直接跳到 setup
直接跳到 head
这是对linux内核0.11版的bootsect部分代码的调试过程。理解内核的启功过程。
E:linux_bochlinux-0.11>"C:Program FilesBochs-2.2.pre4ochsdbg" -q -f bochsr
c-hd.bxrc
00000000000i[APIC?] local apic in initializing
========================================================================
Bochs x86 Emulator 2.2.pre4
Build from CVS snapshot on May 15th, 2005
========================================================================
00000000000i[ ] reading configuration from bochsrc-hd.bxrc
00000000000i[ ] WARNING: syntax has changed, please use 'vgaromimage: file=.
..' now
00000000000e[ ] bochsrc-hd.bxrc: unknown parameter for parport1 ignored.
00000000000i[ ] installing win32 module as the Bochs GUI
00000000000i[ ] Warning: no rc file specified.
00000000000i[ ] using log file bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0
<bochs:1> info r
eax 0x0 0
ecx 0x0 0
edx 0x683 1667
ebx 0x0 0
esp 0x0 0x0
ebp 0x0 0x0
esi 0x0 0
edi 0x0 0
eip 0xfff0 0xfff0
eflags 0x2 2
cs 0xf000 61440
ss 0x0 0
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
<bochs:2> pb 0x7c00 //机器启动后首先从物理地址0x7c00开始执行bootsect程序 也可设置虚拟断点 vb 0x0000:0x7c00
<bochs:3> c
(0) Breakpoint 1, 0x7c00 in ?? ()
Next at t=975716
(0) [0x00007c00] 0000:7c00 (unk. ctxt): mov ax, 0x7c0 ; b8c007
<bochs:4> u /10
00007c00: ( ): mov ax, 0x7c0 ; b8c007
00007c03: ( ): mov ds, ax ; 8ed8
00007c05: ( ): mov ax, 0x9000 ; b80090
00007c08: ( ): mov es, ax ; 8ec0
00007c0a: ( ): mov cx, 0x100 ; b90001
00007c0d: ( ): sub si, si ; 29f6
00007c0f: ( ): sub di, di ; 29ff
00007c11: ( ): rep movsw word ptr es:[di], word ptr ds:[si] ;
f3a5
00007c13: ( ): jmp far 9000:0018 ; ea18000090
00007c18: ( ): mov ax, cs ; 8cc8
<bochs:5> info r
eax 0xaa55 43605
ecx 0x120001 1179649
edx 0x0 0
ebx 0x0 0
esp 0xfffe 0xfffe
ebp 0x0 0x0
esi 0x733f 29503
edi 0xffde 65502
eip 0x7c00 0x7c00 //偏移地址
eflags 0x282 642
cs 0x0 0 //开始执行时cs 0x0
ss 0x0 0
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
<bochs:6>
<bochs:6> s //s 执行指令,默认执行一条指令
Next at t=975717
(0) [0x00007c03] 0000:7c03 (unk. ctxt): mov ds, ax ; 8ed8
<bochs:7> s 5 //连续执行五条指令
Next at t=975722
(0) [0x00007c0f] 0000:7c0f (unk. ctxt): sub di, di ; 29ff
<bochs:8> u /10
00007c0f: ( ): sub di, di ; 29ff
00007c11: ( ): rep movsw word ptr es:[di], word ptr ds:[si] ;
f3a5
00007c13: ( ): jmp far 9000:0018 ; ea18000090
00007c18: ( ): mov ax, cs ; 8cc8
00007c1a: ( ): mov ds, ax ; 8ed8
00007c1c: ( ): mov es, ax ; 8ec0
00007c1e: ( ): mov ss, ax ; 8ed0
00007c20: ( ): mov sp, 0xff00 ; bc00ff
00007c23: ( ): mov dx, 0x0 ; ba0000
00007c26: ( ): mov cx, 0x2 ; b90200
<bochs:9> s 3
Next at t=975725
(0) [0x00007c11] 0000:7c11 (unk. ctxt): rep movsw word ptr es:[di], word ptr ds:
[si] ; f3a5
<bochs:10> s 3 //可见s指令跟踪程序执行的每一条指令 这里进入循环
Next at t=975728
(0) [0x00007c11] 0000:7c11 (unk. ctxt): rep movsw word ptr es:[di], word ptr ds:
[si] ; f3a5
<bochs:11> vb 0x0000:0x7c13
<bochs:12> c
(0) Breakpoint 2, 0x7c13 (0x0:0x7c13)
Next at t=975979
(0) [0x00007c13] 0000:7c13 (unk. ctxt): jmp far 9000:0018 ; ea18000090
<bochs:13> vb 0x9000:0x0018 //bootsect把自己移到0x9000开始的地方后调转到这里继续执行
<bochs:14> c
(0) Breakpoint 3, 0x90018 (0x9000:0x18)
Next at t=975980
(0) [0x00090018] 9000:0018 (unk. ctxt): mov ax, cs ; 8cc8
<bochs:15>
<bochs:1> vb 0x9000:0x0018
<bochs:2> c
(0) Breakpoint 1, 0x90018 (0x9000:0x18)
Next at t=975980
(0) [0x00090018] 9000:0018 (unk. ctxt): mov ax, cs ; 8cc8
<bochs:3> u/20
00090018: ( ): mov ax, cs ; 8cc8
0009001a: ( ): mov ds, ax ; 8ed8
0009001c: ( ): mov es, ax ; 8ec0
0009001e: ( ): mov ss, ax ; 8ed0
00090020: ( ): mov sp, 0xff00 ; bc00ff
00090023: ( ): mov dx, 0x0 ; ba0000
00090026: ( ): mov cx, 0x2 ; b90200
00090029: ( ): mov bx, 0x200 ; bb0002
0009002c: ( ): mov ax, 0x204 ; b80402
0009002f: ( ): int 0x13 ; cd13
00090031: ( ): jnb .+0x3d ; 730a
00090033: ( ): mov dx, 0x0 ; ba0000
00090036: ( ): mov ax, 0x0 ; b80000
00090039: ( ): int 0x13 ; cd13
0009003b: ( ): jmp .+0x23 ; ebe6
0009003d: ( ): mov dl, 0x0 ; b200
0009003f: ( ): mov ax, 0x800 ; b80008
00090042: ( ): int 0x13 ; cd13
00090044: ( ): mov ch, 0x0 ; b500
00090046: ( ): mov word ptr cs:0x13d, cx ; 2e890e3d01
<bochs:4> vb 0x9000:0x002f
<bochs:5> c //这里我们跟踪一下中断调用时栈的操作
(0) Breakpoint 2, 0x9002f (0x9000:0x2f)
Next at t=975989
(0) [0x0009002f] 9000:002f (unk. ctxt): int 0x13 ; cd13
<bochs:6> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000ff00, esi:0x00000200, edi:0x00000200 //堆栈地址0x9000:ff00
eip:0x0000002f, eflags:0x00000246, inhibit_mask:0
