boot.s
|
| boot.s is loaded at 0x7c00 by the bios-startup routines, and moves itself
| out of the way to address 0x90000, and jumps there.
|
| It then loads the system at 0x10000, using BIOS interrupts. Thereafter
| it disables all interrupts, moves the system down to 0x0000, changes
| to protected mode, and calls the start of system. System then must
| RE-initialize the protected mode in it's own tables, and enable
| interrupts as needed.
|
| NOTE! currently system is at most 8*65536 bytes long. This should be no
| problem, even in the future. I want to keep it simple. This 512 kB
| kernel size should be enough - in fact more would mean we'd have to move
| not just these start-up routines, but also do something about the cache-
| memory (block IO devices). The area left over in the lower 640 kB is meant
| for these. No other memory is assumed to be "physical", ie all memory
| over 1Mb is demand-paging. All addresses under 1Mb are guaranteed to match
| their physical addresses.
|
| NOTE1 abouve is no longer valid in it's entirety. cache-memory is allocated
| above the 1Mb mark as well as below. Otherwise it is mainly correct.
|
| NOTE 2! The boot disk type must be set at compile-time, by setting
| the following equ. Having the boot-up procedure hunt for the right
| disk type is severe brain-damage.
| The loader has been made as simple as possible (had to, to get it
| in 512 bytes with the code to move to protected mode), and continuos
| read errors will result in a unbreakable loop. Reboot by hand. It
| loads pretty fast by getting whole sectors at a time whenever possible.
| 1.44Mb disks: sectors = 18
| 1.2Mb disks:
| sectors = 15
| 720kB disks:
| sectors = 9
.globl begtext, begdata, begbss, endtext, enddata, endbss
.text
begtext:
.data
begdata:
.bss
begbss:
.text
BOOTSEG = 0x07c0
INITSEG = 0x9000
SYSSEG = 0x1000 | system loaded at 0x10000 (65536).
ENDSEG = SYSSEG + SYSSIZE | SYSSIZE在Makefile中定义的 ^_^
entry start
start:
mov ax,#BOOTSEG | 现在应仍处在REAL MODE下.
mov ds,ax | 移动自身从BOOTSEG:0000到INITSEG:0000
mov ax,#INITSEG | 共512字节.
mov es,ax | 那么BOOT.S处在0x90000-0x90200.
mov cx,#256
sub si,si
sub di,di
rep
movw
jmpi go,INITSEG
go: mov ax,cs
mov ds,ax | 将DS,ES,SS均设为0x9000,所有数据都以
mov es,ax | 0x9000为段偏移.
mov ss,ax | 堆栈偏移0x9000
mov sp,#0x400 | 栈顶指针0x9000:0x0400,堆栈空间512bytes??
mov ah,#0x03 | read cursor pos
xor bh,bh
int 0x10
mov cx,#24
mov bx,#0x0007 | page 0, attribute 7 (normal)
mov bp,#msg1 | 显示Loading System ...
mov ax,#0x1301 | write string, move cursor
int 0x10
| ok, we've written the message, now
| we want to load the system (at 0x10000)
mov ax,#SYSSEG
mov es,ax | segment of 0x010000
call read_it | 读内核到0x10000
call kill_motor | 杀了软驱!? ^_^
| if the read went well we get current cursor position ans save it for
| posterity.
mov ah,#0x03 | read cursor pos
xor bh,bh
int 0x10 | save it in known place, con_init fetches
mov [510],dx | it from 0x90510.
| now we want to move to protected mode ...
cli | no interrupts allowed !
| first we move the system to it's rightful place
mov ax,#0x0000
cld | 'direction'=0, movs moves forward
do_move:
mov es,ax | destination segment
add ax,#0x1000
cmp ax,#0x9000
jz end_move
mov ds,ax | source segment
sub di,di | 置零,地址为0x1000:0000
sub si,si | 置零,地址为0x9000:0000
mov cx,#0x8000 | cx的作用是计数器
rep
movsw
j do_move | 将位于低端0x1000:0000的内核移到内存
| 高端0x9000:0000,覆盖了boot.S !?
| then we load the segment des criptors
end_move:
mov ax,cs | right, forgot this at first. didn't work :-)
mov ds,ax
lidt idt_48 | idt_48和gdt_48都是一个3个word长的数据结构
lgdt gdt_48 | 第一个字说明(Global || Interrupt) Des criptor
| Table有多长,因为每个Table是四个字长,所以
| 可以得出整个Des criptorTable的entries.(见下)
| 后两个字指出DT的具体位置.
