Tracing instruction execution from startup

3
votes

I have somewhat of a pipe dream to program my own OS. While that will probably never be realized, I figure it might be fun and educational to at least work toward that goal. And I figured the best way to do that would be to start with figuring out what my own computer does. To that end, I've downloaded the program RW-Everything, which shows me what is in memory, and the AMD Processor Programmer's Reference Manual (all 5 volumes). My problem, essentially, is that what RW-Everything says my computer does doesn't appear to match what the Manual says should be done. So I would like to know who or what is wrong.

According to the manual, the processor starts at FFFFFFF0. The instructions here are

90 (nop) 90 (nop) E9 23 F6 (jmp near -09DD) which goes to FFFFFFF5 - 9DD = FFFFF618

Now at FFFFF618 the instructions are FA (cli) 30 C0 (xor al, al) E6 80 (out 80, al) 66 8B E0 (mov esp, eax) 66 8B EA (mov ebp, edx) 66 BB 80 FD FF FF (mov ebx, FFFFFD80) 66 2E 0F 01 17 (lgdt cs:[edi])

Now the problem here is that the cs base address is still at its initial value of FFFF0000 and edi is still at its initial value of 0. So the GDTR should be loaded with 6 bytes starting at FFFF0000. But at this location is a sea of FF's, meaning that the GDT base address is set to FFFFFFFF, which is a highly unlikely address at which to begin the GDT. So...what gives? Did I make a mistake somewhere?

1
assemblyx86x86-16bootloader
66 2e 0f 01 17 should be decoded as lgdt cs:[bx] - Michael Petch
That has a 66 prefix on it so the operand is being overriden to be 32-bits wide. This has the effect of making sure the base pointer in the GDTR is treated as a full 32-bit linear address rather than a 32-bit Linear address with the top 8 bits masked to 0 effectively making it a 24-bit linear address. The 24-bit linear addresses are a holdover from the 286. - Michael Petch
Michael Petch - I'm pretty sure the listing goes ax, cx, dx, bx, sp, bp, si, di. So the last 3 bits being 111 means it's di. Can anyone else confirm one way or the other? Also, I know it's a 32-bit pointer, which is why I noted that would mean the GDT base address is FFFFFFFF. My guess is that the sea of FF's at FFFF0000 is meaningless and not meant to be a pointer to anything. I can add that future instructions seem to switch the processor into protected mode, which is way premature IMO. - Travis Kidd

1 Answers

1
votes

You disassembled at FFFFF618h and found these instructions:

FA                (cli)
30 C0             (xor al, al)
E6 80             (out 80, al)
66 8B E0          (mov esp, eax)
66 8B EA          (mov ebp, edx)
66 BB 80 FD FF FF (mov ebx, FFFFFD80)
66 2E 0F 01 17    (lgdt cs:[edi])

Did I make a mistake somewhere?

Your last line is wrong. Because at the time of execution the CPU is still running in the Real Address Mode and the instruction was not encoded with an explicit Address Size Prefix (a byte 67h), the correct translation is:

lgdt [cs:bx]   ;An R/M field of 111 denotes [BX] in 16-bit addressing.

Now the BX register was initialized at 0FD80h, so you should take a look there!