Presentation is loading. Please wait.

Presentation is loading. Please wait.

Writing Boot Loader with GAS in AT&T X86 Assembly Dennis Chen.

Similar presentations


Presentation on theme: "Writing Boot Loader with GAS in AT&T X86 Assembly Dennis Chen."— Presentation transcript:

1 Writing Boot Loader with GAS in AT&T X86 Assembly Dennis Chen

2 Outline Introduction Introduction Conceptual Flow Conceptual Flow Prerequisites Prerequisites Implementation Implementation Debugging Techniques Debugging Techniques Demo Demo

3 Introduction Scope Scope Load file from floppy image of FAT12 format Load file from floppy image of FAT12 format Execute in real mode Execute in real mode No 32-bit addressing No 32-bit addressing No protected mode enabled No protected mode enabled Goal Goal Use minimal tools available on Linux Use minimal tools available on Linux Require no root privileges Require no root privileges Modulize as possible as it can Modulize as possible as it can Kept in small footprint (of 512 bytes) Kept in small footprint (of 512 bytes)

4 Introduction Development Environment Development Environment Ubuntu LTS Ubuntu LTS Vim + xxd Vim + xxd gmake + binutils gmake + binutils as, ld, objcopy, objdump as, ld, objcopy, objdump gdb gdb

5 Conceptual Flow 1. BIOS finds the bootable disk 1. BIOS finds the bootable disk 2. BIOS loads boot loader: 2. BIOS loads boot loader: from the first sector (512 bytes) of the disk from the first sector (512 bytes) of the disk to logical address 0000:7c00h to logical address 0000:7c00h 3. Jump to the start of boot loader (0000:7c00h) 3. Jump to the start of boot loader (0000:7c00h) 4. Boot loader loads FAT and root directory in memory 4. Boot loader loads FAT and root directory in memory 5. Boot loader finds specific name kernel.bin 5. Boot loader finds specific name kernel.bin by looking up root directory by looking up root directory for the first cluster# if it s available for the first cluster# if it s available 6. Boot loader loads first cluster of kernel.bin in memory 6. Boot loader loads first cluster of kernel.bin in memory e.g., 0050:0000h or 9000:0100h e.g., 0050:0000h or 9000:0100h 7. Boot loader queries FAT entry 7. Boot loader queries FAT entry to get the next cluster# to get the next cluster# Go to step 6 if it s available; otherwise, go to step 8. Go to step 6 if it s available; otherwise, go to step Jump to the start of kernel.bin in memory 8. Jump to the start of kernel.bin in memory e.g., 0050:0000h or 9000:0100h e.g., 0050:0000h or 9000:0100h

6 Prerequisites X86 Assembly Language X86 Assembly Language AT&T Syntax: GAS AT&T Syntax: GAS Intel Syntax: MASM, NASM Intel Syntax: MASM, NASM Addressing in Real Mode Addressing in Real Mode X86 Memory Layout X86 Memory Layout Locating Data in Floppy Locating Data in Floppy LBA vs. CHS LBA vs. CHS FAT12 Specification FAT12 Specification Tools Tools Binutils: as, ld, objdump, objcopy Binutils: as, ld, objdump, objcopy Emulator: qemu or bochs Emulator: qemu or bochs Debugger: gdb Debugger: gdb

7 X86 Assembly Language Examples: Examples: AT&T Syntax AT&T Syntax mov %ax, %bx mov %ax, %bx mov $0x1234, %ax mov $0x1234, %ax movw (%bx), %ax movw (%bx), %ax Intel Syntax Intel Syntax mov bx, ax mov bx, ax mov ax, 1234h mov ax, 1234h mov ax, word ptr [bx] mov ax, word ptr [bx]

8 Addressing in Real Mode Logical Address Logical Address Syntax: : Syntax: : Range: 1 MiB (2 20 ) Range: 1 MiB (2 20 ) e.g., 0000:7c00h = 07c0:0000h e.g., 0000:7c00h = 07c0:0000h Linear Address Linear Address Translation from Logical Address Translation from Logical Address * 16 + * 16 + e.g., 9000:0100h = 90100h e.g., 9000:0100h = 90100h

9 X86 Memory Layout Low Memory Area (<=1 MiB) Low Memory Area (<=1 MiB) StartEnd SizeTypeDescription 0x x000003FF 1 KiBRAM (SYS)Real Mode IVT (Interrupt Vector Table) 0x x000004FF 256 BytesRAM (BIOS)BDA (BIOS Data Area) 0x x00007BFF ~30 KiBRAMConventional Memory 0x00007C000x00007DFF 512 BytesRAM (SYS)OS Boot Sector 0x00007E000x0007FFFF KiBRAMConventional Memory 0x x0009FBFF ~120 KiBRAMConventional Memory (if it exists) 0x0009FC000x0009FFFF 1 KiBRAM (BIOS)EBDA (Extended BIOS Data Area) 0x000A00000x000AFFFF 64 KiBRAM (VIDEO)Video RAM for VGA Graphics Mode 0x000B00000x000B7FFF 32 KiBRAM (VIDEO)Video RAM for Monochrome Text Mode 0x000B80000x000BFFFF 32 KiBRAM (VIDEO)Video RAM for Color Text Mode 0x000C00000x000C7FFF 32 KiBROM (VIDEO)Standard Video ROM 0x000C80000x000EFFFF 160 KiBROM (HW)Mapped Hardware 0x000F00000x000FFFFD ~64 KiBROM (BIOS)BIOS 0x000FFFFE0x000FFFFF 2 BytesROMSystem Identification (Model/Submodel)

10 Units for Locating Disk Data LBA LBA Logical Block Addressing Logical Block Addressing CHS CHS Cylinder-Head-Sector Cylinder-Head-Sector Track Track Track #0 is located at outer most circle Track #0 is located at outer most circle Cylinder Cylinder Same track# spanning platters Same track# spanning platters Head Head 2 Heads for Floppy 2 Heads for Floppy Sector Sector #1 to #63 (26 - 1) #1 to #63 (26 - 1) Off-by-one defect in BIOS Off-by-one defect in BIOS 512 bytes per sector as regularly used 512 bytes per sector as regularly used Cluster Cluster A set of sectors A set of sectors

11 FAT12 Specification Boot Sector Format Boot Sector Format Root Directory Root Directory FAT12 Entry FAT12 Entry Boot Sector FAT #1 FAT #2 Root Directory Data

12 Boot Sector Format jmp start (0x003d) BPB (BIOS Parameter Block) start: (0x0040 – 3) Boot Code End of Boot Sector (0xaa55)

13 Boot Sector Format Byte 0x000~0x002 Byte 0x000~0x002 jmp start jmp start eb xx 90 eb xx 90 Short jump with small offset (-128 ~127) Short jump with small offset (-128 ~127) Padded with NOP (0x90) Padded with NOP (0x90) e9 xx xx e9 xx xx Short jump with offset ( ~ 32767) Short jump with offset ( ~ 32767) Byte 0x003~0x03d Byte 0x003~0x03d BPB (BIOS Parameter Block) BPB (BIOS Parameter Block)

14 Boot Sector Format BPB (BIOS Parameter Block) for FAT12 BPB (BIOS Parameter Block) for FAT12 OffsetSizeNameDefault ValueDescription 03jmp start (nop) e9 eb 90 38BS_OEMName"MSWIN4.1"OEM name (use MSWIN4.1 for compatibility) 112BPB_BytsPerSec512Bytes per sector (possible values are 512, 1024, 2048, and 4096) 131BPB_SecPerClus1Sectors per cluster (n^2: 1, 2, 4, 8, 16, 32, 64, and 128) 142BPB_RsvdSecCnt1Reserved sector count (1 for FAT12/FAT16, 32 for FAT32) 161BPB_NumFATs2Number of FATs 172BPB_RootEntCnt224Root entry count (512 for FAT16, 0 for FAT32) 192BPB_TotSec162880Total sectors. 211BPB_Media0xf00xf0 for removal media, 0xf8 for fixed media (available values: 0xf0 - 0xff) 222BPB_FATSz169Sectors per FAT (16-bit) for FAT12/FAT16. 0 for FAT BPB_SecPerTrk18Sectors per track 262BPB_NumHeads2Number of heads (2 for 1.44 MB 3.5-inch floppy) 284BPB_HiddSec0Hidden sectors (0 for non-partitioned media) 324BPB_TotSec320Total sector (32-bit) (BPB_TotSec32 >= 0x10000 when BPB_TotSec16 == 0) 361BS_DrvNum0Drive number (0x00 for FDD, 0x80 for HDD) 371BS_Reserved10Reserved (used by WindowsNT) (= 0) 381BS_BootSig0x29Boot signature (= 0x29) indicating the following 3 fields are present. 394BS_VolIDAny integer numberVolume serial number. (It is usually assigned with timestamp.) 4311BS_VolLabNO NAME Volume label (11 bytes = 8 + 3). It's likely to use "NO NAME " by default. 548BS_FileSysTypeFAT12 File system type: "FAT12 ", "FAT16 ", or "FAT "

15 Boot Sector Format Byte 0x03e~0x1fd Byte 0x03e~0x1fd Boot code Boot code Maximum size: 448 bytes Maximum size: 448 bytes Byte 0x1fe~0x1ff Byte 0x1fe~0x1ff Signature for end of boot code Signature for end of boot code 0x55, 0xaa (= 0xaa55) 0x55, 0xaa (= 0xaa55)

16 Root Directory 32 bytes per entry 32 bytes per entry Short file name entry Short file name entry Long file name entry Long file name entry : 416b e f 00da 6c00 Ak.e.r.n.e....l : 2e e ffff ffff..b.i.n : 4b45 524e 454c e b355 KERNEL BIN...U : 253f 253f 0000 b f %?%?...U%? Entry for long file name Entry for short file name

17 Root Directory OffsetSizeDescription file name 111Attributes of the file. R (0x01), H (0X02), S (0x04), VOL (0x08), D (0x10), A (0x20) Never be 0x0F, which indicates the long file name entries 121Reserved for use by Windows NT 131Creation time in tenths of a second 142Creation time (Hour: 5 bits, Minute: 6 bits, Second: 5 bits) 162Creation date (Year: 7 bits, Month: 4 bits, Day: 5 bits) 182Last accessed date, referred to the format of creation date 202High 16-bit of the first cluster# of this entry (always 0 for FAT12) 222Last modification time, referred to the format of creation time 242Last modification date, referred to the format of creation date 262Low 16-bit of the first cluster# of this entry 284Size of the file in bytes

18 FAT12 Entry Every FAT entry Every FAT entry occupies 12 bits of a word (2 bytes) occupies 12 bits of a word (2 bytes) can be indexed by current cluster# can be indexed by current cluster# contains the next cluster# or EOC contains the next cluster# or EOC byte offset# = (cluster# - 2) * 3 / 2 byte offset# = (cluster# - 2) * 3 / 2 even_or_odd = (cluster# - 2) * 3 % 2 even_or_odd = (cluster# - 2) * 3 % 2 FAT Entry (even) = [Byte 0-1] & 0x0fff FAT Entry (even) = [Byte 0-1] & 0x0fff FAT Entry (odd) = [Byte 1-2] >> 4 FAT Entry (odd) = [Byte 1-2] >> AB AB Byte 0 Byte 1Byte 2 FAT Entry (even)FAT Entry (odd)

19 FAT12 Entry Value of FAT entry Value of FAT entry ValueDescription 0x000Free cluster 0x001Reserved 0x002 ~ 0xFEFUsed cluster, pointing to next cluster 0xFF0 ~ 0xFF5Reserved 0xFF6Reserved 0xFF7Bad sector in cluster or reserved cluster 0xFF8 ~ 0xFFFLast cluster in file (EOC)

20 Implementation Boot code Boot code bpb.s bpb.s BPB header and trailing signature BPB header and trailing signature boot.s boot.s Main boot code Main boot code console.s console.s Utility of Console printing using INT 10h Utility of Console printing using INT 10h disk.s disk.s Utility of disk accessing using INT 13h Utility of disk accessing using INT 13h kernel.s kernel.s Mock kernel for loading Mock kernel for loading

21 Implementation Script Script boot.ld boot.ld kernel.ld kernel.ld SECTIONS {. = 0x7c00;.text : {.begin =.; bpb.o (.text); boot.o (.text); * (.text);. =.begin + 510; bpb.o (.signature); } SECTIONS {. = 0x0000;.text : { kernel.o (.text) * (.text) }

22 Implementation Generated Targets Generated Targets boot.img boot.img Bootable disk image Bootable disk image boot.bin boot.bin Bare boot code Bare boot code boot.elf boot.elf Boot code with ELF header and debug information Boot code with ELF header and debug information kernel.bin kernel.bin Bare kernel binary Bare kernel binary kernel.elf kernel.elf Kernel binary with ELF header and debug information Kernel binary with ELF header and debug information

23 Debugging Techniques INT 10h BIOS call INT 10h BIOS call Print asciiz string Print asciiz string Print character Print character It requires further impl. to output numbers It requires further impl. to output numbers Remote debugging with gdb Remote debugging with gdb Turn on debug symbol with -g option for as and ld Turn on debug symbol with -g option for as and ld Edit.gdbinit file: Edit.gdbinit file: target remote | exec qemu -gdb stdio -fda boot.img target remote | exec qemu -gdb stdio -fda boot.img symbol-file boot.elf kernel.elf symbol-file boot.elf kernel.elf Enter gdb at command line Enter gdb at command line

24 Debugging Techniques Launch QEMU directly Launch QEMU directly Enter qemu -fda boot.img at command line Enter qemu -fda boot.img at command line Launch Bochs directly Launch Bochs directly Edit bochsrc.txt file: Edit bochsrc.txt file: boot: floppy boot: floppy floppya: type=1_44, 1_44= boot.img, inserted floppya: type=1_44, 1_44= boot.img, inserted Enter bochs at command line Enter bochs at command line

25 Reference Orange s (ISBN ) Orange s (ISBN ) X86 Memory Map X86 Memory Map Disk Manipulation Disk Manipulation Boot Sector & FAT Boot Sector & FAT


Download ppt "Writing Boot Loader with GAS in AT&T X86 Assembly Dennis Chen."

Similar presentations


Ads by Google