGE2_ABS_ADDR>>4
; Segment to start reading Stage2 into
; right after bootloader
STAGE2_LBA_START equ 1 ; Logical Block Address(LBA) Stage2 starts on
; LBA 1 = sector after boot sector
STAGE2_LBA_END equ STAGE2_LBA_START + NUM_STAGE2_SECTORS
; Logical Block Address(LBA) Stage2 ends at
DISK_RETRIES equ 3 ; Number of times to retry on disk error
bits 16
ORG 0x7c00
; Include a BPB (1.44MB floppy with FAT12) to be more compatible with USB floppy media
%ifdef WITH_BPB
%include "bpb.inc"
%endif
boot_continue:
xor ax, ax ; DS=SS=0 for stage2 loading
mov ds, ax
mov ss, ax ; Stack at 0x0000:0x7c00
mov sp, 0x7c00
cld ; Set string instructions to use forward movement
; Read Stage2 1 sector at a time until stage2 is completely loaded
load_stage2:
mov [bootDevice], dl ; Save boot drive
mov di, STAGE2_LOAD_SEG ; DI = Current segment to read into
mov si, STAGE2_LBA_START ; SI = LBA that stage2 starts at
jmp .chk_for_last_lba ; Check to see if we are last sector in stage2
.read_sector_loop:
mov bp, DISK_RETRIES ; Set disk retry count
call lba_to_chs ; Convert current LBA to CHS
mov es, di ; Set ES to current segment number to read into
xor bx, bx ; Offset zero in segment
.retry:
mov ax, 0x0201 ; Call function 0x02 of int 13h (read sectors)
; AL = 1 = Sectors to read
int 0x13 ; BIOS Disk interrupt call
jc .disk_error ; If CF set then disk error
.success:
add di, 512>>4 ; Advance to next 512 byte segment (0x20*16=512)
inc si ; Next LBA
.chk_for_last_lba:
cmp si, STAGE2_LBA_END ; Have we reached the last stage2 sector?
jl .read_sector_loop ; If we haven't then read next sector
.stage2_loaded:
mov si, noa20_err ; Default error message to A20 enable error
call a20_enable ; Enable A20 line
jz error_print ; If the A20 line isn't enabled, print error and stop
lgdt [gdtr] ; Load GDT for 32-bit protected mode
cli ; Disable interrupts since we don't have an IDT setup
mov eax, cr0 ; Read CR0 register
or eax, 1 ; Enable protected mode flage (bit 0)
mov cr0, eax ; Set CR0 register&enter quasi 16-bit protected mode
jmp CODE32_SEL:start32pm ; FAR JMP to use a 32-bit code selector
; This enters 32-bit protected mode @ start32pm
.disk_error:
xor ah, ah ; Int13h/AH=0 is drive reset
int 0x13
dec bp ; Decrease retry count
jge .retry ; If retry count not exceeded then try again
disk_error_end:
; Unrecoverable error; print drive error; enter infinite loop
mov si, diskErrorMsg ; Display disk error message
error_print:
call print_string
cli
error_loop:
hlt
jmp error_loop
; Function: print_string
; Display a string to the console on display page 0
;
; Inputs: SI = Offset of address to print
; Clobbers: AX, BX, SI
print_string:
mov ah, 0x0e ; BIOS tty Print
xor bx, bx ; Set display page to 0 (BL)
jmp .getch
.repeat:
int 0x10 ; print character
.getch:
lodsb ; Get character from string
test al,al ; Have we reached end of string?
jnz .repeat ; if not process next character
.end:
ret
; Function: lba_to_chs
; Description: Translate Logical block address to CHS (Cylinder, Head, Sector).