| idt_48是0,0,0;应表示没有中断描述符entries.
| gdt_48有256个入口,第一个是个空入口,然后
| 定义了一个code段和一个data段.基址都是
| 0x00000000, !?那里是什么东西???
| *** 0x00000000 != 0x0000:0000 ***
| that was painless, now we enable A20
call empty_8042
mov al,#0xD1 | command write
out #0x64,al
call empty_8042
mov al,#0xDF | A20 on
out #0x60,al
call empty_8042
| well, that went ok, I hope. Now we have to reprogram the interrupts :-(
| we put them right after the intel-reserved hardware interrupts, at
| int 0x20-0x2F. There they won't mess up anything. Sadly IBM really
| messed this up with the original PC, and they haven't been able to
| rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f,
| which is used for the internal hardware interrupts as well. We just
| have to reprogram the 8259's, and it isn't fun.
| 初始化中断处理器8259i
| 初始化顺序为: 1. 向主8259A写ICW1, 0x20
| 2. 向第二块8259A写ICW1, 0xA0
| 3. 向主8259A写ICW2, 0x21
| 4. 向第二块8259A写ICW2, 0xA1
| 5. 假如ICW1指示有级联中断处理器,则初始化Master&Slave
| (在下例中只有IR2有级联8259A), 0x21, 0xA1
| 6. 向两块8259写ICW4,指定工作模式.
| 输入了适当的初始化命令之后, 8259已经预备好接收中断请求.
| 现在向他输入工作
| 命令字以规定其工作方式. 8259A共有三个工作命令字,但下例中只用过OCW1.
| OCW1将所有的中断都屏蔽掉, OCW2&OCW3也就没什么意义了.
| ** ICW stands for Initialization Command Word;
| OCW for Operation Command Word.
1. mov al,#0x11
out #0x20,al
.word 0x00eb,0x00eb | jmp $+2, jmp $+2
2. out #0xA0,al | and to 8259A-2
.word 0x00eb,0x00eb
3. mov al,#0x20 | 向主8259A写入ICW2.
out #0x21,al | 硬件中断入口地址0x20, 并由ICW1
| 得知中断向量长度 = 8 bytes.
.word 0x00eb,0x00eb
4. mov al,#0x28 | start of hardware int's 2 (0x28)
out #0xA1,al | 第二块8259A的中断入口是0x28.
.word 0x00eb,0x00eb
5. mov al,#0x04 | 8259-1 is master
out #0x21,al | Interrupt Request 2有级联处理.
.word 0x00eb,0x00eb
mov al,#0x02 | 8259-2 is slave
out #0xA1,al | 于上面对应,告诉大家我就是IR2对应
| 级联处理器.
.word 0x00eb,0x00eb
6. mov al,#0x01 | 8086 mode for both
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0xFF | mask off all interrupts for now
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
| well, that certainly wasn't fun :-(. Hopefully it works, and we don't
| need no steenking BIOS anyway (except for the initial loading :-).
| The BIOS-routine wants lots of unnecessary data, and it's less
| "interesting" anyway. This is how REAL programmers do it.
|
| Well, now's the time to actually move into protected mode. To make
| things as simple as possible, we do no register set-up or anything,
| we let the gnu-compiled 32-bit programs do that. We just jump to
| absolute address 0x00000, in 32-bit protected mode.
mov ax,#0x0001 | protected mode (PE) bit
lmsw ax | This is it!
jmpi 0,8 | jmp offset 0 of segment 8 (cs)
| This routine checks that the keyboard command queue is empty
| No timeout is used - if this hangs there is something wrong with
| the machine, and we probably couldn't proceed anyway.
empty_8042:
.word 0x00eb,0x00eb
in al,#0x64 | 8042 status port
test al,#2 | is input buffer full?
jnz empty_8042 | yes - loop
ret
| This routine loads the system at address 0x10000, making sure
| no 64kB boundaries are crossed. We try to load it as fast as
| possible, loading whole tracks whenever we can.
|
| in: es - starting address segment (normally 0x1000)
|
| This routine has to be recompiled to fit another drive type,
| just change the "sectors" variable at the start of the file
| (originally 18, for a 1.44Mb drive)
|
sread: .word 1 | sectors read of current track
head: .word 0 | current head
track: .word 0 | current track
read_it:
mov ax,es | ES当前应0x1000
test ax,#0x0fff | 必需确保ES处在64KB段边界上,即0x?000:XXXX.
