Subject: Re: memtest86 in bochs
To: David Laight <david@l8s.co.uk>
From: Ben Collver <collver1@comcast.net>
List: port-i386
Date: 01/05/2004 06:56:32
On Sun, Jan 04, 2004 at 11:14:56PM +0000, David Laight wrote:
> > There already is a '.code 16' in query_pcbios() at line 688 of head.S, and
> > there are no calls and no '.code 32' before the odd behavior I see at line
> > 730.
>
> The trace on your post to the bochs list does show 16bit code.
> Can you single-step any other instructions?
>
> Maybe the code is continuing from 0:0 after the breakpoint...
Yes, I can single-step other instructions. I said earlier that IP is set
to 0 at the "xor EAX, EAX" instruction. From single-stepping this morning
it looks like it is actually happening at the "mov [DS:0000], EAX"
instruction. Perhaps it is indeterminate.
It is hard for me to believe the code is supposed to continue at 0:0
because that range of memory is all zeroed out.
Thank you for the help,
Ben
--
A hacker does for love what others would not do for money.
> b 0x2626
> c
(0) Breakpoint 6, 0x2626 in ?? ()
(0) [0x00002626] 0010:00002626 (unk. ctxt): jmp 0020:0000062d ; ea2d0600002000
> s
(0) [0x0000262d] 0020:062d (unk. ctxt): mov EAX, CR0 ; 0f20c0
# Above is the first instruction in 16-bit mode.
> disassemble 0x262d 0x2670
0000262d: mov EAX, CR0 ; 0f20c0
00002630: and EAX, 7ffffffe ; 6625feffff7f
00002636: mov CR0, EAX ; 0f22c0
00002639: jmp DS:0750 ; ff2e5007
0000263d: mov AX, CS ; 8cc8
0000263f: mov DS, AX ; 8ed8
00002641: mov ES, AX ; 8ec0
00002643: mov FS, AX ; 8ee0
00002645: mov GS, AX ; 8ee8
00002647: mov SS, AX ; 8ed0
00002649: mov EAX, ECX ; 6689c8
0000264c: shr EAX, 04 ; 66c1e804
00002650: mov SS, AX ; 8ed0
00002652: sub ESP, ECX ; 6629cc
00002655: push EBX ; 6653
00002657: shr EDI, 04 ; 66c1ef04
0000265b: mov DS, DI ; 8edf
0000265d: sti ; fb
0000265e: xor EAX, EAX ; 6631c0
00002661: mov [DS:0000], EAX ; 66a30000
00002665: mov [DS:0004], EAX ; 66a30400
00002669: mov [DS:0008], EAX ; 66a30800
0000266d: xor EBX, EBX ; 6631db
> s
(0) [0x00002630] 0020:0630 (unk. ctxt): and EAX, 7ffffffe ; 6625feffff7f
> s
(0) [0x00002636] 0020:0636 (unk. ctxt): mov CR0, EAX ; 0f22c0
> s
(0) [0x00002639] 0020:0639 (unk. ctxt): jmp DS:0750 ; ff2e5007
> s
(0) [0x0000263d] 0200:063d (unk. ctxt): mov AX, CS ; 8cc8
> s
(0) [0x0000263f] 0200:063f (unk. ctxt): mov DS, AX ; 8ed8
> s
(0) [0x00002641] 0200:0641 (unk. ctxt): mov ES, AX ; 8ec0
> s
(0) [0x00002643] 0200:0643 (unk. ctxt): mov FS, AX ; 8ee0
> s
(0) [0x00002645] 0200:0645 (unk. ctxt): mov GS, AX ; 8ee8
> s
(0) [0x00002647] 0200:0647 (unk. ctxt): mov SS, AX ; 8ed0