cs:s=0x9000, dl=0x0000ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:7> s
Next at t=975990
(0) [0x000fe3fe] f000:e3fe (unk. ctxt): jmp .+0x96dc ; e9dbb2
<bochs:8> u10
0000000a: ( ): add al, dh ; 00f0
<bochs:9> u/10
000fe3fe: ( ): jmp .+0x96dc ; e9dbb2
000fe401: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe403: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe405: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe407: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe409: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40b: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40d: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe40f: ( ): add byte ptr ds:[bx+si], al ; 0000
000fe411: ( ): add byte ptr ds:[bx+si], al ; 0000
<bochs:10> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x0000e3fe, eflags:0x00000046, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:11> xp /6bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
<bochs:12> xp /12bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
0x0009ff08 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:13> xp /12bx 0x9fefa
[bochs]:
0x0009fefa <bogus+ 0>: 0x31 0x00 0x00 0x90 0x46 0x02 //堆栈中的内容ip值0x0031 cs值0x9000 另外一个值不知道是什么
0x00 0x00
0x0009ff02 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:14> s
Next at t=975991
(0) [0x000f96dc] f000:96dc (unk. ctxt): cmp ah, 0x4a ; 80fc4a
<bochs:15> xp /6bx 0x9ff00
[bochs]:
0x0009ff00 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
<bochs:16> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096dc, eflags:0x00000046, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:17> u/10
000f96dc: ( ): cmp ah, 0x4a ; 80fc4a
000f96df: ( ): jb .+0x96f1 ; 7210
000f96e1: ( ): cmp ah, 0x4d ; 80fc4d
000f96e4: ( ): jnbe .+0x96f1 ; 770b
000f96e6: ( ): pusha ; 60
000f96e7: ( ): push es ; 06
000f96e8: ( ): push ds ; 1e
000f96e9: ( ): push ss ; 16
000f96ea: ( ): pop ds ; 1f
000f96eb: ( ): push 0x9759 ; 685997
<bochs:18> s
Next at t=975992
(0) [0x000f96df] f000:96df (unk. ctxt): jb .+0x96f1 ; 7210
<bochs:19> u /15
000f96df: ( ): jb .+0x96f1 ; 7210
000f96e1: ( ): cmp ah, 0x4d ; 80fc4d
000f96e4: ( ): jnbe .+0x96f1 ; 770b
000f96e6: ( ): pusha ; 60
000f96e7: ( ): push es ; 06
000f96e8: ( ): push ds ; 1e
000f96e9: ( ): push ss ; 16
000f96ea: ( ): pop ds ; 1f
000f96eb: ( ): push 0x9759 ; 685997
000f96ee: ( ): jmp .+0x7038 ; e947d9
000f96f1: ( ): push ax ; 50
000f96f2: ( ): push bx ; 53
000f96f3: ( ): push cx ; 51
000f96f4: ( ): push dx ; 52
000f96f5: ( ): call .+0x2dfe ; e80697
<bochs:20> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096df, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:21> s
done
<bochs:21> s
Next at t=975993
(0) [0x000f96f1] f000:96f1 (unk. ctxt): push ax ; 50
<bochs:22> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fefa, esi:0x00000200, edi:0x00000200
eip:0x000096f1, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:23> s //查看堆栈栈顶是否是ax的内容 这里的对栈是以2字节增加
Next at t=975994
(0) [0x000f96f2] f000:96f2 (unk. ctxt): push bx ; 53
<bochs:24> dump_cpu
eax:0x00000204, ebx:0x00000200, ecx:0x00130002, edx:0x00000000
ebp:0x00000000, esp:0x0000fef8, esi:0x00000200, edi:0x00000200
eip:0x000096f2, eflags:0x00000097, inhibit_mask:0
cs:s=0xf000, dl=0x0000ffff, dh=0x00009b0f, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=5
ds:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
es:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:25> u/20
000f96f2: ( ): push bx ; 53
000f96f3: ( ): push cx ; 51
000f96f4: ( ): push dx ; 52
000f96f5: ( ): call .+0x2dfe ; e80697
000f96f8: ( ): cmp al, 0x0 ; 3c00
000f96fa: ( ): jz .+0x9727 ; 742b
000f96fc: ( ): call .+0x2e25 ; e82697
000f96ff: ( ): pop dx ; 5a
000f9700: ( ): push dx ; 52
000f9701: ( ): cmp al, dl ; 38d0
000f9703: ( ): jnz .+0x9714 ; 750f
000f9705: ( ): pop dx ; 5a
000f9706: ( ): pop cx ; 59
000f9707: ( ): pop bx ; 5b
000f9708: ( ): pop ax ; 58
000f9709: ( ): pusha ; 60
000f970a: ( ): push es ; 06
000f970b: ( ): push ds ; 1e
000f970c: ( ): push ss ; 16
000f970d: ( ): pop ds ; 1f
<bochs:26> xp /12bx 0x9faf8
[bochs]:
0x0009faf8 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
0x0009fb00 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:27> xp /12bx 0x9fef8
[bochs]:
<bochs:27> xp /12bx 0x9fef8
[bochs]:
0x0009fef8 <bogus+ 0>: 0x04 0x02 0x31 0x00 0x00 0x90
0x46 0x02
0x0009ff00 <bogus+ 8>: 0x00 0x00 0x00 0x00
<bochs:28>bootsect.s程序的完成的主要功能:
1。首先把自己从0x0000:0x7c00 移到0x9000:0000开始的地方
2。从设备上加载接着的4个扇区到0x90200开始的地方