| 要不你就会收到一个"DMA..."什么什么的ERR.
die: jne die | es must be at 64kB boundary
xor bx,bx | bx is starting address within segment
rp_read: | **** 循环入口处 ****
mov ax,es
cmp ax,#ENDSEG | have we loaded all yet?
jb ok1_read
ret
ok1_read:
mov ax,#sectors | 1.44M, sectors=18,linux的后续版本
| 中已改成由操作系统来探测sectors的值.
sub ax,sread | AX内记载需要读的扇区数,初始sread为1,
| 即跳过第一道的第一扇区(BOOT区)
mov cx,ax |
shl cx,#9 | CX算出需要读出的扇区的字节数, ax*512.
add cx,bx | BX是当前段内偏移.
| 下面连续的两个转移指令开始还真让人莫名其妙.
jnc ok2_read | 这里先检查当前段内的空间够不够装ax个扇区
| cx算出字节数,加上当前偏移试试,够了的话,就
| 跳到ok2_read去读吧!
je ok2_read | 这么巧的事也有,刚刚够! 读!
| 假如到了这里就确认溢出了,看下面的:
xor ax,ax | 这段代码我觉得很精巧.
sub ax,bx | 它主要目的就是算出假如当前段内空间不够的话
,
shr ax,#9 | 那么反算出剩余空间最多能装多少个扇区,那么
| 就读出多少个.(Hint,段内空间是扇区的整数倍)
ok2_read:
call read_track | 读取当前磁道.
mov cx,ax ----| | (别忙,这里暂时不关cx什么事!)
add ax,sread | | AX是这次读出的扇区数, sread是该磁道已
| | 读出的扇区,相加更新AX的值.
cmp ax,#sectors | | 该磁道所有的扇区都读出了吗?
jne ok3_read | | 尚未,还不能移到下个磁道!
mov ax,#1 |
sub ax,head | | head对应软盘来说只能是0,1
jne ok4_read | | 0,1 head都读过了才准往下走!
inc track | | 终于可以读下个磁道了,真累!
ok4_read: |
mov head,ax |
xor ax,ax |
ok3_read: |
mov sread,ax | | 假如是由于还没读完所有的磁道?
| | 那么ax记载当前磁道已读出的扇区,更新sread.
| | 假如已读完18个扇区,ax被上一行代码置零.
shl cx,#9 >,周德明.后来我发现Minix的那本
* 书里也有一点东西,还没来的及看.
* 另外多谢你提供的 across reference building tool,我还没用熟,能简单
* 介绍介绍吗? ^_^
* 杜晓明 98.11.17
**/
@@ 1,你搞错了,boot在读完system到0x10000之后,又将它这么一移到0x0。:-)
@@ 2.绝对地址0x00000里面 system.实模式中断不能再用了
@@ !)在整个初始化过程完毕后,系统jump: jmpi 0,8 这是个长跳转 cs=8 eip=0
@@ cs=8不是实模式的段,而是gdt表中第一 (0开始),就是你定义的初始的两个GDT
@@ 中的第一项,所以,现在系统跳到绝对0,即head.s的startup
@@ 3.用lxr的across reference building tool先解开后,基本上按INSTLL说明
@@ make install
@@ edit $(安装目录)/http/lxr.conf
@@ baseurl 改为你的url
@@ 我是这样设的 http://192.168.1.3/lxr/
@@ 同一目录下设.htaccess INSTALL有
@@ 配置 httpd server
@@ httpd.conf 加一行 Alias /lxr $(安装目录)/http/
@@ cd $(安装目录)/source 产生标识符库 ../bin/genxref $(kernel source目录)
@@ kernel source: /linux/0.01/....
@@ /0.10/...
@@ 你还可用global http://zaphod.ethz.ch/linux/
@@ 我装过,可是最后装好后没有搜索,不然应该会更好用。?
@@ 4.内核调试我用过gdbstub,但是我发现调试好象的是gdbstub.c程序,而不是内核,只
@@ 看到gdbstub.c的原代码,没有内核的原代码,或许有个步骤我没做导致如此.
视频教程列表
文章教程搜索
C语言程序设计推荐教程
C语言程序设计热门教程
|
QQ:2693987339(点击联系)购买教程光盘
:
