这是对linux内核0.11版的bootsect部分代码的调试过程。理解内核的启功过程。E:\linux_boch\linux-0.11>"C:\Program Files\Bochs-2.2.pre4\bochsdbg" -q -f bochsr
c-hd.bxrc
00000000000i[APIC?] local apic in initializing
========================================================================
Bochs x86 Emulator 2.2.pre4
Build from CVS snapshot on May 15th, 2005
========================================================================
00000000000i[ ] reading configuration from bochsrc-hd.bxrc
00000000000i[ ] WARNING: syntax has changed, please use 'vgaromimage: file=.
..' now
00000000000e[ ] bochsrc-hd.bxrc: unknown parameter for parport1 ignored.
00000000000i[ ] installing win32 module as the Bochs GUI
00000000000i[ ] Warning: no rc file specified.
00000000000i[ ] using log file bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0
<bochs:1> info r
eax 0x0 0
ecx 0x0 0
edx 0x683 1667
ebx 0x0 0
esp 0x0 0x0
ebp 0x0 0x0
esi 0x0 0
edi 0x0 0
eip 0xfff0 0xfff0
eflags 0x2 2
cs 0xf000 61440
ss 0x0 0
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
<bochs:2> pb 0x7c00 //机器启动后首先从物理地址0x7c00开始执行bootsect程序 也可设置虚拟断点 vb 0x0000:0x7c00
<bochs:3> c
(0) Breakpoint 1, 0x7c00 in ?? ()
Next at t=975716
(0) [0x00007c00] 0000:7c00 (unk. ctxt): mov ax, 0x7c0 ; b8c007
<bochs:4> u /10
00007c00: ( ): mov ax, 0x7c0 ; b8c007
00007c03: ( ): mov ds, ax ; 8ed8
00007c05: ( ): mov ax, 0x9000 ; b80090
00007c08: ( ): mov es, ax ; 8ec0
00007c0a: ( ): mov cx, 0x100 ; b90001
00007c0d: ( ): sub si, si ; 29f6
00007c0f: ( ): sub di, di ; 29ff
00007c11: ( ): rep movsw word ptr es:[di], word ptr ds:[si] ;
f3a5
00007c13: ( ): jmp far 9000:0018 ; ea18000090
00007c18: ( ): mov ax, cs ; 8cc8
<bochs:5> info r
eax 0xaa55 43605
ecx 0x120001 1179649
edx 0x0 0
ebx 0x0 0
esp 0xfffe 0xfffe
ebp 0x0 0x0
esi 0x733f 29503
edi 0xffde 65502
eip 0x7c00 0x7c00 //偏移地址
eflags 0x282 642
cs 0x0 0 //开始执行时cs 0x0
ss 0x0 0
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
<bochs:6>
<bochs:6> s //s 执行指令,默认执行一条指令
Next at t=975717
(0) [0x00007c03] 0000:7c03 (unk. ctxt): mov ds, ax ; 8ed8
<bochs:7> s 5 //连续执行五条指令
Next at t=975722
(0) [0x00007c0f] 0000:7c0f (unk. ctxt): sub di, di ; 29ff
<bochs:8> u /10
00007c0f: ( ): sub di, di ; 29ff
00007c11: ( ): rep movsw word ptr es:[di], word ptr ds:[si] ;
f3a5
00007c13: ( ): jmp far 9000:0018 ; ea18000090
00007c18: ( ): mov ax, cs ; 8cc8
00007c1a: ( ): mov ds, ax ; 8ed8
00007c1c: ( ): mov es, ax ; 8ec0
00007c1e: ( ): mov ss, ax ; 8ed0
00007c20: ( ): mov sp, 0xff00 ; bc00ff
00007c23: ( ): mov dx, 0x0 ; ba0000
00007c26: ( ): mov cx, 0x2 ; b90200
<bochs:9> s 3
Next at t=975725
(0) [0x00007c11] 0000:7c11 (unk. ctxt): rep movsw word ptr es:[di], word ptr ds:
[si] ; f3a5
<bochs:10> s 3 //可见s指令跟踪程序执行的每一条指令 这里进入循环
Next at t=975728
(0) [0x00007c11] 0000:7c11 (unk. ctxt): rep movsw word ptr es:[di], word ptr ds:
[si] ; f3a5
<bochs:11> vb 0x0000:0x7c13
<bochs:12> c
(0) Breakpoint 2, 0x7c13 (0x0:0x7c13)