;
; Resources: http://www.ctyme.com/intr/rb-0607.htm
; https://en.wikipedia.org/wiki/Logical_block_addressing#CHS_conversion
; https://whosebug.com/q/45434899/3857942
; Sector = (LBA mod SPT) + 1
; Head = (LBA / SPT) mod HEADS
; Cylinder = (LBA / SPT) / HEADS
;
; Inputs: SI = LBA
; Outputs: DL = Boot Drive Number
; DH = Head
; CH = Cylinder (lower 8 bits of 10-bit cylinder)
; CL = Sector/Cylinder
; Upper 2 bits of 10-bit Cylinders in upper 2 bits of CL
; Sector in lower 6 bits of CL
;
; Notes: Output registers match expectation of Int 13h/AH=2 inputs
;
lba_to_chs:
push ax ; Preserve AX
mov ax, si ; Copy LBA to AX
xor dx, dx ; Upper 16-bit of 32-bit value set to 0 for DIV
div word [sectorsPerTrack] ; 32-bit by 16-bit DIV : LBA / SPT
mov cl, dl ; CL = S = LBA mod SPT
inc cl ; CL = S = (LBA mod SPT) + 1
xor dx, dx ; Upper 16-bit of 32-bit value set to 0 for DIV
div word [numHeads] ; 32-bit by 16-bit DIV : (LBA / SPT) / HEADS
mov dh, dl ; DH = H = (LBA / SPT) mod HEADS
mov dl, [bootDevice] ; boot device, not necessary to set but convenient
mov ch, al ; CH = C(lower 8 bits) = (LBA / SPT) / HEADS
shl ah, 6 ; Store upper 2 bits of 10-bit Cylinder into
or cl, ah ; upper 2 bits of Sector (CL)
pop ax ; Restore scratch registers
ret
; Function: wait_8042_cmd
; Wait until the Input Buffer Full bit in the keyboard controller's
; status register becomes 0. After calls to this function it is
; safe to send a command on Port 0x64
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_IBF_BIT EQU 1
wait_8042_cmd:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_IBF_BIT
; Is bit 1 (Input Buffer Full) set?
jnz wait_8042_cmd ; If it is then controller is busy and we
; can't send command byte, try again
ret ; Otherwise buffer is clear and ready to send a command
; Function: wait_8042_data
; Wait until the Output Buffer Empty (OBE) bit in the keyboard controller's
; status register becomes 0. After a call to this function there is
; data available to be read on port 0x60.
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_OBE_BIT EQU 0
wait_8042_data:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_OBE_BIT
; Is bit 0 (Output Buffer Empty) set?
jz wait_8042_data ; If not then no data waiting to be read, try again
ret ; Otherwise data is ready to be read
; Function: a20_kbd_enable
; Enable the A20 line via the keyboard controller
;
; Inputs: None
; Clobbers: AX, CX
; Returns: None
a20_kbd_enable:
pushf
cli ; Disable interrupts
call wait_8042_cmd ; When controller ready for command
mov al, 0xad ; Send command 0xad (disable keyboard).
out 0x64, al
call wait_8042_cmd ; When controller ready for command
mov al, 0xd0 ; Send command 0xd0 (read output port)
out 0x64, al
call wait_8042_data ; Wait until controller has data
in al, 0x60 ; Read data from keyboard
mov cx, ax ; CX = copy of byte read
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xd1
out 0x64, al ; Send command 0xd1 (write output port)
call wait_8042_cmd ; Wait until controller is ready for a command
mov ax, cx
or al, 1 << 1 ; Write value back with bit 1 set
out 0x60, al
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xae
out 0x64, al ; Write command 0xae (enable keyboard)
call wait_8042_cmd ; Wait until controller is ready for command
popf ; Restore flags including interrupt flag
ret
; Function: a20_fast_enable
; Enable the A20 line via System Control Port A
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_fast_enable:
in al, 0x92 ; Read System Control Port A
test al, 1 << 1
jnz .finished ; If bit 1 is set then A20 already enabled
or al, 1 << 1 ; Set bit 1
and al, ~(1 << 0) ; Clear bit 0 to avoid issuing a reset
out 0x92, al ; Send Enabled A20 and disabled Reset to control port
.finished:
ret
; Function: a20_bios_enable
; Enable the A20 line via the BIOS function Int 15h/AH=2401
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_bios_enable:
mov ax, 0x2401 ; Int 15h/AH=2401 enables A20 on BIOS with this feature
int 0x15
ret
; Function: a20_check
; Determine if the A20 line is enabled or disabled
;
; Inputs: None
; Clobbers: AX, CX, ES
; Returns: ZF=1 if A20 enabled, ZF=0 if disabled
a20_check:
pushf ; Save flags so Interrupt Flag (IF) can be restored
push ds ; Save volatile registers
push si
push di
cli ; Disable interrupts
xor ax, ax
mov ds, ax
mov si, 0x600 ; 0x0000:0x0600 (0x00600) address we will test
mov ax, 0xffff
mov es, ax
mov di, 0x610 ; 0xffff:0x0610 (0x00600) address we will test
; The physical address pointed to depends on whether
; memory wraps or not. If it wraps then A20 is disabled
mov cl, [si] ; Save byte at 0x0000:0x0600
mov ch, [es:di] ; Save byte at 0xffff:0x0610
mov byte [si], 0xaa ; Write 0xaa to 0x0000:0x0600
mov byte [es:di], 0x55 ; Write 0x55 to 0xffff:0x0610
xor ax, ax ; Set return value 0
cmp byte [si], 0x55 ; If 0x0000:0x0600 is 0x55 and not 0xaa
je .disabled ; then memory wrapped because A20 is disabled
dec ax ; A20 Disable, set AX to -1
.disabled:
; Cleanup by restoring original bytes in memory. This must be in reverse
; order from the order they were originally saved
mov [es:di], ch ; Restore data saved data to 0xffff:0x0610
mov [si], cl ; Restore data saved data to 0x0000:0x0600
pop di ; Restore non-volatile registers
pop si
pop ds
popf ; Restore Flags (including IF)
test al, al ; Return ZF=1 if A20 enabled, ZF=0 if disabled
ret
; Function: a20_enable
; Enable the A20 line
;
; Inputs: None
; Clobbers: AX, BX, CX, DX
; Returns: ZF=0 if A20 not enabled, ZF=1 if A20 enabled
a20_enable:
call a20_check ; Is A20 already enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_bios_enable ; Try enabling A20 via BIOS
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_kbd_enable ; Try enabling A20 via keyboard controller
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_fast_enable ; Try enabling A20 via fast method
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
.a20_err:
xor ax, ax ; If A20 disabled then return with ZF=0
.a20_on:
ret
bits 32
start32pm:
mov ax, DATA32_SEL ; Set up the 32-bit data selectors
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
; Zero extend SP to ESP. SP is already at 0x7c00
; DL still contains the boot drive number
movzx esp, sp
; Execute stage2 code
jmp STAGE2_RUN_OFS
; 32-bit GDT for protected mode
; Macro to build a GDT descriptor entry
%define MAKE_GDT_DESC(base, limit, access, flags) \
(((base & 0x00FFFFFF) << 16) | \
((base & 0xFF000000) << 32) | \
(limit & 0x0000FFFF) | \
((limit & 0x000F0000) << 32) | \
((access & 0xFF) << 40) | \
((flags & 0x0F) << 52))
; GDT structure
gdt_start:
dq MAKE_GDT_DESC(0, 0, 0, 0); null descriptor
gdt32_code:
dq MAKE_GDT_DESC(0, 0x000fffff, 10011010b, 1100b)
; 32-bit code, 4kb gran, limit 0xffffffff bytes, base=0
gdt32_data:
dq MAKE_GDT_DESC(0, 0x000fffff, 10010010b, 1100b)
; 32-bit data, 4kb gran, limit 0xffffffff bytes, base=0
gdt_end:
CODE32_SEL equ gdt32_code - gdt_start
DATA32_SEL equ gdt32_data - gdt_start
; GDT record
align 4
dw 0 ; Padding align dd GDT in gdtr on 4 byte boundary
gdtr:
dw gdt_end - gdt_start - 1
; limit (Size of GDT - 1)
dd gdt_start ; base of GDT
; If not using a BPB (via bpb.inc) provide default Heads and SPT values
%ifndef WITH_BPB
numHeads: dw 2 ; 1.44MB Floppy has 2 heads & 18 sector per track
sectorsPerTrack: dw 18
%endif
bootDevice: db 0x00
diskErrorMsg: db "Unrecoverable disk error!", 0
noa20_err: db "A20 line couldn't be enabled", 10, 13, 0
; Pad boot sector to 510 bytes and add 2 byte boot signature for 512 total bytes
TIMES 510-($-$$) db 0
dw 0xaa55
; Beginning of stage2. This is at 0x8000 and will allow your stage2 to be 32.5KiB
; before running into problems. DL will be set to the drive number originally
; passed to us by the BIOS.