> s
(0) [0x00002649] 0200:0649 (unk. ctxt): mov EAX, ECX ; 6689c8
> s
(0) [0x0000264c] 0200:064c (unk. ctxt): shr EAX, 04 ; 66c1e804
> s
(0) [0x00002650] 0200:0650 (unk. ctxt): mov SS, AX ; 8ed0
> s
(0) [0x00002652] 0200:0652 (unk. ctxt): sub ESP, ECX ; 6629cc
> s
(0) [0x00002655] 0200:0655 (unk. ctxt): push EBX ; 6653
> s
(0) [0x00002657] 0200:0657 (unk. ctxt): shr EDI, 04 ; 66c1ef04
> s
(0) [0x0000265b] 0200:065b (unk. ctxt): mov DS, DI ; 8edf
> s
(0) [0x0000265d] 0200:065d (unk. ctxt): sti ; fb
> s
(0) [0x0000265e] 0200:065e (unk. ctxt): xor EAX, EAX ; 6631c0
> info registers
eax 0x132a 4906
ecx 0x132a0 78496
edx 0x0 0
ebx 0x13110 78096
esp 0xfb8 0xfb8
ebp 0x1c3 0x1c3
esi 0x2000 8192
edi 0x1203 4611
eip 0x65e 0x65e
eflags 0x206 518
cs 0x200 512
ss 0x132a 4906
ds 0x1203 4611
es 0x200 512
fs 0x200 512
gs 0x200 512
> s
(0) [0x00002661] 0200:0661 (unk. ctxt): mov [DS:0000], EAX ; 66a30000
> info registers
eax 0x0 0
ecx 0x132a0 78496
edx 0x0 0
ebx 0x13110 78096
esp 0xfb8 0xfb8
ebp 0x1c3 0x1c3
esi 0x2000 8192
edi 0x1203 4611
eip 0x661 0x661
eflags 0x206 518
cs 0x200 512
ss 0x132a 4906
ds 0x1203 4611
es 0x200 512
fs 0x200 512
gs 0x200 512
# notice that eax is zeroed out here, and eip is not.
> s
(0) [0x00000002] 0000:0002 (unk. ctxt): add DS:[BX+SI], AL ; 0000
> info registers
eax 0x0 0
ecx 0x132a0 78496
edx 0x0 0
ebx 0x13110 78096
esp 0xfb2 0xfb2
ebp 0x1c3 0x1c3
esi 0x2000 8192
edi 0x1203 4611
eip 0x2 0x2
eflags 0x46 70
cs 0x0 0
ss 0x132a 4906
ds 0x1203 4611
es 0x200 512
fs 0x200 512
gs 0x200 512
# but here eip is set to 2, and ds is not set to zero
> x /64wx 0x0
[bochs]:
0x0 <bogus+0>: 0x00000000 0x00000000 0x00000000 0x00000000
0x10 <bogus+16>: 0x00000000 0x00000000 0x00000000 0x00000000
0x20 <bogus+32>: 0x00000000 0x00000000 0x00000000 0x00000000
0x30 <bogus+48>: 0x00000000 0x00000000 0x00000000 0x00000000
0x40 <bogus+64>: 0x00000000 0x00000000 0x00000000 0x00000000
0x50 <bogus+80>: 0x00000000 0x00000000 0x00000000 0x00000000
0x60 <bogus+96>: 0x00000000 0x00000000 0x00000000 0x00000000
0x70 <bogus+112>: 0x00000000 0x00000000 0x00000000 0x00000000
0x80 <bogus+128>: 0x00000000 0x00000000 0x00000000 0x00000000
0x90 <bogus+144>: 0x00000000 0x00000000 0x00000000 0x00000000
0xa0 <bogus+160>: 0x00000000 0x00000000 0x00000000 0x00000000
0xb0 <bogus+176>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc0 <bogus+192>: 0x00000000 0x00000000 0x00000000 0x00000000
0xd0 <bogus+208>: 0x00000000 0x00000000 0x00000000 0x00000000
0xe0 <bogus+224>: 0x00000000 0x00000000 0x00000000 0x00000000
0xf0 <bogus+240>: 0x00000000 0x00000000 0x00000000 0x00000000