1

I am trying to switch to protected mode after playing around a little bit with real mode, but something weird occurs. In real mode I have created a simple welcome screen asking the user to enter their name. After that, the switch to protected mode should occur, but this is what happens instead:

enter image description here

As you can see I press Enter and the background of a character starts changing, and then QEMU (the emulator I am using) restarts and re-displays the welcome screen.

Here is the code :

section startUp vstart=0x7f00

; clearing the screen 
    mov ah,0x00
    mov al,0x03   
    int 0x10
; disabling the cursor
    mov ah,0x01
    mov ch,0x3f 
    int 0x10
; using Bios to print character
    mov ah,0x0e
    mov al,'C'
    mov cx,0x01
    int 0x10
; printing a string 
    mov ax,msg
    mov bx,0x00
    mov cl,0x0f
    mov dx,0x00
    call printMsg
; print warning 
    mov ax,warning
    mov bx,0x00
    mov cl,0x04
    mov dx,0x3a
    call printMsg
; print message
    mov ax,msg2
    mov bx,0x00
    mov cl,0x0f
    mov dx,0x0140
    call printMsg
; input 
    mov si,keypress
    mov bx,0x00
    call input



; switching to protected mode 
    cli           ; disabling interrupts 
    lgdt [GDT_Descriptor]     
    mov eax,cr0
    or eax,0x01
    mov cr0,eax   ; here we are in 32 bit protected mode

    jmp protectedMode








; printing a string function 
printMsg:
    pusha 

    ; ax ==> offset , bx ==> segment , dl ==> Line a0*lineNumber - 1, cl ==> color 

    mov es,bx
    
    mov bx,0xB000
    mov ds,bx 

    mov si,ax
    
    mov di,0x8000
    add di,dx

    mov byte[es:0x7e00],0x00 
    jmp loopThrough

    
    loopThrough:
        mov al,byte[es:si]
        mov byte[ds:di], al

        add di,0x01
        mov byte[ds:di],cl
        sub di,0x01

        add si,0x01

        mov bl,byte[es:si]
        cmp bl,0x00
            
        je quit

        add di,0x02
        jmp loopThrough
            

    quit :
        popa
        ret



; input function kjjj
input:
    pusha
    ; si ==> offset , bx ==> segment 
    mov di,si 
    mov es,bx 

    jmp loopinterupt


    loopinterupt :
        mov ah,0x00
        int 0x16

        cmp al,0x20

        je quitInput


        mov byte[es:si],al
        add si,0x01
        mov byte[es:si],0x00

        mov ax,di
        mov dx,0x172
        mov cl,0x0f
        call printMsg

        
        jmp loopinterupt

    quitInput :
        popa 
        ret





; Data


; Setting Up the GDT
GDT :

times 8 db 0x00

; base : 0x100000   ; Limit : 0x00700
dw 0x0700  ; limit 1 
dw 0x0000  ; base 1 
db 0x10    ; base 2
db 0x9a    ; access Byte 
db 0xc0    ; limit + flags
db 0x00d    ; base 3


; base : 0x800000  ; limit : 0x00700 
dw 0x0700  ; limit 1 
dw 0x0000  ; base 1 
db 0x80    ; base 2
db 0x96    ; access Byte 
db 0xc0    ; limit + flags
db 0x00    ; base 3

GDT_Descriptor :
dw GDT_Descriptor - GDT - 1
dd GDT 





msg db 'Welcome to the OS fdffdfgd',0x00
msg2 db 'Please write your name : ',0x00
keypress db 'K',0x00
warning db ""


[bits 32]
protectedMode:
    jmp $


times 1024-($-$$) db 0

So as you saw the code executes just fine until the jmp protectedMode is executed.

Sep Roland
  • 33,889
  • 7
  • 43
  • 76
Djebbar Abderrahmene
  • 23
  • 6
  • `jmp protectedMode` will have to be a far jump but it should work for now. Also note that `pusha` does **not** save segment registers so if you change for example `ds` in your `printMsg` that will then later break your data accesses so the `lgdt` will not load your GDT. – Jester Jul 01 '23 at 12:13
  • Just wondering about the last line `times 1024-($-$$) db 0 `. In legacy mode 512 bytes are loaded by the BIOS. And I didn't see a BIOS call to load the next 512 bytes to complete 1024 bytes. So you may probably try to access random memory if your code is larger than 512 bytes. This may as well concern your GDT... (Haven't checked it) – zx485 Jul 01 '23 at 12:17
  • 2
    Also the `7f00` section start is suspicious and of course this isn't a [mcve]. – Jester Jul 01 '23 at 12:18
  • 1
    @Jester I have already loaded this piece of code to memory address 0x7f00, so this is not the boot loader I used the boot loader to load this code . – Djebbar Abderrahmene Jul 01 '23 at 12:26
  • 1
    @zx485 and I added `times 1024-($-$$) db 0 ` just to keep track of how much space the code has taken so I don't exceed 1024 bytes – Djebbar Abderrahmene Jul 01 '23 at 12:28
  • Your code switching to PM seems suspicious. You didn't enable the A20 gate, but more importantly, you didn't reload the segment registers. By pure luck, the `jmp $` that's running after the PM switch is a short jump instruction, which has the same opcode in both 16- and 32-bit modes. – DarkAtom Jul 01 '23 at 19:40
  • Also, why exactly did you choose those segment bases and limits? They seem pretty unusual. Are you sure that they are located in [valid memory](https://wiki.osdev.org/Detecting_Memory_(x86))? Are you sure that you have a valid code segment (by their access flags, both seem to be data segments)? – DarkAtom Jul 01 '23 at 19:44
  • @DarkAtom I am using QEMU as an emulator which does enable the A20 for you, and for the segment bases I chose they actually fall within areas of memory that are free to use more specifically the first 14 megabytes. check [memory map](https://wiki.osdev.org/Memory_Map_(x86)) – Djebbar Abderrahmene Jul 02 '23 at 10:08
  • @DarkAtom I am actually pretty sure that I've set the access bytes correctly for the code segment and data segment, but I will double check maybe I made mistake – Djebbar Abderrahmene Jul 02 '23 at 10:11
  • @DjebbarAbderrahmene yes, you are right, I read it wrong. 0x9A is correcf for the code segment, however 0x96 is not for the data segment. It should be 0x92, because why would you want an expand-down data segment? – DarkAtom Jul 02 '23 at 11:37

1 Answers1

2

Following the Protected Mode guide on OSDev, one can see there are 3 steps involved.

  1. Disabling interrupts

You are doing this correctly in your code by using the cli instruction.

  1. Enabling the A20 gate

Due to horrible history, the hardware clears bit 20 of every address when accessing memory. You most likely don't want this, since it means that half of your address space can't be accessed. A full guide on how to disable this behavior is on OSDev, but just for a quick test on QEMU, this should work:

mov ax, 0x2401
int 0x15
  1. Creating and loading the GDT

If you want to switch to 32-bit Protected Mode, you most likely want two segment descriptors to start with: code and data. Since you probably want access to the full 4GB address space, you should specify a 0 base and a 4GB limit for both of them. Therefore, the only bit that will differ between them is the code/data bit:

; Setting Up the GDT
GDT :

times 8 db 0x00

; code segment: base=0; limit=0xFFFFFFFF
; present, non-system, executable, non-conforming, read+exec
dw 0xFFFF  ; limit 1 
dw 0x0000  ; base 1 
db 0x00    ; base 2
db 0x9a    ; access Byte
db 0xcf    ; limit + flags
db 0x00    ; base 3


; data segment: base=0; limit=0xFFFFFFFF
; present, non-system, data segment, expand-up, read+write
dw 0xFFFF  ; limit 1 
dw 0x0000  ; base 1 
db 0x00    ; base 2
db 0x92    ; access Byte 
db 0xcf    ; limit + flags
db 0x00    ; base 3

GDT_Descriptor :
dw GDT_Descriptor - GDT - 1
dd GDT

These segments will allow you to use 32-bit registers like eax to address any memory location up to the 4GB mark.

Finally, make sure that you are actually using these segments (by loading them into the segment registers), or you can cause pure chaos.

Full mode-switching code:

; enable the A20 gate
mov ax, 0x2401
int 0x15

; disable interrupts
cli
 ; we do it after the BIOS call
 ; who knows what sort of buggy BIOS may execute STI and not restore our flags properly

; load the GDT
lgdt [GDT_Descriptor]

; enter protected mode (set bit 0 in cr0)
mov eax, cr0
or eax, 1
mov cr0, eax

; jump to protected mode entry point
jmp 0x08:protectedMode
 ; Here we use an absolute FAR JUMP, which reloads CS
 ; If we don't reload CS, the CPU will continue executing Protected Mode code using the old CS descriptor => chaos
 ; CS=0x08 because that is the offset of the code descriptor in the GDT

; ...

; protected mode entry point
[bits 32]
protectedMode:

; reload the other segment registers with the data descriptor
mov eax, 0x10
mov ds, eax
mov es, eax
mov fs, eax
mov gs, eax

; VERY IMPORTANT: set up the stack
mov ss, eax
mov esp, you_decide_the_place
DarkAtom
  • 2,589
  • 1
  • 11
  • 27
  • it worked I didn't enable the A20 Line because it is already enabled in QEMU, but after I changed the GDT base segments and Limits and reloaded the segment registers it is working just fine, I guess I am sticking with the flat memory module for now . – Djebbar Abderrahmene Jul 02 '23 at 12:43