3。从设备上加载系统模块到0x10000开始的地方(这个根据内核的大小加载一定扇区数)
这是对linux0.11内核的setup程序的调试,这里我们主要分析了,从实模式到保护模式的过程。
<bochs:1> vb 0x9020:0x0000 这里是setup程序开始执行的地方
<bochs:2> c
(0) Breakpoint 1, 0x90200 (0x9020:0x0)
Next at t=1221602
(0) [0x00090200] 9020:0000 (unk. ctxt): mov ax, 0x9000 ; b80090
<bochs:3> u/10
00090200: ( ): mov ax, 0x9000 ; b80090
00090203: ( ): mov ds, ax ; 8ed8
00090205: ( ): mov ah, 0x3 ; b403
00090207: ( ): xor bh, bh ; 30ff
00090209: ( ): int 0x10 ; cd10
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
<bochs:4> vb 0x9020:0x000b
<bochs:5> c
(0) Breakpoint 2, 0x9020b (0x9020:0xb)
Next at t=1221796
(0) [0x0009020b] 9020:000b (unk. ctxt): mov word ptr ds:0x0, dx ; 89160000
<bochs:6> info r
eax 0x300 768
ecx 0x120607 1181191
edx 0x1100 4352
ebx 0x0 0
esp 0xff00 0xff00
ebp 0x13f 0x13f
esi 0x200 512
edi 0xefdf 61407
eip 0xb 0xb
eflags 0x246 582
cs 0x9020 36896
ss 0x9000 36864
ds 0x9000 36864
es 0x4000 16384
fs 0x0 0
gs 0x0 0
<bochs:7> u /30
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
00090218: ( ): int 0x10 ; cd10
0009021a: ( ): mov word ptr ds:0x4, bx ; 891e0400
0009021e: ( ): mov word ptr ds:0x6, ax ; a30600
00090221: ( ): mov ah, 0x12 ; b412
00090223: ( ): mov bl, 0x10 ; b310
00090225: ( ): int 0x10 ; cd10
00090227: ( ): mov word ptr ds:0x8, ax ; a30800
0009022a: ( ): mov word ptr ds:0xa, bx ; 891e0a00
0009022e: ( ): mov word ptr ds:0xc, cx ; 890e0c00
00090232: ( ): mov ax, 0x0 ; b80000
00090235: ( ): mov ds, ax ; 8ed8
00090237: ( ): lds si, ds:0x104 ; c5360401
0009023b: ( ): mov ax, 0x9000 ; b80090
0009023e: ( ): mov es, ax ; 8ec0
00090240: ( ): mov di, 0x80 ; bf8000
00090243: ( ): mov cx, 0x10 ; b91000
00090246: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
00090248: ( ): mov ax, 0x0 ; b80000
0009024b: ( ): mov ds, ax ; 8ed8
0009024d: ( ): lds si, ds:0x118 ; c5361801
00090251: ( ): mov ax, 0x9000 ; b80090
00090254: ( ): mov es, ax ; 8ec0
00090256: ( ): mov di, 0x90 ; bf9000
00090259: ( ): mov cx, 0x10 ; b91000
0009025c: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
<bochs:8> u /50
0009020b: ( ): mov word ptr ds:0x0, dx ; 89160000
0009020f: ( ): mov ah, 0x88 ; b488
00090211: ( ): int 0x15 ; cd15
00090213: ( ): mov word ptr ds:0x2, ax ; a30200
00090216: ( ): mov ah, 0xf ; b40f
00090218: ( ): int 0x10 ; cd10
0009021a: ( ): mov word ptr ds:0x4, bx ; 891e0400
0009021e: ( ): mov word ptr ds:0x6, ax ; a30600
00090221: ( ): mov ah, 0x12 ; b412
00090223: ( ): mov bl, 0x10 ; b310
00090225: ( ): int 0x10 ; cd10
00090227: ( ): mov word ptr ds:0x8, ax ; a30800
0009022a: ( ): mov word ptr ds:0xa, bx ; 891e0a00
0009022e: ( ): mov word ptr ds:0xc, cx ; 890e0c00
00090232: ( ): mov ax, 0x0 ; b80000
00090235: ( ): mov ds, ax ; 8ed8
00090237: ( ): lds si, ds:0x104 ; c5360401
0009023b: ( ): mov ax, 0x9000 ; b80090
0009023e: ( ): mov es, ax ; 8ec0
00090240: ( ): mov di, 0x80 ; bf8000
00090243: ( ): mov cx, 0x10 ; b91000
00090246: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
00090248: ( ): mov ax, 0x0 ; b80000
0009024b: ( ): mov ds, ax ; 8ed8
0009024d: ( ): lds si, ds:0x118 ; c5361801
00090251: ( ): mov ax, 0x9000 ; b80090
00090254: ( ): mov es, ax ; 8ec0
00090256: ( ): mov di, 0x90 ; bf9000
00090259: ( ): mov cx, 0x10 ; b91000
0009025c: ( ): rep movsb byte ptr es:[di], byte ptr ds:[si] ;
f3a4
0009025e: ( ): mov ax, 0x1500 ; b80015
00090261: ( ): mov dl, 0x81 ; b281
00090263: ( ): int 0x13 ; cd13
00090265: ( ): jb .+0x26c ; 7205
00090267: ( ): cmp ah, 0x3 ; 80fc03
0009026a: ( ): jz .+0x27c ; 7410
0009026c: ( ): mov ax, 0x9000 ; b80090
0009026f: ( ): mov es, ax ; 8ec0
00090271: ( ): mov di, 0x90 ; bf9000
00090274: ( ): mov cx, 0x10 ; b91000
00090277: ( ): mov ax, 0x0 ; b80000
0009027a: ( ): rep stosb byte ptr es:[di], al ; f3aa
0009027c: ( ): cli ; fa
0009027d: ( ): mov ax, 0x0 ; b80000
00090280: ( ): cld ; fc
00090281: ( ): mov es, ax ; 8ec0
00090283: ( ): add ax, 0x1000 ; 050010
00090286: ( ): cmp ax, 0x9000 ; 3d0090
00090289: ( ): jz .+0x298 ; 740d
0009028b: ( ): mov ds, ax ; 8ed8
<bochs:9> vb 0x9020:0x0298
<bochs:10> c
<bochs:2> c
(0) Breakpoint 1, 0x90298 (0x9020:0x98)
Next at t=1488947
(0) [0x00090298] 9020:0098 (unk. ctxt): mov ax, 0x9020 ; b82090
<bochs:3> u/10
00090298: ( ): mov ax, 0x9020 ; b82090
0009029b: ( ): mov ds, ax ; 8ed8
0009029d: ( ): lidt ds:0x12c ; 0f011e2c01
000902a2: ( ): lgdt ds:0x132 ; 0f01163201
000902a7: ( ): call .+0x309 ; e85f00
000902aa: ( ): mov al, 0xd1 ; b0d1
000902ac: ( ): out 0x64, al ; e664
000902ae: ( ): call .+0x309 ; e85800
