这是对linux0.11内核的setup程序的调试,这里我们主要分析了,从实模式到保护模式的过程。<bochs:1> vb 0x9020:0x0000 这里是setup程序开始执行的地方
<bochs:2> c
(0) Breakpoint 1, 0x90200 (0x9020:0x0)
Next at t=1221602
(0) [0x00090200] 9020:0000 (unk. ctxt): mov ax, 0x9000 ; b80090
<bochs:3> u/10
00090200: ( ): mov ax, 0x9000 ; b80090
00090203: ( ): mov ds, ax ; 8ed8
00090205: ( ): mov ah, 0x3 ; b403
00090207: ( ): xor bh, bh ; 30ff
00090209: ( ): int 0x10 ; cd10
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
<bochs:4> vb 0x9020:0x000b
<bochs:5> c
(0) Breakpoint 2, 0x9020b (0x9020:0xb)
Next at t=1221796
(0) [0x0009020b] 9020:000b (unk. ctxt): mov word ptr ds:0x0, dx ; 89160000
<bochs:6> info r
eax 0x300 768
ecx 0x120607 1181191
edx 0x1100 4352
ebx 0x0 0
esp 0xff00 0xff00
ebp 0x13f 0x13f
esi 0x200 512
edi 0xefdf 61407
eip 0xb 0xb
eflags 0x246 582
cs 0x9020 36896
ss 0x9000 36864
ds 0x9000 36864
es 0x4000 16384
fs 0x0 0
gs 0x0 0
<bochs:7> u /30
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
00090218: ( ): int 0x10 ; cd10
0009021a: ( ): mov word ptr ds:0x4, bx ; 891e0400
0009021e: ( ): mov word ptr ds:0x6, ax ; a30600
00090221: ( ): mov ah, 0x12 ; b412
00090223: ( ): mov bl, 0x10 ; b310
00090225: ( ): int 0x10 ; cd10
00090227: ( ): mov word ptr ds:0x8, ax ; a30800
0009022a: ( ): mov word ptr ds:0xa, bx ; 891e0a00
0009022e: ( ): mov word ptr ds:0xc, cx ; 890e0c00
00090232: ( ): mov ax, 0x0 ; b80000
00090235: ( ): mov ds, ax ; 8ed8
00090237: ( ): lds si, ds:0x104 ; c5360401
0009023b: ( ): mov ax, 0x9000 ; b80090
0009023e: ( ): mov es, ax ; 8ec0
00090240: ( ): mov di, 0x80 ; bf8000
00090243: ( ): mov cx, 0x10 ; b91000
00090246: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
00090248: ( ): mov ax, 0x0 ; b80000
0009024b: ( ): mov ds, ax ; 8ed8
0009024d: ( ): lds si, ds:0x118 ; c5361801
00090251: ( ): mov ax, 0x9000 ; b80090
00090254: ( ): mov es, ax ; 8ec0
00090256: ( ): mov di, 0x90 ; bf9000
00090259: ( ): mov cx, 0x10 ; b91000
0009025c: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
<bochs:8> u /50
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
00090218: ( ): int 0x10 ; cd10
0009021a: ( ): mov word ptr ds:0x4, bx ; 891e0400
0009021e: ( ): mov word ptr ds:0x6, ax ; a30600
00090221: ( ): mov ah, 0x12 ; b412
00090223: ( ): mov bl, 0x10 ; b310
00090225: ( ): int 0x10 ; cd10
00090227: ( ): mov word ptr ds:0x8, ax ; a30800
0009022a: ( ): mov word ptr ds:0xa, bx ; 891e0a00
0009022e: ( ): mov word ptr ds:0xc, cx ; 890e0c00
00090232: ( ): mov ax, 0x0 ; b80000
00090235: ( ): mov ds, ax ; 8ed8
00090237: ( ): lds si, ds:0x104 ; c5360401
0009023b: ( ): mov ax, 0x9000 ; b80090
0009023e: ( ): mov es, ax ; 8ec0
00090240: ( ): mov di, 0x80 ; bf8000
00090243: ( ): mov cx, 0x10 ; b91000
00090246: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
00090248: ( ): mov ax, 0x0 ; b80000
0009024b: ( ): mov ds, ax ; 8ed8
0009024d: ( ): lds si, ds:0x118 ; c5361801
00090251: ( ): mov ax, 0x9000 ; b80090
00090254: ( ): mov es, ax ; 8ec0
00090256: ( ): mov di, 0x90 ; bf9000
00090259: ( ): mov cx, 0x10 ; b91000
0009025c: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
0009025e: ( ): mov ax, 0x1500 ; b80015