NUM_STAGE2_SECTORS equ (stage2_end-stage2_start+511) / 512
; Number of 512 byte sectors stage2 uses.
stage2_start:
; Insert stage2 binary here. It is done this way since we
; can determine the size(and number of sectors) to load since
; Size = stage2_end-stage2_start
incbin "kernel.bin"
; End of stage2. Make sure this label is LAST in this file!
stage2_end:
; Fill out this file to produce a 1.44MB floppy image
TIMES 1024*1440-($-$$) db 0x00
首先 从您在 kernel.asm:
中的代码构建 kernel.bin
nasm -f bin kernel.asm -o kernel.bin
创建一张 1.44MiB 软盘 (disk.img),其中包含 kernel.bin 中的代码和数据,以及将内核读入内存的卷引导记录 (VBR):
nasm -f bin boot.asm -o disk.img
可以运行在QEMU中从软盘镜像使用:
qemu-system-i386 -fda disk.img
此版本的代码最终可能需要在您的内核中使用 ORG 0x8000,而不是我之前介绍的多重启动版本,随着您继续开发您的内核,该版本可能需要 ORG 0x101000。如果您没有正确指定 ORG(原点),将无法运行的代码示例如下:
; Example program that uses an absolute reference to a label
; that won't work unless a proper ORG is used. Removing the ORG
; or using the wrong value will cause the code to not work as
; expected
org 0x8000
bits 32
start:
mov eax, [okmsg] ; Using an absolute reference to a label
mov dword [0xb8000], eax ; Write value to display
hlt
okmsg: dd 0x2f4b2f4f
我有一个程序集 (NASM) 文件:
bits 32
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
这会生成一个二进制文件,其中包含:
C7 05 00 80 0B 00 4F 2F 4B 2F F4
有没有办法在 QEMU 中执行这个二进制文件中的代码而不更改代码并且不添加 headers(如 Multiboot 或类似的)?我希望保持二进制文件原样。
我不知道您为什么不希望为您的代码使用 ELF 可执行文件,尤其是当您正在编写内核时。
无法让 QEMU 直接 运行 任意二进制文件。同样,您拥有的代码需要处于 32 位保护模式才能正确 运行(因为它使用 bits 32)。您给出的唯一要求是 QEMU 中的 运行 和包含指令 and/or 数据的二进制文件不被修改。
Multiboot 规范允许您使用简单的 ELF 文件和适当的 Multiboot header。在这里使用多重启动是最好的选择,因为它已经设置了 32 位保护模式;启用 A20 线;并将数据和代码加载到内存中。您无需自己编写大量代码。
您可以做的是在 NASM 中创建一个 Multiboot 包装器,其中包含一个简单的 Multiboot header 并包含带有代码的二进制文件。以下示例将创建一个符合多重引导的 ELF 可执行文件,它在内存中的 0x100000 处具有 header,在 0x101000 处具有内核。此代码使用 NASM 的 incbin 指令将二进制文件直接包含到包含 Multiboot header 和入口点的程序集文件中。
mboot.asm
bits 32
global _start
MB1_MAGIC equ 0x1badb002
MB1_FLAGS equ 0x00000000
MB1_CHECKSUM equ -(MB1_MAGIC+MB1_FLAGS)
section .data
align 4
dd MB1_MAGIC
dd MB1_FLAGS
dd MB1_CHECKSUM
section .text
_start:
incbin "kernel.bin"
kernel.asm
bits 32
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
您首先必须将您的 kernel.asm 构建为一个名为 kernel.bin 的二进制文件:
nasm -fbin kernel.asm -o kernel.bin
然后你必须 assemble 多重引导包装器:
nasm -felf32 mboot.asm -o mboot.o
最后 link 它到一个名为 kernel.elf 的 ELF 可执行文件,其中:
ld -Ttext=0x101000 -Tdata=0x100000 -melf_i386 mboot.o -o kernel.elf
这个 Multiboot 兼容的 ELF 可执行文件可以 运行 在 QEMU 中带有 -kernel 选项,如下所示:
qemu-system-i386 -kernel kernel.elf
运行 时的输出应该类似于:
补充说明
随着内核二进制文件的增长,您需要通过标签引用绝对内存位置,您需要告诉 NASM 加载内核二进制文件的虚拟内存地址 (VMA) 为 0x101000 .这可以使用 ORG 指令来完成,如下所示:
bits 32
org 0x101000
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
此代码不需要 ORG 指令,因为它不需要代码中任何位置的标签的绝对地址,但这可能会随着您的代码在未来的扩展而改变。如果您没有正确指定 ORG(原点),将无法运行的代码示例如下:
; Example program that uses an absolute reference to a label
; that won't work unless a proper ORG is used. Removing the ORG
; or using the wrong value will cause the code to not work as
; expected
org 0x101000
bits 32
start:
mov eax, [okmsg] ; Using an absolute reference to a label
mov dword [0xb8000], eax ; Write value to display
hlt
okmsg: dd 0x2f4b2f4f
如答案开头所述,我并不真正推荐这种方法,但我提供了一个解决方案,允许您 运行 您提供的代码被放置在您所说的二进制文件中无法更改。
加载和运行保护模式内核的软盘引导加载程序
如果您不想使用 Multiboot 并希望创建磁盘映像,这个相当简化的引导加载程序:
- 启用 A20 行
- 从磁盘加载 code/data 到内存,从 @ 0x00008000 开始
- 进入 32 位保护模式
- 执行代码
此代码基于我的其他几个回答中的代码。一个是bootloader that executes code in 16-bit real mode. I modified it with code I used in a question that enables A20,进入保护模式。
boot.asm
STAGE2_ABS_ADDR equ 0x08000
STAGE2_RUN_SEG equ 0x0000
STAGE2_RUN_OFS equ STAGE2_ABS_ADDR
; Run stage2 with segment of 0x0000 and offset of 0x8000
STAGE2_LOAD_SEG equ STAGE2_ABS_ADDR>>4
; Segment to start reading Stage2 into
; right after bootloader
STAGE2_LBA_START equ 1 ; Logical Block Address(LBA) Stage2 starts on
; LBA 1 = sector after boot sector
STAGE2_LBA_END equ STAGE2_LBA_START + NUM_STAGE2_SECTORS
; Logical Block Address(LBA) Stage2 ends at
DISK_RETRIES equ 3 ; Number of times to retry on disk error
bits 16
ORG 0x7c00
; Include a BPB (1.44MB floppy with FAT12) to be more compatible with USB floppy media
%ifdef WITH_BPB
%include "bpb.inc"
%endif
boot_continue:
xor ax, ax ; DS=SS=0 for stage2 loading
mov ds, ax
mov ss, ax ; Stack at 0x0000:0x7c00
mov sp, 0x7c00
cld ; Set string instructions to use forward movement
; Read Stage2 1 sector at a time until stage2 is completely loaded
load_stage2:
mov [bootDevice], dl ; Save boot drive
mov di, STAGE2_LOAD_SEG ; DI = Current segment to read into
mov si, STAGE2_LBA_START ; SI = LBA that stage2 starts at
jmp .chk_for_last_lba ; Check to see if we are last sector in stage2
.read_sector_loop:
mov bp, DISK_RETRIES ; Set disk retry count
call lba_to_chs ; Convert current LBA to CHS
mov es, di ; Set ES to current segment number to read into
xor bx, bx ; Offset zero in segment
.retry:
mov ax, 0x0201 ; Call function 0x02 of int 13h (read sectors)
; AL = 1 = Sectors to read
int 0x13 ; BIOS Disk interrupt call
jc .disk_error ; If CF set then disk error
.success:
add di, 512>>4 ; Advance to next 512 byte segment (0x20*16=512)
inc si ; Next LBA
.chk_for_last_lba:
cmp si, STAGE2_LBA_END ; Have we reached the last stage2 sector?