000902b1: ( ): mov al, 0xdf ; b0df
000902b3: ( ): out 0x60, al ; e660
<bochs:4> xp /6bx 0x90332
[bochs]:
0x00090332 <bogus+ 0>: 0x00 0x08 0x14 0x03 0x09 0x00
<bochs:5> xp /6hx 0x90332
[bochs]:
0x00090332 <bogus+ 0>: 0x0800 0x0314 0x0009 0x0000 0x0000 0x0000
<bochs:6> dump_cpu //下一步我们查看加载全局描述附表和中断描述符表后寄存器的变化
eax:0x00009000, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000098, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00000000, limit=0xffff
idtr:base=0x00000000, limit=0xffff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:7> vb 0x9020:0x00aa
<bochs:8> c
(0) Breakpoint 2, 0x902aa (0x9020:0xaa)
Next at t=1488958
(0) [0x000902aa] 9020:00aa (unk. ctxt): mov al, 0xd1 ; b0d1
<bochs:9> dump_cpu
eax:0x00009010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000aa, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800 //我们看到这里已经加载了gdtr的基地址
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:10> xp /8bx 0x90314 //下面我们查看gdtr的前几项内容
[bochs]:
0x00090314 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00
<bochs:11> xp /8wx 0x90314
[bochs]:
0x00090314 <bogus+ 0>: 0x00000000 0x00000000 0x000007ff
0x00c09a00
0x00090324 <bogus+ 16>: 0x000007ff 0x00c09200 0x00000000
0x08000000
<bochs:12> u/30<bochs:13> u/40
<bochs:14> u/50
000902aa: ( ): mov al, 0xd1 ; b0d1
000902ac: ( ): out 0x64, al ; e664
000902ae: ( ): call .+0x309 ; e85800
000902b1: ( ): mov al, 0xdf ; b0df
000902b3: ( ): out 0x60, al ; e660
000902b5: ( ): call .+0x309 ; e85100
000902b8: ( ): mov al, 0x11 ; b011
000902ba: ( ): out 0x20, al ; e620
000902bc: ( ): jmp .+0x2be ; eb00
000902be: ( ): jmp .+0x2c0 ; eb00
000902c0: ( ): out 0xa0, al ; e6a0
000902c2: ( ): jmp .+0x2c4 ; eb00
000902c4: ( ): jmp .+0x2c6 ; eb00
000902c6: ( ): mov al, 0x20 ; b020
000902c8: ( ): out 0x21, al ; e621
000902ca: ( ): jmp .+0x2cc ; eb00
000902cc: ( ): jmp .+0x2ce ; eb00
000902ce: ( ): mov al, 0x28 ; b028
000902d0: ( ): out 0xa1, al ; e6a1
000902d2: ( ): jmp .+0x2d4 ; eb00
000902d4: ( ): jmp .+0x2d6 ; eb00
000902d6: ( ): mov al, 0x4 ; b004
000902d8: ( ): out 0x21, al ; e621
000902da: ( ): jmp .+0x2dc ; eb00
000902dc: ( ): jmp .+0x2de ; eb00
000902de: ( ): mov al, 0x2 ; b002
000902e0: ( ): out 0xa1, al ; e6a1
000902e2: ( ): jmp .+0x2e4 ; eb00
000902e4: ( ): jmp .+0x2e6 ; eb00
000902e6: ( ): mov al, 0x1 ; b001
000902e8: ( ): out 0x21, al ; e621
000902ea: ( ): jmp .+0x2ec ; eb00
000902ec: ( ): jmp .+0x2ee ; eb00
000902ee: ( ): out 0xa1, al ; e6a1
000902f0: ( ): jmp .+0x2f2 ; eb00
000902f2: ( ): jmp .+0x2f4 ; eb00
000902f4: ( ): mov al, 0xff ; b0ff
000902f6: ( ): out 0x21, al ; e621
000902f8: ( ): jmp .+0x2fa ; eb00
000902fa: ( ): jmp .+0x2fc ; eb00
000902fc: ( ): out 0xa1, al ; e6a1
000902fe: ( ): mov ax, 0x1 ; b80100
00090301: ( ): lmsw ax ; 0f01f0
00090304: ( ): jmp far 0008:0000 ; ea00000800
00090309: ( ): jmp .+0x30b ; eb00
0009030b: ( ): jmp .+0x30d ; eb00
0009030d: ( ): in al, 0x64 ; e464
0009030f: ( ): test al, 0x2 ; a802
00090311: ( ): jnz .+0x309 ; 75f6
00090313: ( ): retn ; c3
<bochs:15> dump_cpu
eax:0x00009010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000aa, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:16> vb 0x9020:0x00fe //我们要在这里查看启动保护模式的过程
<bochs:17> c
(0) Breakpoint 3, 0x902fe (0x9020:0xfe)
Next at t=1489011
(0) [0x000902fe] 9020:00fe (unk. ctxt): mov ax, 0x1 ; b80100
<bochs:18> u/10
000902fe: ( ): mov ax, 0x1 ; b80100
00090301: ( ): lmsw ax ; 0f01f0
00090304: ( ): jmp far 0008:0000 ; ea00000800
00090309: ( ): jmp .+0x30b ; eb00
0009030b: ( ): jmp .+0x30d ; eb00
0009030d: ( ): in al, 0x64 ; e464
0009030f: ( ): test al, 0x2 ; a802
00090311: ( ): jnz .+0x309 ; 75f6
00090313: ( ): retn ; c3
00090314: ( ): add byte ptr ds:[bx+si], al ; 0000
<bochs:19> dump_cpu //启动保护模式前的cpu状态
eax:0x000090ff, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x000000fe, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000010, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:20> vb 0x9020:0x0104
<bochs:21> c
(0) Breakpoint 4, 0x90304 (0x9020:0x104)
Next at t=1489013
(0) [0x00090304] 9020:00000104 (unk. ctxt): jmp far 0008:0000 ; ea000008
00
<bochs:22> dump_cpu //启动保护模式后的状态
eax:0x00000001, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000104, eflags:0x00000046, inhibit_mask:0
cs:s=0x9020, dl=0x0200ffff, dh=0x00009b09, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:23> s
Next at t=1489014
(0) [0x00000000] 0008:00000000 (unk. ctxt): mov eax, 0x10 ; b8100000
00
<bochs:24> dump_cpu
