Unformatted text preview:

Introduction to 8086 emulationFeatures of real-modeRationale for 8086 emulationCommercial imperativesIntel’s 80386The VM-bit in EFLAGSEntering a VM86-mode procedureI/O-sensitive InstructionsThe EFLAGS registerEmulating I/O-sensitive instructionsWhen IOPL == 3How to leave VM-8086 mode?Example: ‘vm86demo.s’In-class exercise #1Steps for ‘int-nn’ emulationSlide 16Slide 17Other emulations if IOPL < 3Emulating ‘cli’ or ‘sti’Emulating ‘popf’Slide 21IO-permission BitmapLayout of the Task-State SegmentTrapping I/OPentium improves VM86-modeIntroduction to 8086 emulationUsing ‘Virtual-8086’ mode to execute real-mode procedures in a protected-mode environmentFeatures of real-mode•At power-up the Pentium begins executing in real-address mode (memory addressing does not require use of descriptor tables)•CPU privilege-restrictions are not imposed•Memory addresses are limited to 20-bits•Interrupt-routing is handled using the IVT•Multitasking and paging are unsupported•Lots of ‘legacy’ software written for 8086Rationale for 8086 emulation•It is desirable to run multiple 8086 tasks in an environment that ‘protects’ each task from interference by other tasks, yet offers each task the illusion of being in control of the system (as in ‘real-mode’ environment)•Duplicate the environment of an 8086 cpu•Synchronize access to shared resources, (such as files and peripheral i/o devices)Commercial imperatives•1981: IBM-PC (to compete with CP/M)•1984: Macintosh (introduces graphics)•1985: Windows 1.0 (to rival Macintosh)•1986: Windows 2.0 (80286 multitasking)•Macintosh had 32-bit processor (M68000), but Windows 2.0 had 16-bit processor and was handicapped by slow mode-switching needed to execute its firmware routinesIntel’s 80386•Windows 3.0 ran on new 32-bit processor:–Faster mode-switching (whenever needed)–Virtual memory support (for task isolation)–Hardware ‘breakpoint’ debugging support –Virtual-8086 (for firmware and legacy code)The VM-bit in EFLAGS•The CPU executes in ‘Virtual-8086’ mode when the VM-bit (bit #17) in EFLAGS is 1•POPFL instruction cannot modify VM-bit•Two methods for entering VM86-mode:1) use the IRET instruction (.code32)2) use a task-switch to a new 386 TSS•The only way to leave VM86-mode is with an interrupt (either hardware or software) or by resetting the processor (i.e., reboot)Entering a VM86-mode procedureGS-imageFS-imageDS-imageES-imageSS-imageSP-imageEFLAGS ( VM=1, NT=0 )CS-imageIP-imageSS:ESPRing-0 Stack-Frame Execute IRET instruction from 32-bit code-segment while in protected-mode at privilege-level 0I/O-sensitive Instructions•While in VM86-mode, certain instructions are ‘sensitive’ to the current value of the IOPL-field in EFLAGS:–The CLI and STI instructions–The PUSHF and POPF instructions–The PUSHFL and POPFL instructions–The IRET and IRETL instructions–The INT-nn instruction •The above instructions will generate a General Protection Exception (INT-13) unless IOPL==3The EFLAGS register0 0 0 0 0 0 0 0 0 0IDVIPVIFACVMRF0NTIOPLOFDFIFTFSFZF0AF0PF1CF31 17 13 12 0Legend: VM = Virtual-8086 Mode (1=yes, 0=no)IOPL = I/O Privilege-Level (0,1,2,3)VIF = Virtual Interrupt-Flag (if CR4.0 = 1)VIP = Virtual Interrupt Pending (if CR4.0 = 1) ID = CPUID-supported (1=yes, 0=no) CF = Carry-Flag TF = Trap-Flag PF = Parity-Flag IF = Interrupt-Flag AF = Auxilliary-Flag DF = Direction-Flag ZF = Zero-Flag RF = Resume-Flag SF = Sign-Flag NT = Nested Task OF = Overflow-Flag AC = Alignment CheckEmulating I/O-sensitive instructions•Suppose a task executing in VM86-mode tries to disable device-interrupts, using a ‘cli’ instruction•If IOPL ≠ 3, this instruction will cause a GP-fault (exception 0x0D) with an error-code equal to 0 •An exception-handler can examine the opcode (by using the saved CS:IP address on its stack)•If that opcode equals 0xFA (i.e., ‘cli’), then the handler can clear bit #9 in the saved EFLAGS image (i.e., the IF-bit), increment the saved IP, then execute IRET to resume the VM86 taskWhen IOPL == 3•A VM86-task executes at privilege-level 3•If IOPL==3, then the VM86 task is allowed to execute all the IO-sensitive instructions (except INT-nn) without generating a faultHow to leave VM-8086 mode?•In VM86-mode, certain instructions trigger a General Protection Fault regardless of the current value in EFLAGS’ IOPL-field•One of these is the halt-instruction (‘hlt’)•The GP fault-handler can examine the opcode that triggered the fault (using the saved CS:IP address on its ring0 stack) and, if it is 0xF4 (i.e., ‘hlt’), can terminate the VM86 task, if that is what is desiredExample: ‘vm86demo.s’•This demo illustrates entering and leaving a Virtual-8086 procedure within a 386 task that is executing in protected-mode•The procedure draws directly to video ram, changing all the characters’ attribute-bytes to white on a blue-colored background •It executes with device-interrupts disabled•It includes no ‘io-sensitive’ instructions •It uses ‘hlt’ to exit from Virtual-8086 modeIn-class exercise #1•We want to modify ‘vm86demo.s’ -- to do something that’s much more interesting!•Let’s add a ‘software interrupt’ instruction, to try executing some ROM-BIOS code •Easiest to try is ‘int $0x1C’ -- because it normally does nothing but return (‘iret’) •We will need to add code to our GP-fault handler that ‘emulates’ an ‘int-nn’ opcodeSteps for ‘int-nn’ emulation•Increment the saved IP-image by 2 bytes (to simulate fetching the instruction)•Simulate the ‘push’ of FLAGS, CS, and IP onto the VM86 task’s ring3 stack•Identify the interrupt’s ID-number, and copy its vector from IVT onto ring0 stack•Clear IF and TF bits in the saved EFLAGS•Use ‘iret’ to resume ‘virtual-8086’ modeEmulating ‘int-nn’GSFSDSESSSSPEFLAGSCSIPFLAGSCSIPRing-0 StackRing-3 StackSS:ESPCSIPReal-Mode IVTint nnRing-3 code-segmentEmulating ‘iret’GSFSDSESSSSPEFLAGSCSIPFLAGSCSIPRing-0 StackRing-3 StackSS:ESPOther emulations if IOPL < 3•If you try executing code in Virtual-8086 mode without IOPL==3, then you’re likely to need to emulate the other io-sensitive instructions (iret, cli, sti, pushf, popf)•The CLI and STI instructions are easy•The PUSHF/POPF are a little harder•The


View Full Document

USF CS 630 - Introduction to 8086 emulation

Documents in this Course
Load more
Download Introduction to 8086 emulation
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Introduction to 8086 emulation and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Introduction to 8086 emulation 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?