Next at t=975979
(0) [0x00007c13] 0000:7c13 (unk. ctxt): jmp far 9000:0018 ; ea18000090
<bochs:13> vb 0x9000:0x0018 //bootsect把自己移到0x9000开始的地方后调转到这里继续执行
<bochs:14> c
(0) Breakpoint 3, 0x90018 (0x9000:0x18)
Next at t=975980
(0) [0x00090018] 9000:0018 (unk. ctxt): mov ax, cs ; 8cc8
<bochs:15>
<bochs:1> vb 0x9000:0x0018
<bochs:2> c
(0) Breakpoint 1, 0x90018 (0x9000:0x18)
Next at t=975980
(0) [0x00090018] 9000:0018 (unk. ctxt): mov ax, cs ; 8cc8
<bochs:3> u/20
00090018: ( ): mov ax, cs ; 8cc8
0009001a: ( ): mov ds, ax ; 8ed8
0009001c: ( ): mov es, ax ; 8ec0
0009001e: ( ): mov ss, ax ; 8ed0
00090020: ( ): mov sp, 0xff00 ; bc00ff
00090023: ( ): mov dx, 0x0 ; ba0000
00090026: ( ): mov cx, 0x2 ; b90200
00090029: ( ): mov bx, 0x200 ; bb0002
0009002c: ( ): mov ax, 0x204 ; b80402
0009002f: ( ): int 0x13 ; cd13
00090031: ( ): jnb .+0x3d ; 730a
00090033: ( ): mov dx, 0x0 ; ba0000
00090036: ( ): mov ax, 0x0 ; b80000
00090039: ( ): int 0x13 ; cd13
0009003b: ( ): jmp .+0x23 ; ebe6
0009003d: ( ): mov dl, 0x0 ; b200
0009003f: ( ): mov ax, 0x800 ; b80008
00090042: ( ): int 0x13 ; cd13
00090044: ( ): mov ch, 0x0 ; b500
00090046: ( ): mov word ptr cs:0x13d, cx ; 2e890e3d01
<bochs:4> vb 0x9000:0x002f
<bochs:5> c //这里我们跟踪一下中断调用时栈的操作
(0) Breakpoint 2, 0x9002f (0x9000:0x2f)
Next at t=975989
(0) [0x0009002f] 9000:002f (unk. ctxt): int 0x13 ; cd13
<bochs:6> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000ff00, esi:0x00000200, edi:0x00000200 //堆栈地址0x9000:ff00
eip:0x0000002f, eflags:0x00000246, inhibit_mask:0
cs:s=0x9000, dl=0x0000ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:7> s
Next at t=975990
(0) [0x000fe3fe] f000:e3fe (unk. ctxt): jmp .+0x96dc ; e9dbb2
<bochs:8> u10
0000000a: ( ): add al, dh ; 00f0
<bochs:9> u/10
000fe3fe: ( ): jmp .+0x96dc ; e9dbb2
000fe401: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe403: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe405: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe407: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe409: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40b: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40d: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40f: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe411: ( ): add byte ptr ds:[bx+si], al ; 0000
<bochs:10> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x0000e3fe, eflags:0x00000046, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:11> xp /6bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
<bochs:12> xp /12bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
0x0009ff08 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:13> xp /12bx 0x9fefa
[bochs]:
0x0009fefa <bogus+ 0>: 0x31 0x00 0x00 0x90 0x46 0x02 //堆栈中的内容ip值0x0031 cs值0x9000 另外一个值不知道是什么
0x00 0x00
0x0009ff02 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:14> s
Next at t=975991