00090261: ( ): mov dl, 0x81 ; b281
00090263: ( ): int 0x13 ; cd13
00090265: ( ): jb .+0x26c ; 7205
00090267: ( ): cmp ah, 0x3 ; 80fc03
0009026a: ( ): jz .+0x27c ; 7410
0009026c: ( ): mov ax, 0x9000 ; b80090
0009026f: ( ): mov es, ax ; 8ec0
00090271: ( ): mov di, 0x90 ; bf9000
00090274: ( ): mov cx, 0x10 ; b91000
00090277: ( ): mov ax, 0x0 ; b80000
0009027a: ( ): rep stosb byte ptr es:[di], al ; f3aa
0009027c: ( ): cli ; fa
0009027d: ( ): mov ax, 0x0 ; b80000
00090280: ( ): cld ; fc
00090281: ( ): mov es, ax ; 8ec0
00090283: ( ): add ax, 0x1000 ; 050010
00090286: ( ): cmp ax, 0x9000 ; 3d0090
00090289: ( ): jz .+0x298 ; 740d
0009028b: ( ): mov ds, ax ; 8ed8
<bochs:9> vb 0x9020:0x0298
<bochs:10> c
<bochs:2> c
(0) Breakpoint 1, 0x90298 (0x9020:0x98)
Next at t=1488947
(0) [0x00090298] 9020:0098 (unk. ctxt): mov ax, 0x9020 ; b82090
<bochs:3> u/10
00090298: ( ): mov ax, 0x9020 ; b82090
0009029b: ( ): mov ds, ax ; 8ed8
0009029d: ( ): lidt ds:0x12c ; 0f011e2c01
000902a2: ( ): lgdt ds:0x132 ; 0f01163201
000902a7: ( ): call .+0x309 ; e85f00
000902aa: ( ): mov al, 0xd1 ; b0d1
000902ac: ( ): out 0x64, al ; e664
000902ae: ( ): call .+0x309 ; e85800
000902b1: ( ): mov al, 0xdf ; b0df
000902b3: ( ): out 0x60, al ; e660
<bochs:4> xp /6bx 0x90332
[bochs]:
0x00090332 <bogus+ 0>: 0x00 0x08 0x14 0x03 0x09 0x00
<bochs:5> xp /6hx 0x90332
[bochs]:
0x00090332 <bogus+ 0>: 0x0800 0x0314 0x0009 0x0000 0x0000 0x0000
<bochs:6> dump_cpu //下一步我们查看加载全局描述附表和中断描述符表后寄存器的变化
eax:0x00009000, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000098, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:7> vb 0x9020:0x00aa
<bochs:8> c
(0) Breakpoint 2, 0x902aa (0x9020:0xaa)
Next at t=1488958
(0) [0x000902aa] 9020:00aa (unk. ctxt): mov al, 0xd1 ; b0d1
<bochs:9> dump_cpu
eax:0x00009010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000aa, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800 //我们看到这里已经加载了gdtr的基地址
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:10> xp /8bx 0x90314 //下面我们查看gdtr的前几项内容
[bochs]:
0x00090314 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
<bochs:11> xp /8wx 0x90314
[bochs]:
0x00090314 <bogus+ 0>: 0x00000000 0x00000000 0x000007ff
0x00c09a00
0x00090324 <bogus+ 16>: 0x000007ff 0x00c09200 0x00000000
0x08000000
<bochs:12> u/30
<bochs:13> u/40
<bochs:14> u/50
000902aa: ( ): mov al, 0xd1 ; b0d1
000902ac: ( ): out 0x64, al ; e664
000902ae: ( ): call .+0x309 ; e85800
000902b1: ( ): mov al, 0xdf ; b0df
000902b3: ( ): out 0x60, al ; e660
000902b5: ( ): call .+0x309 ; e85100
000902b8: ( ): mov al, 0x11 ; b011
000902ba: ( ): out 0x20, al ; e620
000902bc: ( ): jmp .+0x2be ; eb00
000902be: ( ): jmp .+0x2c0 ; eb00
000902c0: ( ): out 0xa0, al ; e6a0
000902c2: ( ): jmp .+0x2c4 ; eb00
000902c4: ( ): jmp .+0x2c6 ; eb00
000902c6: ( ): mov al, 0x20 ; b020
000902c8: ( ): out 0x21, al ; e621
000902ca: ( ): jmp .+0x2cc ; eb00
000902cc: ( ): jmp .+0x2ce ; eb00
000902ce: ( ): mov al, 0x28 ; b028
000902d0: ( ): out 0xa1, al ; e6a1
000902d2: ( ): jmp .+0x2d4 ; eb00
000902d4: ( ): jmp .+0x2d6 ; eb00
000902d6: ( ): mov al, 0x4 ; b004
000902d8: ( ): out 0x21, al ; e621