eax:0x00000001, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000000, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:25>
<bochs:25> u/10
00000000: ( ): mov eax, 0x10 ; b810000000
00000005: ( ): mov ds, ax ; 8ed8
00000007: ( ): mov es, ax ; 8ec0
00000009: ( ): mov fs, ax ; 8ee0
0000000b: ( ): mov gs, ax ; 8ee8
0000000d: ( ): lss ds:0x182a4 ; 0fb225a4820100
00000014: ( ): call .+0x6f ; e856000000
00000019: ( ): call .+0x9f ; e881000000
0000001e: ( ): mov eax, 0x10 ; b810000000
00000023: ( ): mov ds, ax ; 8ed8
<bochs:26> lb 0x5 //在保护模式下我们可以设置线性地址断点了 哈哈 我们试试:)
<bochs:27> c
(0) Breakpoint 5, 0x5 in ?? ()
Next at t=1489015
(0) [0x00000005] 0008:00000005 (unk. ctxt): mov ds, ax ; 8ed8
<bochs:28> dump_cpu //这里我们清楚的看到了程序的执行过程
eax:0x00000010, ebx:0x00000003, ecx:0x00120000, edx:0x00001181
ebp:0x0000013f, esp:0x0000ff00, esi:0x00000000, edi:0x00000000
eip:0x00000005, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x9020, dl=0x0200ffff, dh=0x00009309, valid=3
es:s=0x8000, dl=0x0000ffff, dh=0x00009308, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:29>
这是对linux0.11内核的head程序的调试,这里我们主要分析了,采用分页时linux的初始话过程。(这里暂时没有给出注释)
eip:0x0000000d, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x9000, dl=0x0000ffff, dh=0x00009309, valid=7
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=1
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:8> s
Next at t=1489020
(0) [0x00000014] 0008:00000014 (unk. ctxt): call .+0x6f ; e8560000
00
<bochs:9> dump_cpu
eax:0x00000010, ebx:0x00000003, ecx:0x00130000, edx:0x00001181
ebp:0x0000013f, esp:0x0001e268, esi:0x00000000, edi:0x00000000
eip:0x00000014, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=3
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:10> s
Next at t=1489021
(0) [0x0000006f] 0008:0000006f (unk. ctxt): lea edx, dword ptr ds:0x5428 ; 8d152
8540000
<bochs:11> dump_cpu
eax:0x00000010, ebx:0x00000003, ecx:0x00130000, edx:0x00001181
ebp:0x0000013f, esp:0x0001e264, esi:0x00000000, edi:0x00000000
eip:0x0000006f, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=5
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=3
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:12> x /2wx 0x1e264
[bochs]:
0x0001e264 <bogus+ 0>: 0x00000019 0x00000000
<bochs:13> s
Next at t=1489022
(0) [0x00000075] 0008:00000075 (unk. ctxt): mov eax, 0x80000 ; b8000008
00
<bochs:14> dump_cpu
eax:0x00000010, ebx:0x00000003, ecx:0x00130000, edx:0x00005428
ebp:0x0000013f, esp:0x0001e264, esi:0x00000000, edi:0x00000000
eip:0x00000075, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=5
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=3
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:15> u/10
00000075: ( ): mov eax, 0x80000 ; b800000800
0000007a: ( ): mov ax, dx ; 6689d0
0000007d: ( ): mov dx, 0x8e00 ; 66ba008e
00000081: ( ): lea edi, dword ptr ds:0x54b8 ; 8d3db8540000
00000087: ( ): mov ecx, 0x100 ; b900010000
0000008c: ( ): mov dword ptr ds:[edi], eax ; 8907
0000008e: ( ): mov dword ptr ds:[edi+0x4], edx ; 895704
00000091: ( ): add edi, 0x8 ; 83c708
00000094: ( ): dec ecx ; 49
00000095: ( ): jnz .+0x8c ; 75f5
<bochs:16> u/15
00000075: ( ): mov eax, 0x80000 ; b800000800
0000007a: ( ): mov ax, dx ; 6689d0
0000007d: ( ): mov dx, 0x8e00 ; 66ba008e
00000081: ( ): lea edi, dword ptr ds:0x54b8 ; 8d3db8540000
00000087: ( ): mov ecx, 0x100 ; b900010000
0000008c: ( ): mov dword ptr ds:[edi], eax ; 8907
0000008e: ( ): mov dword ptr ds:[edi+0x4], edx ; 895704
00000091: ( ): add edi, 0x8 ; 83c708
00000094: ( ): dec ecx ; 49
00000095: ( ): jnz .+0x8c ; 75f5
00000097: ( ): lidt ds:0x54aa ; 0f011daa540000
0000009e: ( ): retn ; c3
0000009f: ( ): lgdt ds:0x54b2 ; 0f0115b2540000
000000a6: ( ): retn ; c3
000000a7: ( ): add byte ptr ds:[eax], al ; 0000<bochs:3> u/15
00000075: ( ): mov eax, 0x80000 ; b800000800
0000007a: ( ): mov ax, dx ; 6689d0
0000007d: ( ): mov dx, 0x8e00 ; 66ba008e
00000081: ( ): lea edi, dword ptr ds:0x54b8 ; 8d3db8540000
00000087: ( ): mov ecx, 0x100 ; b900010000
0000008c: ( ): mov dword ptr ds:[edi], eax ; 8907
0000008e: ( ): mov dword ptr ds:[edi+0x4], edx ; 895704
00000091: ( ): add edi, 0x8 ; 83c708
00000094: ( ): dec ecx ; 49
00000095: ( ): jnz .+0x8c ; 75f5
00000097: ( ): lidt ds:0x54aa ; 0f011daa540000
0000009e: ( ): retn ; c3
0000009f: ( ): lgdt ds:0x54b2 ; 0f0115b2540000
000000a6: ( ): retn ; c3
000000a7: ( ): add byte ptr ds:[eax], al ; 0000
<bochs:4> info r
eax 0x10 16
ecx 0x160000 1441792
edx 0x5428 21544
ebx 0x3 3
