Segment Registers(2)

        In the last chapter, we talked about the usage of segment register on the Windows environment. In this chapter, we will learn the usage of segment register on the RTOS environment together.

        Now,we open the bin file with a hex editor.This is a multiboot system kernel file. Multiboot header magic value is 0x1BADB002.With shown in Picture 1 shows:

Picture 1

        Multiboot Header Format is shown as Picture 2.Bootloader takes charge of loading the OS image from a variety of sources, including floppy disk, hard disk, and across a network.Of course, system kernel files may also be in same file.       

         (https://www.gnu.org/software/grub/manual/multiboot/multiboot.html)

Picture 2

        Multiboot Header structure representing its content is described below:

magic : This member must be the hexadecimal value 0x1BADB002.We can think of it as protocal signature.

flags : The field ‘flags’ specifies features that the OS image requests or requires of a boot loader.

checksum : The field ‘checksum’ is a 32-bit unsigned value which, when added to the other magic fields (‘magic’ and ‘flags’), must have a 32-bit unsigned sum of zero.

        Therefore, according to the above structure, we parse out the specific value of each field as shown in Picture 3 below：

Picture 3

        At this monent,physical address is identical to virtual address.So,we set a break point at 0x12F52028(entry_addr:The physical address to which the boot loader should jump in order to start running the operating system)

        Then, we inspect the value of the registers of virtual machine when QEMU stops executing,as shown inPicture 4.

Picture 4

        According to Multiboot Spec or Multiboot protocal, we learned that When the boot loader invokes the 32-bit operating system, the machine must have a predetermined state,We mainly look at a few states:

        EAX: Must contain the magic value 0x2BADB002; the presence of this value indicates the operating system that it was loaded by a Multiboot-compliant boot loader (e.g. as opposed to another type of boot loader that the operating system can also be loaded from).

        CS: Must be a 32-bit read/execute code segment with an offset of  0  and a limit of 0xFFFFFFFF. The exact value is undefined.

        DS ES FS GS SS:

        Must be a 32-bit read/write data segment with an offset of 0 and a limit of 0xFFFFFFFF. The exact values are all undefined.

        Read GDT value by QEMU,then show memory by GDT point.The value of GDT as  shown in Picture 5 .

Picture 5

        Value of CS register is 0x8.Selecor of DS,ES and SS shares same selector,which is0x10.Their corresponding Segment Descriptors value of selectors 0x08and 0x10 are 0x00cf9a000000ffff and  0x00cf93000000ffff.

        According to Figure 3 in the previous article,Parse CS segment Descriptor:

        Base Address : 0x00

        Long mode : 0x0(IA-32 mode)

        Granularity : 0x1

        Segment Limit : 0xFFFFF

        Present : 0x1

        DPL : 0

        S : 1(0=system,1=CODE/DATA)

        This CODE segment is available for 32-bit programs.segment size is 4G.

        Next step , let’s parsing 0x00cf93000000ffff , it is not difficult to see that except for the properties , everything else is the same . Because this is a DATA Stack segment , this segment has non-executable attribute .

        Reference for this article:Intel® 64 and IA-32 Architectures Software Developer’s Manual

        There are still many shortcomings in the learning process, and I hope my friends will correct me if anything unclear or incorrect. Thank you!