Chapter Three PMTEST2 source parsing real mode to protection mode to real mode

<span style= "FONT-SIZE:14PX;" > Summary: This section, through code parsing, helps you solve the following problems: What is the difference between protected mode and real mode offset. The protective film is the same as the real mode of the next segment base address is a meaning. Long jump instruction Why jmp 0:entry can change the code of another code snippet in one code snippet. </span>

<span style= "FONT-SIZE:14PX;" >
</span><span style= "Font-size:18px;color: #ff0000;" > A, the general thinking analysis:</span>

<span style= "FONT-SIZE:14PX;" >pmtest2, in fact, the implementation of the actual mode to the protection mode, and then from the protection mode back to real mode, and finally back to DOS. In the beginning, it enters the real mode, then initializes the segment descriptor in real mode, processes the GDT and so on, enters the protection mode, completes some display strings and copies the reading string in the protected mode, and finally passes through a normal section, returns to real mode, and then goes back to the DOS program by interrupting. This process is specific code as follows:</span>

; ==========================================
; Pmtest2.asm; Compiling method: Nasm pmtest2.asm-o pmtest2.com; ==========================================%include "Pm.inc"; constants, macros, and some descriptions of org 0100h jmp label_begin [section. GDT];                                         GDT; Segment base, segment bounds, attributes Label_gdt:descriptor 0, 0, 0; Null descriptor Label_desc_normal:descriptor 0, 0FFFFH, DA_DRW; Normal Descriptor Label_desc_code32:descriptor 0, segcode32len-1, Da_c + da_32; Non-Uniform Code snippet, Label_desc_code16:descriptor 0, 0FFFFH, Da_c; Non-Uniform Code snippet, Label_desc_data:descriptor 0, DataLen-1, DA_DRW; Data Label_desc_stack:descriptor 0, Topofstack, Da_drwa + da_32;            Stack, 32-bit label_desc_test:descriptor 0500000h, 0FFFFH, DA_DRW label_desc_video:descriptor 0b8000h, 0FFFFH, DA_DRW; Memory first address; GDT ends Gdtlen equ $-LABEL_GDT; GDT length gdtptr DW GdtLen-1; GDT limit DD 0; GDT base Site; GDT Select Sub SeLectornormal equ label_desc_normal-label_gdt SelectorCode32 equ label_desc_code32-label_gdt SelectorCode16 equ Labe L_DESC_CODE16-LABEL_GDT selectordata equ label_desc_data-label_gdt selectorstack equ LABEL_DESC_STACK-LABEL_GDT S Electortest equ Label_desc_test-label_gdt selectorvideo equ Label_desc_video-label_gdt; END of [section. GDT] [section. data1]; Data section ALIGN [BITS] label_data:spvalueinrealmode DW 0; String Pmmessage:db "in Protect Mode now. ^-^ ", 0; This string is displayed after entering protected mode offsetpmmessage equ pmmessage-$$ strtest:db "abcdefghijklmnopqrstuvwxyz", 0 offsetstrtest equ StrTest -$$ datalen equ $-label_data; END of [section. Data1]; Global stack segment [section. GS] ALIGN [BITS] label_stack:times 0 topofstack equ $-label_stack-1; END of [section: GS] [section. s16] [BITS] Label_begin:mov ax, CS mov ds, ax mov es, AX mov ss, ax mov sp, 0100 H mov [label_go_back_to_real+3], AX mov [spvalueinrealmode], SP;	Initialize 16-bit code Snippet descriptor movAX, CS movzx eax, ax SHL eax, 4 add eax, LABEL_SEG_CODE16 mov word [Label_desc_code16 + 2], ax shr eax, + mov byte [Label_desc_code16 + 4], AL mov byte [label_desc_code16 + 7], ah; 	Initialize 32-bit code snippet Descriptor xor eax, EAX mov ax, cs shl eax, 4 add eax, LABEL_SEG_CODE32 mov word [label_desc_code32 + 2], ax SHR EAX, MOV byte [Label_desc_code32 + 4], AL mov byte [label_desc_code32 + 7], ah; 	Initialize data segment Descriptor xor eax, EAX mov ax, ds shl eax, 4 add eax, Label_data mov word [label_desc_data + 2], ax shr eax, MOV byte [Label_desc_data + 4], AL mov byte [label_desc_data + 7], ah; Initialize stack segment Descriptor xor eax, EAX mov ax, ds shl eax, 4 add eax, Label_stack mov word [label_desc_stack + 2], ax shr eax, M OV Byte [Label_desc_stack + 4], AL mov byte [label_desc_stack + 7], ah; Prepare for loading GDTR xor eax, eax mov ax, ds shl eax, 4 add eax, LABEL_GDT; EAX <-GDT Base Address mov DWORD [gdtptr + 2], eax; [Gdtptr + 2] <-GDT base site; Load GDTR LGDT [gdtptr]; Off interrupt CLI; Open Address Line A20 IN Al, 92h or Al, 00000010b out 92h, AL; Ready to switch to protected mode mov eax, CR0 or eax, 1 mov cr0, eax; Real access to protected mode in JMP DWORD selectorcode32:0;  Executing this sentence will load the SelectorCode32 into CS and jump to code32selector:0