jl .read_sector_loop ; If we haven't then read next sector
.stage2_loaded:
mov si, noa20_err ; Default error message to A20 enable error
call a20_enable ; Enable A20 line
jz error_print ; If the A20 line isn't enabled, print error and stop
lgdt [gdtr] ; Load GDT for 32-bit protected mode
cli ; Disable interrupts since we don't have an IDT setup
mov eax, cr0 ; Read CR0 register
or eax, 1 ; Enable protected mode flage (bit 0)
mov cr0, eax ; Set CR0 register&enter quasi 16-bit protected mode
jmp CODE32_SEL:start32pm ; FAR JMP to use a 32-bit code selector
; This enters 32-bit protected mode @ start32pm
.disk_error:
xor ah, ah ; Int13h/AH=0 is drive reset
int 0x13
dec bp ; Decrease retry count
jge .retry ; If retry count not exceeded then try again
disk_error_end:
; Unrecoverable error; print drive error; enter infinite loop
mov si, diskErrorMsg ; Display disk error message
error_print:
call print_string
cli
error_loop:
hlt
jmp error_loop
; Function: print_string
; Display a string to the console on display page 0
;
; Inputs: SI = Offset of address to print
; Clobbers: AX, BX, SI
print_string:
mov ah, 0x0e ; BIOS tty Print
xor bx, bx ; Set display page to 0 (BL)
jmp .getch
.repeat:
int 0x10 ; print character
.getch:
lodsb ; Get character from string
test al,al ; Have we reached end of string?
jnz .repeat ; if not process next character
.end:
ret
; Function: lba_to_chs
; Description: Translate Logical block address to CHS (Cylinder, Head, Sector).
;
; Resources: http://www.ctyme.com/intr/rb-0607.htm
; https://en.wikipedia.org/wiki/Logical_block_addressing#CHS_conversion
; https://whosebug.com/q/45434899/3857942
; Sector = (LBA mod SPT) + 1
; Head = (LBA / SPT) mod HEADS
; Cylinder = (LBA / SPT) / HEADS
;
; Inputs: SI = LBA
; Outputs: DL = Boot Drive Number
; DH = Head
; CH = Cylinder (lower 8 bits of 10-bit cylinder)
; CL = Sector/Cylinder
; Upper 2 bits of 10-bit Cylinders in upper 2 bits of CL
; Sector in lower 6 bits of CL
;
; Notes: Output registers match expectation of Int 13h/AH=2 inputs
;
lba_to_chs:
push ax ; Preserve AX
mov ax, si ; Copy LBA to AX
xor dx, dx ; Upper 16-bit of 32-bit value set to 0 for DIV
div word [sectorsPerTrack] ; 32-bit by 16-bit DIV : LBA / SPT
mov cl, dl ; CL = S = LBA mod SPT
inc cl ; CL = S = (LBA mod SPT) + 1
xor dx, dx ; Upper 16-bit of 32-bit value set to 0 for DIV
div word [numHeads] ; 32-bit by 16-bit DIV : (LBA / SPT) / HEADS
mov dh, dl ; DH = H = (LBA / SPT) mod HEADS
mov dl, [bootDevice] ; boot device, not necessary to set but convenient
mov ch, al ; CH = C(lower 8 bits) = (LBA / SPT) / HEADS
shl ah, 6 ; Store upper 2 bits of 10-bit Cylinder into
or cl, ah ; upper 2 bits of Sector (CL)
pop ax ; Restore scratch registers
ret
; Function: wait_8042_cmd
; Wait until the Input Buffer Full bit in the keyboard controller's
; status register becomes 0. After calls to this function it is
; safe to send a command on Port 0x64
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_IBF_BIT EQU 1
wait_8042_cmd:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_IBF_BIT
; Is bit 1 (Input Buffer Full) set?
jnz wait_8042_cmd ; If it is then controller is busy and we
; can't send command byte, try again
ret ; Otherwise buffer is clear and ready to send a command
; Function: wait_8042_data
; Wait until the Output Buffer Empty (OBE) bit in the keyboard controller's
; status register becomes 0. After a call to this function there is
; data available to be read on port 0x60.
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_OBE_BIT EQU 0
wait_8042_data:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_OBE_BIT
; Is bit 0 (Output Buffer Empty) set?
jz wait_8042_data ; If not then no data waiting to be read, try again
ret ; Otherwise data is ready to be read
; Function: a20_kbd_enable
; Enable the A20 line via the keyboard controller
;
; Inputs: None
; Clobbers: AX, CX
; Returns: None
a20_kbd_enable:
pushf
cli ; Disable interrupts
call wait_8042_cmd ; When controller ready for command
mov al, 0xad ; Send command 0xad (disable keyboard).
out 0x64, al
call wait_8042_cmd ; When controller ready for command
mov al, 0xd0 ; Send command 0xd0 (read output port)
out 0x64, al
call wait_8042_data ; Wait until controller has data
in al, 0x60 ; Read data from keyboard
mov cx, ax ; CX = copy of byte read
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xd1
out 0x64, al ; Send command 0xd1 (write output port)
call wait_8042_cmd ; Wait until controller is ready for a command
mov ax, cx
or al, 1 << 1 ; Write value back with bit 1 set
out 0x60, al
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xae
out 0x64, al ; Write command 0xae (enable keyboard)
call wait_8042_cmd ; Wait until controller is ready for command
popf ; Restore flags including interrupt flag
ret
; Function: a20_fast_enable
; Enable the A20 line via System Control Port A
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_fast_enable:
in al, 0x92 ; Read System Control Port A
test al, 1 << 1
jnz .finished ; If bit 1 is set then A20 already enabled
or al, 1 << 1 ; Set bit 1
and al, ~(1 << 0) ; Clear bit 0 to avoid issuing a reset
out 0x92, al ; Send Enabled A20 and disabled Reset to control port
.finished:
ret
; Function: a20_bios_enable
; Enable the A20 line via the BIOS function Int 15h/AH=2401
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_bios_enable:
mov ax, 0x2401 ; Int 15h/AH=2401 enables A20 on BIOS with this feature
int 0x15
ret
; Function: a20_check
; Determine if the A20 line is enabled or disabled
;
; Inputs: None
; Clobbers: AX, CX, ES
; Returns: ZF=1 if A20 enabled, ZF=0 if disabled
a20_check:
pushf ; Save flags so Interrupt Flag (IF) can be restored
push ds ; Save volatile registers
push si
push di
cli ; Disable interrupts
xor ax, ax
mov ds, ax
mov si, 0x600 ; 0x0000:0x0600 (0x00600) address we will test
mov ax, 0xffff
mov es, ax
mov di, 0x610 ; 0xffff:0x0610 (0x00600) address we will test
; The physical address pointed to depends on whether
; memory wraps or not. If it wraps then A20 is disabled
mov cl, [si] ; Save byte at 0x0000:0x0600
mov ch, [es:di] ; Save byte at 0xffff:0x0610
mov byte [si], 0xaa ; Write 0xaa to 0x0000:0x0600
mov byte [es:di], 0x55 ; Write 0x55 to 0xffff:0x0610
xor ax, ax ; Set return value 0
cmp byte [si], 0x55 ; If 0x0000:0x0600 is 0x55 and not 0xaa
je .disabled ; then memory wrapped because A20 is disabled
dec ax ; A20 Disable, set AX to -1
.disabled:
; Cleanup by restoring original bytes in memory. This must be in reverse
; order from the order they were originally saved
mov [es:di], ch ; Restore data saved data to 0xffff:0x0610
mov [si], cl ; Restore data saved data to 0x0000:0x0600
pop di ; Restore non-volatile registers
pop si
pop ds
popf ; Restore Flags (including IF)
test al, al ; Return ZF=1 if A20 enabled, ZF=0 if disabled
ret
; Function: a20_enable
; Enable the A20 line
;
; Inputs: None
; Clobbers: AX, BX, CX, DX