esp 0x1e264 0x1e264
ebp 0x13f 0x13f
esi 0x0 0
edi 0x0 0
eip 0x75 0x75
eflags 0x46 70
cs 0x8 8
ss 0x10 16
ds 0x10 16
es 0x10 16
fs 0x10 16
gs 0x10 16
<bochs:5> s
Next at t=1489023
(0) [0x0000007a] 0008:0000007a (unk. ctxt): mov ax, dx ; 6689d0
<bochs:6> info r
eax 0x80000 524288
ecx 0x160000 1441792
edx 0x5428 21544
ebx 0x3 3
esp 0x1e264 0x1e264
ebp 0x13f 0x13f
esi 0x0 0
edi 0x0 0
eip 0x7a 0x7a
eflags 0x46 70
cs 0x8 8
ss 0x10 16
ds 0x10 16
es 0x10 16
fs 0x10 16
gs 0x10 16
<bochs:7> s
Next at t=1489024
(0) [0x0000007d] 0008:0000007d (unk. ctxt): mov dx, 0x8e00 ; 66ba008e<bochs:8> info r
eax 0x85428 545832
ecx 0x160000 1441792
edx 0x5428 21544
ebx 0x3 3
esp 0x1e264 0x1e264
ebp 0x13f 0x13f
esi 0x0 0
edi 0x0 0
eip 0x7d 0x7d
eflags 0x46 70
cs 0x8 8
ss 0x10 16
ds 0x10 16
es 0x10 16
fs 0x10 16
gs 0x10 16
<bochs:9> s
Next at t=1489025
(0) [0x00000081] 0008:00000081 (unk. ctxt): lea edi, dword ptr ds:0x54b8 ; 8d3db
8540000
<bochs:10> info r
eax 0x85428 545832
ecx 0x160000 1441792
edx 0x8e00 36352
ebx 0x3 3
esp 0x1e264 0x1e264
ebp 0x13f 0x13f
esi 0x0 0
edi 0x0 0
eip 0x81 0x81
eflags 0x46 70
cs 0x8 8
ss 0x10 16
ds 0x10 16
es 0x10 16
fs 0x10 16
gs 0x10 16
<bochs:11> s
Next at t=1489026
(0) [0x00000087] 0008:00000087 (unk. ctxt): mov ecx, 0x100 ; b9000100
00
<bochs:12> info r
eax 0x85428 545832
ecx 0x160000 1441792
edx 0x8e00 36352
ebx 0x3 3
esp 0x1e264 0x1e264
ebp 0x13f 0x13f
esi 0x0 0
edi 0x54b8 21688
eip 0x87 0x87
eflags 0x46 70
cs 0x8 8
ss 0x10 16
ds 0x10 16
es 0x10 16
fs 0x10 16
gs 0x10 16
<bochs:13> s
Next at t=1489027
(0) [0x0000008c] 0008:0000008c (unk. ctxt): mov dword ptr ds:[edi], eax ; 8907
<bochs:14> s
Next at t=1489028
(0) [0x0000008e] 0008:0000008e (unk. ctxt): mov dword ptr ds:[edi+0x4], edx ; 89
5704
<bochs:15> x /8bx 0x54b8
[bochs]:
0x000054b8 <bogus+ 0>: 0x28 0x54 0x08 0x00 0x00 0x00
0x00 0x00
<bochs:16> x /8bx 0x54b4
[bochs]:
0x000054b4 <bogus+ 0>: 0xb8 0x5c 0x00 0x00 0x28 0x54
0x08 0x00
<bochs:17> s
Next at t=1489029
(0) [0x00000091] 0008:00000091 (unk. ctxt): add edi, 0x8 ; 83c708
<bochs:18> x /8bx 0x54b8
[bochs]:
0x000054b8 <bogus+ 0>: 0x28 0x54 0x08 0x00 0x00 0x8e
0x00 0x00
<bochs:19><bochs:17> s 11
Next at t=1489033
(0) [0x0000008e] 0008:0000008e (unk. ctxt): mov dword ptr ds:[edi+0x4], edx ; 89
5704
<bochs:18> lb 0x97
<bochs:19> c
(0) Breakpoint 3, 0x97 in ?? ()
Next at t=1490307
(0) [0x00000097] 0008:00000097 (unk. ctxt): lidt ds:0x54aa ; 0f011daa
540000
<bochs:20> dump_cpu
eax:0x00085428, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e264, esi:0x00000000, edi:0x00005cb8
eip:0x00000097, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=5
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x00000000, limit=0x0
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:21> x /2wx 0x1e264
[bochs]:
0x0001e264 <bogus+ 0>: 0x00000019 0x00000000
<bochs:22> s
Next at t=1490308
(0) [0x0000009e] 0008:0000009e (unk. ctxt): retn ; c3
<bochs:23> dump_cpu
eax:0x00085428, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e264, esi:0x00000000, edi:0x00005cb8
eip:0x0000009e, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=5
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:24> s
Next at t=1490309
(0) [0x00000019] 0008:00000019 (unk. ctxt): call .+0x9f ; e8810000
00
<bochs:25> dump_cpu
eax:0x00085428, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e268, esi:0x00000000, edi:0x00005cb8
eip:0x00000019, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:26> s
Next at t=1490310
(0) [0x0000009f] 0008:0000009f (unk. ctxt): lgdt ds:0x54b2 ; 0f0115b2
540000
<bochs:27> dump_cpu
eax:0x00085428, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e264, esi:0x00000000, edi:0x00005cb8
eip:0x0000009f, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00090314, limit=0x800
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:28> x /2wx 0x1e264
[bochs]:
0x0001e264 <bogus+ 0>: 0x0000001e 0x00000000
<bochs:29> u/10
0000009f: ( ): lgdt ds:0x54b2 ; 0f0115b2540000
000000a6: ( ): retn ; c3
000000a7: ( ): add byte ptr ds:[eax], al ; 0000
000000a9: ( ): add byte ptr ds:[eax], al ; 0000
000000ab: ( ): add byte ptr ds:[eax], al ; 0000
000000ad: ( ): add byte ptr ds:[eax], al ; 0000
000000af: ( ): add byte ptr ds:[eax], al ; 0000
000000b1: ( ): add byte ptr ds:[eax], al ; 0000
000000b3: ( ): add byte ptr ds:[eax], al ; 0000
000000b5: ( ): add byte ptr ds:[eax], al ; 0000
<bochs:30> s
Next at t=1490311
(0) [0x000000a6] 0008:000000a6 (unk. ctxt): retn ; c3
<bochs:31> s
