1 / 25

Writing Boot Loader with GAS in AT&T X86 Assembly

Writing Boot Loader with GAS in AT&T X86 Assembly. Dennis Chen. Outline. Introduction Conceptual Flow Prerequisites Implementation Debugging Techniques Demo. Introduction. Scope Load file from floppy image of FAT12 format Execute in real mode No 32-bit addressing

kiri
Télécharger la présentation

Writing Boot Loader with GAS in AT&T X86 Assembly

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Writing Boot Loader with GAS in AT&T X86 Assembly Dennis Chen

  2. Outline • Introduction • Conceptual Flow • Prerequisites • Implementation • Debugging Techniques • Demo

  3. Introduction • Scope • Load file from floppy image of FAT12 format • Execute in real mode • No 32-bit addressing • No protected mode enabled • Goal • Use minimal tools available on Linux • Require no root privileges • Modulize as possible as it can • Kept in small footprint (of 512 bytes)

  4. Introduction • Development Environment • Ubuntu 10.10 LTS • Vim + xxd • gmake + binutils • as, ld, objcopy, objdump • gdb

  5. Conceptual Flow • 1. BIOS finds the bootable disk • 2. BIOS loads boot loader: • from the first sector (512 bytes) of the disk • to logical address 0000:7c00h • 3. Jump to the start of boot loader (0000:7c00h) • 4. Boot loader loads FAT and root directory in memory • 5. Boot loader finds specific name “kernel.bin” • by looking up root directory • for the first cluster# if it’s available • 6. Boot loader loads first cluster of “kernel.bin” in memory • e.g., 0050:0000h or 9000:0100h • 7. Boot loader queries FAT entry • to get the next cluster# • Go to step 6 if it’s available; otherwise, go to step 8. • 8. Jump to the start of “kernel.bin” in memory • e.g., 0050:0000h or 9000:0100h

  6. Prerequisites • X86 Assembly Language • AT&T Syntax: GAS • Intel Syntax: MASM, NASM • Addressing in Real Mode • X86 Memory Layout • Locating Data in Floppy • LBA vs. CHS • FAT12 Specification • Tools • Binutils: as, ld, objdump, objcopy • Emulator: qemu or bochs • Debugger: gdb

  7. X86 Assembly Language • Examples: • AT&T Syntax • mov %ax, %bx • mov $0x1234, %ax • movw (%bx), %ax • Intel Syntax • mov bx, ax • mov ax, 1234h • mov ax, word ptr [bx]

  8. Addressing in Real Mode • Logical Address • Syntax: <segment>:<offset> • Range: 1 MiB (220) • e.g., 0000:7c00h = 07c0:0000h • Linear Address • Translation from Logical Address • <segment> * 16 + <offset> • e.g., 9000:0100h = 90100h

  9. Low Memory Area (<=1 MiB) X86 Memory Layout

  10. Units for Locating Disk Data • LBA • Logical Block Addressing • CHS • Cylinder-Head-Sector • Track • Track #0 is located at outer most circle • Cylinder • Same track# spanning platters • Head • 2 Heads for 3.5” 1.44 Floppy • Sector • #1 to #63 (26 - 1) • Off-by-one defect in BIOS • 512 bytes per sector as regularly used • Cluster • A set of sectors

  11. FAT12 Specification • Boot Sector Format • Root Directory • FAT12 Entry Boot Sector FAT #1 FAT #2 Root Directory Data

  12. Boot Sector Format jmp start (0x003d) start: (0x0040 – 3) BPB (BIOS Parameter Block) Boot Code End of Boot Sector (0xaa55)

  13. Boot Sector Format • Byte 0x000~0x002 • jmp start • eb xx 90 • Short jump with small offset (-128 ~127) • Padded with NOP (0x90) • e9 xx xx • Short jump with offset (-32768 ~ 32767) • Byte 0x003~0x03d • BPB (BIOS Parameter Block)

  14. Boot Sector Format • BPB (BIOS Parameter Block) for FAT12

  15. Boot Sector Format • Byte 0x03e~0x1fd • Boot code • Maximum size: 448 bytes • Byte 0x1fe~0x1ff • Signature for end of boot code • 0x55, 0xaa (= 0xaa55)

  16. Root Directory • 32 bytes per entry • Short file name entry • Long file name entry Entry for long file name 0002600: 416b 0065 0072 006e 0065 000f 00da 6c00 Ak.e.r.n.e....l.0002610: 2e00 6200 6900 6e00 0000 0000 ffff ffff ..b.i.n......... 0002620: 4b45 524e 454c 2020 4249 4e20 1800 b355 KERNEL BIN ...U 0002630: 253f 253f 0000 b355 253f 0200 8504 0000 %?%?...U%?...... Entry for short file name

  17. Root Directory

  18. FAT12 Entry • Every FAT entry • occupies 12 bits of a word (2 bytes) • can be indexed by current cluster# • contains the next cluster# or EOC • byte offset# = (cluster# - 2) * 3 / 2 • even_or_odd = (cluster# - 2) * 3 % 2 • FAT Entry (even) = [Byte 0-1] & 0x0fff • FAT Entry (odd) = [Byte 1-2] >> 4 Byte 1 Byte 2 Byte 0 0 8 4 1 9 5 2 A 6 3 B 7 4 0 8 5 1 9 6 2 A 7 3 B FAT Entry (even) FAT Entry (odd)

  19. FAT12 Entry Value of FAT entry

  20. Implementation • Boot code • bpb.s • BPB header and trailing signature • boot.s • Main boot code • console.s • Utility of Console printing using INT 10h • disk.s • Utility of disk accessing using INT 13h • kernel.s • Mock kernel for loading

  21. Implementation • SECTIONS { • . = 0x7c00; • .text : { • .begin = .; • bpb.o (.text); • boot.o (.text); • * (.text); • . = .begin + 510; • bpb.o (.signature); • } • } • SECTIONS { • . = 0x0000; • .text : { • kernel.o (.text) • * (.text) • } • } • Script • boot.ld • kernel.ld

  22. Implementation • Generated Targets • boot.img • Bootable disk image • boot.bin • Bare boot code • boot.elf • Boot code with ELF header and debug information • kernel.bin • Bare kernel binary • kernel.elf • Kernel binary with ELF header and debug information

  23. Debugging Techniques • INT 10h BIOS call • Print asciiz string • Print character • It requires further impl. to output numbers • Remote debugging with gdb • Turn on debug symbol with -g option for as and ld • Edit .gdbinit file: • target remote | exec qemu -gdbstdio -fdaboot.img • symbol-file boot.elfkernel.elf • Enter “gdb” at command line

  24. Debugging Techniques • Launch QEMU directly • Enter “qemu -fda boot.img” at command line • Launch Bochs directly • Edit bochsrc.txt file: • boot: floppy • floppya: type=1_44, 1_44=“boot.img”, inserted • Enter “bochs” at command line

  25. Reference • Orange’s一個作業系統的實現 (ISBN 978-986-7309-52-2) • 使用开源软件自己动手写操作系统 • http://code.google.com/p/writeos/downloads/list • X86 Memory Map • http://wiki.osdev.org/Memory_Map_(x86) • Disk Manipulation • http://en.wikipedia.org/wiki/INT_13H • http://zh.wikipedia.org/wiki/LBA • http://en.wikipedia.org/wiki/Cylinder-head-sector • Boot Sector & FAT • http://wiki.osdev.org/MBR • http://wiki.osdev.org/FAT • http://en.wikipedia.org/wiki/File_Allocation_Table • http://www.microsoft.com/whdc/system/platform/firmware/fatgen.mspx

More Related