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Label_real_entry:; Jump back from Protected mode to real mode right here. mov ax, CS mov ds, ax mov es, AX mov ss, ax mov sp, [Spvalueinrealmode] in Al, 92h; ┓and al, 11111101b; ┣ off A20 Address line out 92H, AL; ┛sti; Open Interrupt mov ax, 4c00h; ┓int 21h; ┛ back to DOS; END of [section. s16] [section. S32]; 32-bit code snippet.
Jumped in by real mode.

[BITS 32] Label_seg_code32:mov ax, Selectordata mov ds, ax; Data Segment Selection Sub mov ax, selectortest mov es, ax; Test Segment Select Sub mov ax, selectorvideo mov gs, ax; Video Segment Select Sub mov ax, selectorstack mov ss, ax; Stack Segment Select Sub mov esp, topofstack; The following shows a string mov ah, 0Ch; 0000: Black Bottom 1100: Red Word xor esi, esi xor edi, EDI mov esi, offsetpmmessage; Source data offset mov edi, (80 * 10 + 0) * 2; Destination data offset.
	screen 10th, column No. 0.
CLD. 1:LODSB	Test Al, Al jz. 2 mov [Gs:edi], ax add EDI, 2 jmp. 1.2:; Display complete XCHG bx,bx call Dispreturn call Testread call Testwrite call Testread; To stop jmp selectorcode16:0; ------------------------------------------------------------------------testread:xor esi, ESI mov ecx, 8. Loop:mov A L, [Es:esi] Call Dispal inc ESI-loop call Dispreturn ret; Testread End-----------------------------------------------------------; 	------------------------------------------------------------------------testwrite:push esi push edi xor esi, ESI XOR EDI, EDI mov esi, offsetstrtest; source data offset CLD. 1:LODSB Test Al, Al jz. 2 mov [Es:edi], AL Inc EDI JMP. 1.2:pop edi pop ESI ret; Testwrite End----------------------------------------------------------; ------------------------------------------------------------------------
; Shows the numbers in AL;	In default:;	Numbers already exist in AL; EDI always points to the position of the next character to be displayed;	Changed registers:; AX, EDI; ------------------------------------------------------------------------dispal:push ecx push edx mov ah, 0Ch; 
	0000: Black Bottom 1100: Red character mov dl, Al shr al, 4 mov ecx, 2. Begin:and al, 01111b cmp al, 9 ja. 1 add al, ' 0 ' jmp. 2.1: Sub Al, 0Ah add al, ' A '. 2:mov [Gs:edi], ax add EDI, 2 mov al, DL loop. Begin add EDI, 2 pop edx pop ecx re t; Dispal End-------------------------------------------------------------; ------------------------------------------------------------------------dispreturn:push eax push EBX mov eax, edi mo v BL, eax div BL and, 0FFh inc EAX mov bl, mul BL mov edi, eax pop ebx pop eax ret; Dispreturn End---------------------------------------------------------Segcode32len equ $-label_seg_code32; END of [section. S32]; 16-bit code snippet. Jumped in from a 32-bit code snippet and jumped out into real mode [section. s16code] ALIGN [BITS] Label_seg_code16:; Jump back to Real mode: mov ax, selectornormal mov ds, ax mov es, AX mov fs, AX MOV gs, AX mov ss, ax mov eax, CR0 and Al, 1111111
	0B mov cr0, eax label_go_back_to_real:JMP 0:label_real_entry; The segment address is set to the correct value at the beginning of the program Code16len equ $-label_seg_code16;
 END of [section. S16code]

 
<span style= "FONT-SIZE:14PX;" > <strong><span lang= "en-US" >1.align 32</span> what it means. Why write <span lang= "en-us" >align 32</span>. </strong> A: <span lang= "en-US" >align</span> is a macro that aligns data. Usually <span lang= "en-US" >align</span> objects are <span lang= "en-us" >1</span>, <span lang= "en-US" >4</span>, <span lang= "en-us" >8</span> and so on. Here <span lang= "en-US" >align 32</span> is meaningless, it is only <span lang= "en-US" >32b</span> The address bus width, How to still <span lang= "en-us" >32</span> alignment.