(0) [0x000f96dc] f000:96dc (unk. ctxt): cmp ah, 0x4a ; 80fc4a
<bochs:15> xp /6bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
<bochs:16> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096dc, eflags:0x00000046, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:17> u/10
000f96dc: ( ): cmp ah, 0x4a ; 80fc4a
000f96df: ( ): jb .+0x96f1 ; 7210
000f96e1: ( ): cmp ah, 0x4d ; 80fc4d
000f96e4: ( ): jnbe .+0x96f1 ; 770b
000f96e6: ( ): pusha ; 60
000f96e7: ( ): push es ; 06
000f96e8: ( ): push ds ; 1e
000f96e9: ( ): push ss ; 16
000f96ea: ( ): pop ds ; 1f
000f96eb: ( ): push 0x9759 ; 685997
<bochs:18> s
Next at t=975992
(0) [0x000f96df] f000:96df (unk. ctxt): jb .+0x96f1 ; 7210
<bochs:19> u /15
000f96df: ( ): jb .+0x96f1 ; 7210
000f96e1: ( ): cmp ah, 0x4d ; 80fc4d
000f96e4: ( ): jnbe .+0x96f1 ; 770b
000f96e6: ( ): pusha ; 60
000f96e7: ( ): push es ; 06
000f96e8: ( ): push ds ; 1e
000f96e9: ( ): push ss ; 16
000f96ea: ( ): pop ds ; 1f
000f96eb: ( ): push 0x9759 ; 685997
000f96ee: ( ): jmp .+0x7038 ; e947d9
000f96f1: ( ): push ax ; 50
000f96f2: ( ): push bx ; 53
000f96f3: ( ): push cx ; 51
000f96f4: ( ): push dx ; 52
000f96f5: ( ): call .+0x2dfe ; e80697
<bochs:20> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096df, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:21> s
done
<bochs:21> s
Next at t=975993
(0) [0x000f96f1] f000:96f1 (unk. ctxt): push ax ; 50
<bochs:22> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096f1, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:23> s //查看堆栈栈顶是否是ax的内容 这里的对栈是以2字节增加
Next at t=975994
(0) [0x000f96f2] f000:96f2 (unk. ctxt): push bx ; 53
<bochs:24> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fef8, esi:0x00000200, edi:0x00000200
eip:0x000096f2, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:25> u/20
000f96f2: ( ): push bx ; 53
000f96f3: ( ): push cx ; 51
000f96f4: ( ): push dx ; 52
000f96f5: ( ): call .+0x2dfe ; e80697
000f96f8: ( ): cmp al, 0x0 ; 3c00
000f96fa: ( ): jz .+0x9727 ; 742b
000f96fc: ( ): call .+0x2e25 ; e82697
000f96ff: ( ): pop dx ; 5a
000f9700: ( ): push dx ; 52
000f9701: ( ): cmp al, dl ; 38d0
000f9703: ( ): jnz .+0x9714 ; 750f
000f9705: ( ): pop dx ; 5a
000f9706: ( ): pop cx ; 59
000f9707: ( ): pop bx ; 5b
000f9708: ( ): pop ax ; 58
000f9709: ( ): pusha ; 60
000f970a: ( ): push es ; 06
000f970b: ( ): push ds ; 1e
000f970c: ( ): push ss ; 16
000f970d: ( ): pop ds ; 1f
<bochs:26> xp /12bx 0x9faf8
[bochs]:
0x0009faf8 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
0x0009fb00 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:27> xp /12bx 0x9fef8
[bochs]:
<bochs:27> xp /12bx 0x9fef8
[bochs]:
0x0009fef8 <bogus+ 0>: 0x04 0x02 0x31 0x00 0x00 0x90
0x46 0x02
0x0009ff00 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:28>
bootsect.s程序的完成的主要功能:
1。首先把自己从0x0000:0x7c00 移到0x9000:0000开始的地方
2。从设备上加载接着的4个扇区到0x90200开始的地方
3。从设备上加载系统模块到0x10000开始的地方(这个根据内核的大小加载一定扇区数)
|