Next at t=1490312
(0) [0x0000001e] 0008:0000001e (unk. ctxt): mov eax, 0x10 ; b8100000
00
<bochs:32> u/10
0000001e: ( ): mov eax, 0x10 ; b810000000
00000023: ( ): mov ds, ax ; 8ed8
00000025: ( ): mov es, ax ; 8ec0
00000027: ( ): mov fs, ax ; 8ee0
00000029: ( ): mov gs, ax ; 8ee8
0000002b: ( ): lss ds:0x182a4 ; 0fb225a4820100
00000032: ( ): xor eax, eax ; 31c0
00000034: ( ): inc eax ; 40
00000035: ( ): mov dword ptr ds:0x0, eax ; a300000000
0000003a: ( ): cmp dword ptr ds:0x100000, eax ; 390500001000
<bochs:33> dump_cpu
eax:0x00085428, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e268, esi:0x00000000, edi:0x00005cb8
eip:0x0000001e, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x000007ff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x000007ff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000011, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:34> u/20
0000001e: ( ): mov eax, 0x10 ; b810000000
00000023: ( ): mov ds, ax ; 8ed8
00000025: ( ): mov es, ax ; 8ec0
00000027: ( ): mov fs, ax ; 8ee0
00000029: ( ): mov gs, ax ; 8ee8
0000002b: ( ): lss ds:0x182a4 ; 0fb225a4820100
00000032: ( ): xor eax, eax ; 31c0
00000034: ( ): inc eax ; 40
00000035: ( ): mov dword ptr ds:0x0, eax ; a300000000
0000003a: ( ): cmp dword ptr ds:0x100000, eax ; 390500001000
00000040: ( ): jz .+0x34 ; 74f2
00000042: ( ): mov eax, cr0 ; 0f20c0
00000045: ( ): and eax, 0x80000011 ; 2511000080
0000004a: ( ): or eax, 0x2 ; 83c802
0000004d: ( ): mov cr0, eax ; 0f22c0
00000050: ( ): call .+0x5a ; e805000000
00000055: ( ): jmp .+0x5400 ; e9a6530000
0000005a: ( ): fninit ; dbe3
0000005c: ( ): fnstsw ax ; dfe0
0000005e: ( ): cmp al, 0x0 ; 3c00
<bochs:35> lb 0x50
<bochs:36> c
(0) Breakpoint 4, 0x50 in ?? ()
Next at t=1490327
(0) [0x00000050] 0008:00000050 (unk. ctxt): call .+0x5a ; e8050000
00
<bochs:37> x /8wx 0x5cb8
[bochs]:
0x00005cb8 <bogus+ 0>: 0x00000000 0x00000000 0x00000fff
0x00c09a00
0x00005cc8 <bogus+ 16>: 0x00000fff 0x00c09300 0x00000000
0x00000000
<bochs:38>
<bochs:38> lb 0x55
<bochs:39> c
(0) Breakpoint 5, 0x55 in ?? ()
Next at t=1490334
(0) [0x00000055] 0008:00000055 (unk. ctxt): jmp .+0x5400 ; e9a6
00
<bochs:40> dump_cpu
eax:0x00000000, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e268, esi:0x00000000, edi:0x00005cb8
eip:0x00000055, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:41> s
Next at t=1490335
(0) [0x00005400] 0008:00005400 (unk. ctxt): push 0x0 ; 6a00
<bochs:42> dump_cpu
eax:0x00000000, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e268, esi:0x00000000, edi:0x00005cb8
eip:0x00005400, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:43> u /10
00005400: ( ): push 0x0 ; 6a00
00005402: ( ): push 0x0 ; 6a00
00005404: ( ): push 0x0 ; 6a00
00005406: ( ): push 0x5412 ; 6812540000
0000540b: ( ): push 0x664c ; 684c660000
00005410: ( ): jmp .+0x5450 ; eb3e
00005412: ( ): jmp .+0x5412 ; ebfe
00005414: ( ): push ebp ; 55
00005415: ( ): outsb dx, byte ptr ds:[esi] ; 6e
00005416: ( ): imul ebp, dword ptr ds:[esi+0x6f], 0x77 ;
6f77
<bochs:44> s 5
Next at t=1490340
(0) [0x00005410] 0008:00005410 (unk. ctxt): jmp .+0x5450 ; eb3e
<bochs:45> dump_cpu
eax:0x00000000, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e254, esi:0x00000000, edi:0x00005cb8
eip:0x00005410, eflags:0x00000046, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:46> s
Next at t=1490341
(0) [0x00005450] 0008:00005450 (unk. ctxt): mov ecx, 0x1400 ; b900
00
<bochs:47> u/10
00005450: ( ): mov ecx, 0x1400 ; b900140000
00005455: ( ): xor eax, eax ; 31c0
00005457: ( ): xor edi, edi ; 31ff
00005459: ( ): cld ; fc
0000545a: ( ): rep stosd dword ptr es:[edi], eax ; f3ab
0000545c: ( ): mov dword ptr ds:0x0, 0x1007 ; c7050000000
00000
00005466: ( ): mov dword ptr ds:0x4, 0x2007 ; c7050400000
00000
00005470: ( ): mov dword ptr ds:0x8, 0x3007 ; c7050800000
00000
0000547a: ( ): mov dword ptr ds:0xc, 0x4007 ; c7050c00000
00000
00005484: ( ): mov edi, 0x4ffc ; bffc4f0000
<bochs:48> s 9
Next at t=1490350
(0) [0x0000545a] 0008:0000545a (unk. ctxt): rep stosd dword ptr es:[edi], ea
f3ab
<bochs:49> x /8wx 0x0
[bochs]:
0x00000000 <bogus+ 0>: 0x00000000 0x00000000 0x00000000
0x00000000
0x00000010 <bogus+ 16>: 0x00000000 0x000056e8 0x0081e800
0x10b80000
<bochs:50> x /8wx 0xc
[bochs]:
0x0000000c <bogus+ 0>: 0x00000000 0x00000000 0x000056e8
0x0081e800
0x0000001c <bogus+ 16>: 0x10b80000 0x8e000000 0x8ec08ed8
0x0fe88ee0
<bochs:51> x /4gx 0xc
[bochs]:
error: dbg_examine: 'g' (8-byte) unit size not supported.
