Venturing into protected-mode

Slides:



Advertisements
Similar presentations
Memory Management Unit
Advertisements

O PERATING I N P ROTECTED M ODE Prof.P.C.Patil Department of Computer Engg Matoshri College of Engg.Nasik M ICROPROCESSOR A RCHITECTURE.
Unit 4 Chapter-1 Multitasking. The Task State Segment.
16.317: Microprocessor System Design I
Intel MP.
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Task-Switching How the x86 processor assists with context-switching among multiple program-threads.
Introduction to the Intel x86’s support for “virtual” memory
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.
Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.
Getting Ready to Enter x86 Protected Mode Survival tactics for enabling Protected-Mode with a minimum of supporting infrastructure.
Page-Faults in Linux How can we study the handling of page-fault exceptions?
Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.
Defining protected-mode segment-descriptors An example of a protected-mode bootsector application that draws a message to the video display.
Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.
Deferred segment-loading An exercise on implementing the concept of ‘load-on-demand’ for the program-segments in an ELF executable file.
Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure.
Timeout for some demos An instructive look at how the Linux Operating System sets up system data-structures.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Memory Management (II)
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.
Facilities for x86 debugging Introduction to Pentium features that can assist programmers in their debugging of software.
Task-Switching How the x86 processor assists with context-switching among multiple program-threads.
Setup for VM launch Using ‘vmxwrite’ and ‘vmxread’ for access to state-information in a Virtual Machine Control Structure.
Venturing into 64-bit mode Examining the steps needed to take the processor into IA-32e mode -- and then back out again.
Segment-registers’ hidden bits A look at how segmentation attributes are cached within the CPU’s segment-registers.
A ‘protected-mode’ exploration A look at the steps needed to build segment-descriptors for displaying a message while in protected-mode.
Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.
Our planned VMX demo Implementation-code for our ‘Guest’ VM and ‘Host’ VMM.
8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.
Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
UNIT 2 Memory Management Unit and Segment Description and Paging
Intel
80386DX.
Intel MP (32-bit microprocessor) Designed to overcome the limits of its predecessor while maintaining the software compatibility with the.
Address Translation Mechanism of 80386
Multitasking Mr. Mahendra B. Salunke Asst. Prof. Dept. of Computer Engg., STES SITS, Narhe, Pune-41 STES Sinhgad Institute of Tech. & Science Dept. of.
System Address Registers/Memory Management Registers Four memory management registers are used to specify the locations of data structures which control.
80386DX.
1 i386 Memory Management Professor Ching-Chi Hsu 1998 年 4 月.
Virtual 8086 Mode  The supports execution of one or more 8086, 8088, 80186, or programs in an protected-mode environment.  An 8086.
EFLAG Register of The The only new flag bit is the AC alignment check, used to indicate that the microprocessor has accessed a word at an odd.
Microprocessor system architectures – IA32 tasks Jakub Yaghob.
80386DX. Programming Model The basic programming model consists of the following aspects: – Registers – Instruction Set – Addressing Modes – Data Types.
Segment Descriptor Segments are areas of memory defined by a programmer and can be a code, data or stack segment. In segments need not be all the.
1 Microprocessors CSE Protected Mode Memory Addressing Remember using real mode addressing we were previously able to address 1M Byte of memory.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Information Security - 2. Task Switching Every process has an associated Task State Segment, whose starting point is stored in the Task register. A task.
Memory Management Unit and Segment Description and Paging
Information Security - 2. Descriptor Tables There are two descriptor tables – Global Descriptor Tables – Local Descriptor Tables The global descriptor.
Information Security - 2. Descriptor Tables Descriptors are stored in three tables: – Global descriptor table (GDT) Maintains a list of most segments.
contains 8086 processor and several additional functional chips: –clock generator –2 independent DMA channels –PIC –3 programmable 16-bit.
Microprocessor Architecture
An Interrupt is either a Hardware generated CALL (externally derived from a hardware signal) OR A Software-generated CALL (internally derived from.
Descriptor Table & Register
16.317: Microprocessor System Design I
Microprocessor and Assembly Language
Microprocessor Systems Design I
Microprocessor Systems Design I
x86 segmentation, page tables, and interrupts
System Segment Descriptor
Tutorial 7 MODULE 6.
Operating Modes UQ: State and explain the operating modes of X86 family of processors. Show the mode transition diagram highlighting important features.(10.
REGISTER ORGANIZATION OF 80386
Presentation transcript:

Venturing into protected-mode Exploiting the x86 segment-registers’ hidden segment-descriptor cache to briefly enter and leave protected-mode

The system-segment registers In protected-mode the CPU needs quick access to some important data-structures, such as: Memory-Segment Descriptors Interrupt-Gate Descriptors Call-Gate Descriptors Task-State Descriptors Page-Directory and Page-Table Descriptors Special CPU registers locate these items

GDT and IDT The two most vital system registers for protected-mode execution are: GDTR (Global Descriptor Table Register) IDTR (Interrupt Descriptor Table Register) Each of these is 48-bits wide and contains the base-address and segment-limit for an array of descriptors (the GDT and the IDT) Special instructions allow access to these registers: SGDT/LGDT and SIDT/LIDT

48-bit Register-Format 47 16 15 Segment Base-Address Segment Limit Segment Base-Address Segment Limit 32 bits 16 bits

System Relationships GDTR IDTR Interrupt Descriptor Table descriptor Global Descriptor Table descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor GDTR descriptor descriptor descriptor descriptor IDTR

LDT and TSS For protected-mode multitasking, the CPU needs to access two other data-structures: The current Local Descriptor Table (LDT) The current Task-State Segment (TSS) Again, special registers tell the CPU where to find these data-structures in memory (assuming protected-mode is enabled) And special instructions afford access to them: SLDT/LLDT and STR/LTR

Indirection Registers LDTR and TR are like segment-registers: they have a visible part (16-bits) and a “hidden” descroptor-cache part The programmer-visible portion of these two registers holds a “segment-selector” (i.e., an array-index into the GDT array) The hidden portion is updated from the GDT whenever these register get loaded

System Relationships Task State Segment TR LDTR GDTR Global Descriptor Table descriptor TR descriptor descriptor Local Descriptor Table descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor descriptor LDTR descriptor descriptor GDTR

Reading LDTR and TR The LDTR and TR registers are not able to be accessed while executing in real-mode An “Undefined Opcode” exception (INT-6) will be generated if SLDT or STR opcodes are encountered in a “real-mode” program So to obtain the values in these registers, any bootsector program must temporarily enable protected-mode

Control Register 0 Register CR0 is the 32-bit version of the MSW register (Machine Status Word) It contains the PE-bit (Protection Enabled) when PE=0 the CPU is in real-mode when PE=1 the CPU is in protected-mode P G C D N W A M W P N E E T T S E M M P P E Machine Status Word

Using the LMSW instruction You can use the LMSW instruction to turn on the PE-bit (enables protected-mode) But you cannot use LMSW to turn off PE (i.e., PE was a “sticky bit” in the 80286) The Intel 80386 processor introduced a new name and enlarged size for the MSW Special version of the ‘MOV’ instruction can either enable or disable the PE-bit

How to enter protected-mode ; This instruction-sequence turns on PE-bit mov eax, cr0 bts eax, #0 mov cr0, eax ; Warning: you need to do this with interrupts ; temporarily disabled, since the real-mode ; Interrupt Vector Table won’t work any more

How to leave protected-mode ; This instruction-sequence turns off PE-bit mov eax, cr0 btr eax, #0 mov cr0, eax ; Warning: you need to make sure that all of ; the segment-registers have proper access- ; rights and segment-limits in their caches to ; work correctly when back in real-mode!

Unmodified segment-registers If you can arrange for your program not to change any segment-registers while PE=1 then your code can safely enter and leave protected-mode without creating GDT/IDT This means you will have to have to make sure no interrupts or exceptions can occur while the PE-bit is set for protected-mode Can use cli and sti to control interrupts Avoid exceptions by doing nothing illegal

In-class Exercise The ‘sysregs.s’ bootsector demo-program displays the current value found in the two 48-bit system registers: GDTR and IDTR Your job is to add modifications that demo Modify the ‘sysregs.s’ bootsector program so it will display registers LDTR and TR in addition to displaying GDTR and IDTR Can you enter and leave protected-mode without causing a system “crash”?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.