000902da: ( ): jmp .+0x2dc ; eb00
000902dc: ( ): jmp .+0x2de ; eb00
000902de: ( ): mov al, 0x2 ; b002
000902e0: ( ): out 0xa1, al ; e6a1
000902e2: ( ): jmp .+0x2e4 ; eb00
000902e4: ( ): jmp .+0x2e6 ; eb00
000902e6: ( ): mov al, 0x1 ; b001
000902e8: ( ): out 0x21, al ; e621
000902ea: ( ): jmp .+0x2ec ; eb00
000902ec: ( ): jmp .+0x2ee ; eb00
000902ee: ( ): out 0xa1, al ; e6a1
000902f0: ( ): jmp .+0x2f2 ; eb00
000902f2: ( ): jmp .+0x2f4 ; eb00
000902f4: ( ): mov al, 0xff ; b0ff
000902f6: ( ): out 0x21, al ; e621
000902f8: ( ): jmp .+0x2fa ; eb00
000902fa: ( ): jmp .+0x2fc ; eb00
000902fc: ( ): out 0xa1, al ; e6a1
000902fe: ( ): mov ax, 0x1 ; b80100
00090301: ( ): lmsw ax ; 0f01f0
00090304: ( ): jmp far 0008:0000 ; ea00000800
00090309: ( ): jmp .+0x30b ; eb00
0009030b: ( ): jmp .+0x30d ; eb00
0009030d: ( ): in al, 0x64 ; e464
0009030f: ( ): test al, 0x2 ; a802
00090311: ( ): jnz .+0x309 ; 75f6
00090313: ( ): retn ; c3
<bochs:15> dump_cpu
eax:0x00009010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000aa, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:16> vb 0x9020:0x00fe //我们要在这里查看启动保护模式的过程
<bochs:17> c
(0) Breakpoint 3, 0x902fe (0x9020:0xfe)
Next at t=1489011
(0) [0x000902fe] 9020:00fe (unk. ctxt): mov ax, 0x1 ; b80100
<bochs:18> u/10
000902fe: ( ): mov ax, 0x1 ; b80100
00090301: ( ): lmsw ax ; 0f01f0
00090304: ( ): jmp far 0008:0000 ; ea00000800
00090309: ( ): jmp .+0x30b ; eb00
0009030b: ( ): jmp .+0x30d ; eb00
0009030d: ( ): in al, 0x64 ; e464
0009030f: ( ): test al, 0x2 ; a802
00090311: ( ): jnz .+0x309 ; 75f6
00090313: ( ): retn ; c3
00090314: ( ): add byte ptr ds:[bx+si], al ; 0000
<bochs:19> dump_cpu //启动保护模式前的cpu状态
eax:0x000090ff, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000fe, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:20> vb 0x9020:0x0104
<bochs:21> c
(0) Breakpoint 4, 0x90304 (0x9020:0x104)
Next at t=1489013
(0) [0x00090304] 9020:00000104 (unk. ctxt): jmp far 0008:0000 ; ea000008
00
<bochs:22> dump_cpu //启动保护模式后的状态
eax:0x00000001, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000104, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:23> s
Next at t=1489014
(0) [0x00000000] 0008:00000000 (unk. ctxt): mov eax, 0x10 ; b8100000
00
<bochs:24> dump_cpu
eax:0x00000001, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000000, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:25>
<bochs:25> u/10
00000000: ( ): mov eax, 0x10 ; b810000000
00000005: ( ): mov ds, ax ; 8ed8
00000007: ( ): mov es, ax ; 8ec0
00000009: ( ): mov fs, ax ; 8ee0
0000000b: ( ): mov gs, ax ; 8ee8
0000000d: ( ): lss ds:0x182a4 ; 0fb225a4820100
00000014: ( ): call .+0x6f ; e856000000
00000019: ( ): call .+0x9f ; e881000000
0000001e: ( ): mov eax, 0x10 ; b810000000
00000023: ( ): mov ds, ax ; 8ed8
<bochs:26> lb 0x5 //在保护模式下我们可以设置线性地址断点了 哈哈 我们试试:)
<bochs:27> c
(0) Breakpoint 5, 0x5 in ?? ()
Next at t=1489015
(0) [0x00000005] 0008:00000005 (unk. ctxt): mov ds, ax ; 8ed8
<bochs:28> dump_cpu //这里我们清楚的看到了程序的执行过程
eax:0x00000010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000005, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:29>
|