No way. <strong><span lang= "en-us" >2.</span> since we say <span lang= "en-the" >PMMessage</span> is a representation of the segment <span lang= "en-us" >offset</span> so why do we define a variable <span lang= "en" >offsetpmmessage</span > it. </strong> <span lang= "en-us" >$</span>, <span lang= "en-us" >$$</span>, <span lang= "
What are the addresses of en-us ">offsetpmmessage</span>, <span lang=" en-us ">pmmessage</span>. <Span lang= "en-US" >$:</span> the address after which the current line is assembled, is the actual linear address <span lang= "en-us" >$$:</span> a <span lang= The starting place of the "en-us" >section</span> is assembled later address, which is also the actual linear address <span lang= "en-US" >pmmessage:</span> Offset address (relative to the first address of the segment) since <span lang= "en-US" >offset</span> is an offset address, why not directly use <span lang= "en-US" >offset</span
> it. To answer these doubts, let's first look at the section base: Do you notice a problem in the section "Initialization segment descriptor", the register we used to initialize the header address of the segment, are <span lang= "en-US" >cs</span> and < Span lang= "en-US" >ds</span> (actually the two values are equal); In some ways, they are in the same paragraph. However, it belongs to different <span lang= "en-us" >offset</span> corresponding parts, we realize different rights management of different regions through the segment descriptor. Because the program is very small now, we can include all the code and data in the <span lang= "en-US" >20b</span> <span lang= "en" >offset</span>

, so there is no problem with this. Let's look at the changes in protection mode: Originally in real mode, they belong to the same segment, but the last section of the base apparently changed quietly during the initialization of the segment descriptor (all using the <span lang= "en-US" >base*16+offset</ Span&gt, while <span lang= "en-us" >offset</span> is different). OK, then take a look at the true meaning of the "<span lang=" en-US ">pmmessage-$$" </span> <span lang= "en-US" >pmmessage</SPAN> and <span lang= "en-us" >$$</span> both represent <span lang= "en-me" in real mode relative to Subgrade address >offset</span> But later with the Subgrade address drift, <span lang= "en-US" >$$</span> became the first address, so <span lang= "en" >pmmessage</span>

The offsets that correspond to the protected mode naturally change and need to be subtracted from the <span lang= "en-US" >$$</span> corresponding address.

Most of the time, when we are programming, we just need to focus on <span lang= "en-us" >offset</span>. <strong><span lang= What is the difference between "en-us" >3.section</span> and paragraph. The first sentence of the program code snippet, <span lang= "en-US" >mov ax</span>,<span lang= "en-us" >cs</span> corresponding <span lang=
"En-US" >offset</span> will be <span lang= "en-us" >0</span>. </strong><span lang= "en-US" >section</span> and paragraph there is no necessary connection between, generally we are accustomed to a <span lang= "en-our" > Section</span> in a paragraph, but this is user habits, not grammatical requirements-we can put two <span lang= "en-us" >section</span> in the paragraph. <span lang= "en-US" >mov ax</span>,<span lang= "en-US" >cs</span> here, Real mode <span lang= "en-US" >offset</span> generally not equal to <span lang= "en-US" &Gt;0</span> In protected mode, the offset of this sentence is generally <span lang= "en-US" >0.</span> <strong><span lang= "en-US" > 4.</span> here, we need to summarize the principles and techniques of string manipulation based on the printed string section. What are the judging and looping statements in a compilation?

</strong> See assembly language Syntax brief summary. <strong><span lang= "en-US" >5.</span> what is the principle of line wrapping. </strong> is actually by Operation <span lang= "en-us" >edi</span> to achieve, <span lang= "en" >edi=[edi/160]+1< /SPAN> <strong><span lang= The principle of long jump instruction in "en-us" >6.</span> protected mode. <span lang= "en-US" >jmp 0</span>:<span lang= "en-US" >xx</span> is how to jump. </strong> from the instruction structure, the interpretation of the book is very clear-but <span lang= "en-US" >jmp 0</span>:<span lang= "en-US" >xx </span> how the <span lang= "en-US" >0</span> was changed. Because the machine code of the <span lang= "en-us" >jmp</span> instruction was generated when it was compiled, its machine code was changed after it was run. It seems to be a good explanation, but if you think about it, there's something wrong. --How can the contents of the code snippet be changed?