<bochs:52> x /4wx 0xc
[bochs]:
0x0000000c <bogus+ 0>: 0x00000000 0x00000000 0x000056e8
0x0081e800
<bochs:53> lb 0x5484
<bochs:54> c
(0) Breakpoint 6, 0x5484 in ?? ()
Next at t=1495469
(0) [0x00005484] 0008:00005484 (unk. ctxt): mov edi, 0x4ffc ; bffc
00
<bochs:55> x /4wx 0xc
[bochs]:
0x0000000c <bogus+ 0>: 0x00004007 0x00000000 0x00000000
0x00000000
<bochs:56> x /8wx 0xc
[bochs]:
0x0000000c <bogus+ 0>: 0x00004007 0x00000000 0x00000000
0x00000000
0x0000001c <bogus+ 16>: 0x00000000 0x00000000 0x00000000
0x00000000
<bochs:57> x /8wx 0x0
[bochs]:
0x00000000 <bogus+ 0>: 0x00001007 0x00002007 0x00003007
0x00004007
0x00000010 <bogus+ 16>: 0x00000000 0x00000000 0x00000000
0x00000000
<bochs:58> u/10
00005484: ( ): mov edi, 0x4ffc ; bffc4f0000
00005489: ( ): mov eax, 0xfff007 ; b807f0ff00
0000548e: ( ): std ; fd
0000548f: ( ): stosd dword ptr es:[edi], eax ; ab
00005490: ( ): sub eax, 0x1000 ; 2d00100000
00005495: ( ): jnl .+0x548f ; 7df8
00005497: ( ): xor eax, eax ; 31c0
00005499: ( ): mov cr3, eax ; 0f22d8
0000549c: ( ): mov eax, cr0 ; 0f20c0
0000549f: ( ): or eax, 0x80000000 ; 0d00000080
<bochs:59>
<bochs:59> lb 0x5499
<bochs:60> c
(0) Breakpoint 7, 0x5499 in ?? ()
Next at t=1507761
(0) [0x00005499] 0008:00005499 (unk. ctxt): mov cr3, eax ; 0f22d8
<bochs:61> dump_cpu
eax:0x00000000, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e254, esi:0x00000000, edi:0x00000ffc
eip:0x00005499, eflags:0x00000446, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=5
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:62> s
Next at t=1507762
(0) [0x0000549c] 0008:0000549c (unk. ctxt): mov eax, cr0 ; 0f20c0
<bochs:63> s
Next at t=1507763
(0) [0x0000549f] 0008:0000549f (unk. ctxt): or eax, 0x80000000 ; 0d000000
80
<bochs:64> s
Next at t=1507764
(0) [0x000054a4] 0008:000054a4 (unk. ctxt): mov cr0, eax ; 0f22c0
<bochs:65> dump_cpu
eax:0x80000013, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e254, esi:0x00000000, edi:0x00000ffc
eip:0x000054a4, eflags:0x00000482, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=5
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x00000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:66> s
Next at t=1507765
(0) [0x000054a7] 0008:000054a7 (unk. ctxt): retn ; c3
<bochs:67> dump_cpu
eax:0x80000013, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e254, esi:0x00000000, edi:0x00000ffc
eip:0x000054a7, eflags:0x00000482, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=5
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x80000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:68> s
Next at t=1507766
(0) [0x0000664c] 0008:0000664c (unk. ctxt): push ebp ; 55
<bochs:69> u /10
0000664c: ( ): push ebp ; 55
0000664d: ( ): mov ebp, esp ; 89e5
0000664f: ( ): push edi ; 57
00006650: ( ): push esi ; 56
00006651: ( ): movzx ecx, word ptr ds:0x901fc ; 0fb70dfc01090
0
00006658: ( ): mov dword ptr ds:0x19964, ecx ; 890d64990100
0000665e: ( ): mov edi, 0x1cd78 ; bf78cd0100
00006663: ( ): mov esi, 0x90080 ; be80000900
00006668: ( ): mov ecx, 0x8 ; b908000000
0000666d: ( ): cld ; fc
<bochs:70> dump_cpu
eax:0x80000013, ebx:0x00000003, ecx:0x00000000, edx:0x00008e00
ebp:0x0000013f, esp:0x0001e258, esi:0x00000000, edi:0x00000ffc
eip:0x0000664c, eflags:0x00000482, inhibit_mask:0
cs:s=0x0008, dl=0x000007ff, dh=0x00c09a00, valid=1
ss:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=7
ds:s=0x0010, dl=0x00000fff, dh=0x00c09200, valid=7
es:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=5
fs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
gs:s=0x0010, dl=0x00000fff, dh=0x00c09300, valid=1
ldtr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
tr:s=0x0000, dl=0x00000000, dh=0x00000000, valid=0
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
dr0:0x00000000, dr1:0x00000000, dr2:0x00000000
dr3:0x00000000, dr6:0xffff0ff0, dr7:0x00000400
cr0:0x80000013, cr1:0x00000000, cr2:0x00000000
cr3:0x00000000, cr4:0x00000000
done
<bochs:71>
433
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