; Returns: ZF=0 if A20 not enabled, ZF=1 if A20 enabled
a20_enable:
call a20_check ; Is A20 already enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_bios_enable ; Try enabling A20 via BIOS
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_kbd_enable ; Try enabling A20 via keyboard controller
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_fast_enable ; Try enabling A20 via fast method
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
.a20_err:
xor ax, ax ; If A20 disabled then return with ZF=0
.a20_on:
ret
bits 32
start32pm:
mov ax, DATA32_SEL ; Set up the 32-bit data selectors
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
; Zero extend SP to ESP. SP is already at 0x7c00
; DL still contains the boot drive number
movzx esp, sp
; Execute stage2 code
jmp STAGE2_RUN_OFS
; 32-bit GDT for protected mode
; Macro to build a GDT descriptor entry
%define MAKE_GDT_DESC(base, limit, access, flags) \
(((base & 0x00FFFFFF) << 16) | \
((base & 0xFF000000) << 32) | \
(limit & 0x0000FFFF) | \
((limit & 0x000F0000) << 32) | \
((access & 0xFF) << 40) | \
((flags & 0x0F) << 52))
; GDT structure
gdt_start:
dq MAKE_GDT_DESC(0, 0, 0, 0); null descriptor
gdt32_code:
dq MAKE_GDT_DESC(0, 0x000fffff, 10011010b, 1100b)
; 32-bit code, 4kb gran, limit 0xffffffff bytes, base=0
gdt32_data:
dq MAKE_GDT_DESC(0, 0x000fffff, 10010010b, 1100b)
; 32-bit data, 4kb gran, limit 0xffffffff bytes, base=0
gdt_end:
CODE32_SEL equ gdt32_code - gdt_start
DATA32_SEL equ gdt32_data - gdt_start
; GDT record
align 4
dw 0 ; Padding align dd GDT in gdtr on 4 byte boundary
gdtr:
dw gdt_end - gdt_start - 1
; limit (Size of GDT - 1)
dd gdt_start ; base of GDT
; If not using a BPB (via bpb.inc) provide default Heads and SPT values
%ifndef WITH_BPB
numHeads: dw 2 ; 1.44MB Floppy has 2 heads & 18 sector per track
sectorsPerTrack: dw 18
%endif
bootDevice: db 0x00
diskErrorMsg: db "Unrecoverable disk error!", 0
noa20_err: db "A20 line couldn't be enabled", 10, 13, 0
; Pad boot sector to 510 bytes and add 2 byte boot signature for 512 total bytes
TIMES 510-($-$$) db 0
dw 0xaa55
; Beginning of stage2. This is at 0x8000 and will allow your stage2 to be 32.5KiB
; before running into problems. DL will be set to the drive number originally
; passed to us by the BIOS.
NUM_STAGE2_SECTORS equ (stage2_end-stage2_start+511) / 512
; Number of 512 byte sectors stage2 uses.
stage2_start:
; Insert stage2 binary here. It is done this way since we
; can determine the size(and number of sectors) to load since
; Size = stage2_end-stage2_start
incbin "kernel.bin"
; End of stage2. Make sure this label is LAST in this file!
stage2_end:
; Fill out this file to produce a 1.44MB floppy image
TIMES 1024*1440-($-$$) db 0x00
首先 从您在 kernel.asm:
kernel.bin
nasm -f bin kernel.asm -o kernel.bin
创建一张 1.44MiB 软盘 (disk.img),其中包含 kernel.bin 中的代码和数据,以及将内核读入内存的卷引导记录 (VBR):
nasm -f bin boot.asm -o disk.img
可以运行在QEMU中从软盘镜像使用:
qemu-system-i386 -fda disk.img
此版本的代码最终可能需要在您的内核中使用 ORG 0x8000,而不是我之前介绍的多重启动版本,随着您继续开发您的内核,该版本可能需要 ORG 0x101000。如果您没有正确指定 ORG(原点),将无法运行的代码示例如下:
; Example program that uses an absolute reference to a label
; that won't work unless a proper ORG is used. Removing the ORG
; or using the wrong value will cause the code to not work as
; expected
org 0x8000
bits 32
start:
mov eax, [okmsg] ; Using an absolute reference to a label
mov dword [0xb8000], eax ; Write value to display
hlt
okmsg: dd 0x2f4b2f4f