Take a closer look at the code and find the trick-the original code changes occur in real mode, when the fragmentation mechanism has not protected the code. <strong><span lang= "en-US" >7.PMMessage</span> later defined <span lang= "en-US" >dd</span> But the content is more than <span lang= "en-us" &GT;4B&LT;/SPAN&GT; </strong> <span lang= "en-us" >dd</span> or <span lang= "en-us" >db</span&gt, which represents a later unit,
Rather than all the content. For example <span lang= "en-US" >dd 3</span>,<span lang= "en-US" >2</span>,<span lang= "en-US" >4 </span>,<span lang= "en-US" >6</span>,<span lang= "en-us" &GT;5&LT;/SPAN&GT;: this defines <span.

Lang= "en-us" >20</span> bytes. <strong><span lang= "en-us" >8.movzx</span> directives </strong> <span lang= "en-US" >mov eax</ Span>,<span lang= "en-us" >bx</span> is illegal, so to display the high <span lang= "en-US" >0</span> <strong ><span lang= "en-US" >9.</span> <span lang= "en-us" >.</span> with <span lang= "en-US" >	Loop</span> and General <span lang= "en-us" >label</span> What's the difference </strong><span lang= "en-US" > </span> This is the local <span lang= "en-us" >label</span> meaning: <span lang= "en-US" >nasm</span&gtFor those symbols that begin with a period, special handling <span lang= "en-us" >,</span> a <span with a single period lang= "en-US" > </span> < Span lang= "en-us" >Label</span> will be processed at a cost <span lang= "en-us" >label, </span> which means it will follow a non-local <span
Lang= "en-US" >label</span> associated <span lang= "en-US"; </span> such as <span lang= "en-us";: </span> <span lang= "en-us" > </span> <span lang= "en-u S "&GT;LABEL1;
              Some code </span> <span lang= "en-us" > </span> <span lang= "en-US" >.loop </span> <span lang= "en-US" >;     Some more code </span> <span lang= "en-us" > </span> <span lang= "en-US" >jne . Loop </span> <span lang= "en-US" >ret </span> <span lang= "en-US" > </span&gt
      ; <span lang= "en-us" &GT;LABEL2; Some code </span> <span lang= "en-us" > </span> <span lang= "en-US" >.loop </span>
              <span lang= "en-US" >;     Some more code </span> <span lang= "en-us" > </span> <span lang= "en-US" >jne . Loop </span> <span lang= "en-US" >ret </span> <span lang= "en-us" > </span> above Code snippet <span lang= "en-us" >,</span> each <span lang= "en-us" > ' JNE ' </span> instruction jumps to the previous line closer to it < Span lang= "en-us" >,</span> because <span lang= "en-us" > '. Loop ' </span> two definitions through the non-local <span with them lang= " En-US ">Label</span> was separated by the associated. <span lang= "en-us" > </span> <strong><span lang= "en-US" >10.32b</span> data segments and <span Lang = What is the difference between "en-us" >16b</span> data segments. <span lang= "en-Us" >32b</span> stack segment </strong> for stacks, the number of bits will result in a different number of stacks and positions, and there is no difference in data segments; for code Snippets, Will decide whether it is ECS or CS, so you can define a 16b segment on a 32b physical machine, but you can't define 32b segment <strong><span lang= "en-us" on 16b machines >11.</ What is the difference between the Span> protection mode and the real mode segment address. </strong> protected Mode <span lang= "en-US" >32b</Span&gt, without an offset, directly and <span lang= "en-US" >offset</span> Add, Real mode <span lang= "en-us" &GT;16B&LT;/SPAN&GT;

Need to move left four bits and then <span lang= "en-us" >+offset</span>. </span> 
<span style= "FONT-SIZE:14PX;" >
</span>
 
<span style= "FONT-SIZE:14PX;" > Workaround: Adjust the address of the test segment so that its address range is reduced and then initialized like any other segment descriptor. </span>
 
<span style= "FONT-SIZE:14PX;" > Legacy PROBLEM: There is no solution to the test section in the original case, the case is not writable, and finally proved that this is a random problem in the place. </span>