Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does setting the PE flag in CR0 enable protected mode?

Tags:

operating-system

assembly

kernel

real-mode

protected-mode

I am trying to understand how a machine goes from power on to running a kernel. From what I've gathered, it is useful to switch into protected mode during boot up in order to gain access to more addressable memory even if we will eventually switch to a more conventional virtual memory plan with page directories and page tables and segmentation turned off.

It seems that to switch into protected mode 3 things must be done:

  1. Set up a global descriptor table (gdt) and load it using the lgdt instruction
  2. Set the PE flag/bit in the control register CR0 to enabled (ie. to the value 1)
  3. Execute a long jump with ljmp

I am wondering about the logic for translating a segment register and instruction pointer into an index and offset for use with the gdt. Is this logic accomplished by hardware? If so which piece of hardware and why is the execution of a ljmp part of the process? Why not simply set the PE flag in CR0 to enable protected mode (with no following ljmp)?

like image 278
Pedro Cattori Avatar asked Oct 31 '14 15:10

Pedro Cattori

1 Answers

The first question could be: Why didn't Intel design the chip in a way that setting PE will enter protected mode?

The answer: This would not really be possible; it would assume that the CS register contains a selector whose base address is 0x10*CS.

In other words: If the address "mov CR0,EAX" is located at address 0x0100:0x1200 then the next instruction executed will be at address 0x0100:0x1203. So switching to protected mode will only be possible in conjunction with a jump instruction; otherwise switching PE itself would do an unwanted jump (from 0x0100:0x1203 Real Mode to 0x0100:0x1203 Protected Mode).

Technically the CPU internally stores the selector information of all selectors used. Whenever a selector register changes then the limit, base and so on are loaded. This means that loading the CS register is required for updating the base, limit and so of the CS register. This means: A far jump must be done (because this will load the CS register). Maybe a RETF would also work...

I'm not sure if loading the other segment registers (for example DS) would already work before the far jump so if you load the DS register before the far jump the base address and limit will be taken from the GDT. Would be nice to try this out...

like image 72
Martin Rosenau Avatar answered Sep 30 '22 08:09

Martin Rosenau
Sign in to Comment

Related questions

Translate inline assembly to support x64
Determine 32/64 bit architecture in assembly
reading the file name from user input in MIPS assembly
Assembly Programming on Mac
DOS debug like program for 32-bit x86 assembly
C/C++ translation to assembly, low level memory behavior: how is it done? [closed]
NASM programming - `int0x80` versus `int 0x80`
Where do you check the prototypes of syscalls on x86-64 machines?
ARM assembly: auto-increment register on store
Injecting 64 Bit DLL using code cave
Working FAT16 Bootloader Generates Read Error on Actual Hardware?
Alphanumeric Shellcode Ensuring Jumps
Dillema with buffer overflow
Can "mov eax, 0x1" always be used instead of "mov rax, 0x1"?
How do I use a buffer in an assembly procedure?
Have anyone tried to break a bit even smaller? [closed]
main() sometimes keeps frame pointer with -fomit-frame-pointer on x86
Fastest computation of sum x^5 + x^4 + x^3...+x^0 (Bitwise possible ?) with x=16
What happens to lost interrupts after cli on x86?
Assigning literal value to local variable in LLVM IR

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!