Presentation is loading. Please wait.

Presentation is loading. Please wait.

Writing Boot Loader with GAS in AT&T X86 Assembly

Similar presentations

Presentation on theme: "Writing Boot Loader with GAS in AT&T X86 Assembly"— Presentation transcript:

1 Writing Boot Loader with GAS in AT&T X86 Assembly
Dennis Chen

2 Outline Introduction Implementation Debugging Techniques Demo
Conceptual Flow Prerequisites Implementation Debugging Techniques Demo

3 Introduction Scope Goal Load file from floppy image of FAT12 format
Execute in real mode No 32-bit addressing No protected mode enabled Goal Use minimal tools available on Linux Require no root privileges Modulize as possible as it can Kept in small footprint (of 512 bytes)

4 Introduction Development Environment Ubuntu 10.10 LTS Vim + xxd
gmake + binutils as, ld, objcopy, objdump gdb

5 Conceptual Flow 1. BIOS finds the bootable disk
2. BIOS loads boot loader: from the first sector (512 bytes) of the disk to logical address 0000:7c00h 3. Jump to the start of boot loader (0000:7c00h) 4. Boot loader loads FAT and root directory in memory 5. Boot loader finds specific name “kernel.bin” by looking up root directory for the first cluster# if it’s available 6. Boot loader loads first cluster of “kernel.bin” in memory e.g., 0050:0000h or 9000:0100h 7. Boot loader queries FAT entry to get the next cluster# Go to step 6 if it’s available; otherwise, go to step 8. 8. Jump to the start of “kernel.bin” in memory

6 Prerequisites X86 Assembly Language Addressing in Real Mode
AT&T Syntax: GAS Intel Syntax: MASM, NASM Addressing in Real Mode X86 Memory Layout Locating Data in Floppy LBA vs. CHS FAT12 Specification Tools Binutils: as, ld, objdump, objcopy Emulator: qemu or bochs Debugger: gdb

7 X86 Assembly Language Examples: AT&T Syntax Intel Syntax mov %ax, %bx
mov $0x1234, %ax movw (%bx), %ax Intel Syntax mov bx, ax mov ax, 1234h mov ax, word ptr [bx]

8 Addressing in Real Mode
Logical Address Syntax: <segment>:<offset> Range: 1 MiB (220) e.g., 0000:7c00h = 07c0:0000h Linear Address Translation from Logical Address <segment> * 16 + <offset> e.g., 9000:0100h = 90100h

9 X86 Memory Layout Low Memory Area (<=1 MiB) Start End 0x00000000
Size Type Description 0x 0x000003FF 1 KiB RAM (SYS) Real Mode IVT (Interrupt Vector Table) 0x 0x000004FF 256 Bytes RAM (BIOS) BDA (BIOS Data Area) 0x 0x00007BFF ~30 KiB RAM Conventional Memory 0x00007C00 0x00007DFF 512 Bytes OS Boot Sector 0x00007E00 0x0007FFFF 480.5 KiB 0x 0x0009FBFF ~120 KiB Conventional Memory (if it exists) 0x0009FC00 0x0009FFFF EBDA (Extended BIOS Data Area) 0x000A0000 0x000AFFFF 64 KiB RAM (VIDEO) Video RAM for VGA Graphics Mode 0x000B0000 0x000B7FFF 32 KiB Video RAM for Monochrome Text Mode 0x000B8000 0x000BFFFF Video RAM for Color Text Mode 0x000C0000 0x000C7FFF ROM (VIDEO) Standard Video ROM 0x000C8000 0x000EFFFF 160 KiB ROM (HW) Mapped Hardware 0x000F0000 0x000FFFFD ~64 KiB ROM (BIOS) BIOS 0x000FFFFE 0x000FFFFF 2 Bytes ROM System Identification (Model/Submodel)

10 Units for Locating Disk Data
LBA Logical Block Addressing CHS Cylinder-Head-Sector Track Track #0 is located at outer most circle Cylinder Same track# spanning platters Head 2 Heads for 3.5” 1.44 Floppy Sector #1 to #63 (26 - 1) Off-by-one defect in BIOS 512 bytes per sector as regularly used Cluster A set of sectors

11 FAT12 Specification Boot Sector Format Root Directory FAT12 Entry

12 Boot Sector Format jmp start (0x003d) start: (0x0040 – 3)
BPB (BIOS Parameter Block) Boot Code End of Boot Sector (0xaa55)

13 Boot Sector Format Byte 0x000~0x002 Byte 0x003~0x03d jmp start
eb xx 90 Short jump with small offset (-128 ~127) Padded with NOP (0x90) e9 xx xx Short jump with offset ( ~ 32767) Byte 0x003~0x03d BPB (BIOS Parameter Block)

14 Boot Sector Format BPB (BIOS Parameter Block) for FAT12 Offset Size
Name Default Value Description 3 jmp start (nop) e9 <offset_16> eb <offset_8> 90 8 BS_OEMName "MSWIN4.1" OEM name (use MSWIN4.1 for compatibility) 11 2 BPB_BytsPerSec 512 Bytes per sector (possible values are 512, 1024, 2048, and 4096) 13 1 BPB_SecPerClus Sectors per cluster (n^2: 1, 2, 4, 8, 16, 32, 64, and 128) 14 BPB_RsvdSecCnt Reserved sector count (1 for FAT12/FAT16, 32 for FAT32) 16 BPB_NumFATs Number of FATs 17 BPB_RootEntCnt 224 Root entry count (512 for FAT16, 0 for FAT32) 19 BPB_TotSec16 2880 Total sectors. 21 BPB_Media 0xf0 0xf0 for removal media, 0xf8 for fixed media (available values: 0xf0 - 0xff) 22 BPB_FATSz16 9 Sectors per FAT (16-bit) for FAT12/FAT16. 0 for FAT32. 24 BPB_SecPerTrk 18 Sectors per track 26 BPB_NumHeads Number of heads (2 for 1.44 MB 3.5-inch floppy) 28 4 BPB_HiddSec Hidden sectors (0 for non-partitioned media) 32 BPB_TotSec32 Total sector (32-bit) (BPB_TotSec32 >= 0x10000 when BPB_TotSec16 == 0) 36 BS_DrvNum Drive number (0x00 for FDD, 0x80 for HDD) 37 BS_Reserved1 Reserved (used by WindowsNT) (= 0) 38 BS_BootSig 0x29 Boot signature (= 0x29) indicating the following 3 fields are present. 39 BS_VolID Any integer number Volume serial number. (It is usually assigned with timestamp.) 43 BS_VolLab “NO NAME “ Volume label (11 bytes = 8 + 3). It's likely to use "NO NAME " by default. 54 BS_FileSysType “FAT12 “ File system type: "FAT12 ", "FAT16 ", or "FAT "

15 Boot Sector Format Byte 0x03e~0x1fd Byte 0x1fe~0x1ff Boot code
Maximum size: 448 bytes Byte 0x1fe~0x1ff Signature for end of boot code 0x55, 0xaa (= 0xaa55)

16 Root Directory 32 bytes per entry Short file name entry
Long file name entry Entry for long file name : 416b e f 00da 6c00 Ak.e.r.n.e....l : 2e e ffff ffff ..b.i.n : 4b45 524e 454c e b355 KERNEL BIN ...U : 253f 253f 0000 b f %?%?...U%?...... Entry for short file name

17 Root Directory Offset Size Description 11 8.3 file name 1
11 8.3 file name 1 Attributes of the file. R (0x01), H (0X02), S (0x04), VOL (0x08), D (0x10), A (0x20) Never be 0x0F, which indicates the long file name entries 12 Reserved for use by Windows NT 13 Creation time in tenths of a second 14 2 Creation time (Hour: 5 bits, Minute: 6 bits, Second: 5 bits) 16 Creation date (Year: 7 bits, Month: 4 bits, Day: 5 bits) 18 Last accessed date, referred to the format of creation date 20 High 16-bit of the first cluster# of this entry (always 0 for FAT12) 22 Last modification time, referred to the format of creation time 24 Last modification date, referred to the format of creation date 26 Low 16-bit of the first cluster# of this entry 28 4 Size of the file in bytes

18 FAT12 Entry Every FAT entry occupies 12 bits of a word (2 bytes)
can be indexed by current cluster# contains the next cluster# or EOC byte offset# = (cluster# - 2) * 3 / 2 even_or_odd = (cluster# - 2) * 3 % 2 FAT Entry (even) = [Byte 0-1] & 0x0fff FAT Entry (odd) = [Byte 1-2] >> 4 1 2 3 4 5 6 7 8 9 A B Byte 0 Byte 1 Byte 2 FAT Entry (even) FAT Entry (odd)

19 FAT12 Entry Value of FAT entry Value Description 0x000 Free cluster
Reserved 0x002 ~ 0xFEF Used cluster, pointing to next cluster 0xFF0 ~ 0xFF5 0xFF6 0xFF7 Bad sector in cluster or reserved cluster 0xFF8 ~ 0xFFF Last cluster in file (EOC)

20 Implementation Boot code bpb.s boot.s console.s disk.s kernel.s
BPB header and trailing signature boot.s Main boot code console.s Utility of Console printing using INT 10h disk.s Utility of disk accessing using INT 13h kernel.s Mock kernel for loading

21 Implementation Script boot.ld kernel.ld SECTIONS { . = 0x7c00;
.text : { .begin = .; bpb.o (.text); boot.o (.text); * (.text); . = .begin + 510; bpb.o (.signature); } SECTIONS { . = 0x0000; .text : { kernel.o (.text) * (.text) }

22 Implementation Generated Targets boot.img boot.bin boot.elf kernel.bin
Bootable disk image boot.bin Bare boot code boot.elf Boot code with ELF header and debug information kernel.bin Bare kernel binary kernel.elf Kernel binary with ELF header and debug information

23 Debugging Techniques INT 10h BIOS call Remote debugging with gdb
Print asciiz string Print character It requires further impl. to output numbers Remote debugging with gdb Turn on debug symbol with -g option for as and ld Edit .gdbinit file: target remote | exec qemu -gdb stdio -fda boot.img symbol-file boot.elf kernel.elf Enter “gdb” at command line

24 Debugging Techniques Launch QEMU directly Launch Bochs directly
Enter “qemu -fda boot.img” at command line Launch Bochs directly Edit bochsrc.txt file: boot: floppy floppya: type=1_44, 1_44=“boot.img”, inserted Enter “bochs” at command line

25 Reference Orange’s一個作業系統的實現 (ISBN 978-986-7309-52-2) 使用开源软件自己动手写操作系统
X86 Memory Map  Disk Manipulation Boot Sector & FAT

Download ppt "Writing Boot Loader with GAS in AT&T X86 Assembly"

Similar presentations

Ads by Google