archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/hals/halx86/i386/xxbiosa.asm

705 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. ;++
  2. ;
  3. ; Copyright (c) 1991 Microsoft Corporation
  4. ;
  5. ; Module Name:
  6. ;
  7. ; xxbiosa.asm
  8. ;
  9. ; Abstract:
  10. ;
  11. ; This implements the necessary code to put the processor into
  12. ; V86 mode, make a BIOS call, and return safely to protected mode.
  13. ;
  14. ; Author:
  15. ;
  16. ; John Vert (jvert) 29-Oct-1991
  17. ;
  18. ; Environment:
  19. ;
  20. ; Kernel mode
  21. ;
  22. ; Notes:
  23. ;
  24. ; This module is intended for use in panic situations, such as a bugcheck.
  25. ; As a result, we cannot rely on the integrity of the system so we must
  26. ; handle everything ourselves. Notably, we must map our own memory by
  27. ; adding our own page tables and PTEs.
  28. ;
  29. ; We also cannot call KeBugCheck when we notice something has gone wrong.
  30. ;
  31. ; Revision History:
  32. ;
  33. ;--
  34. .386p
  35. .xlist
  36. include hal386.inc
  37. include callconv.inc ; calling convention macros
  38. include i386\kimacro.inc
  39. .list
  41. extrn _DbgPrint:proc
  42. EXTRNP _DbgBreakPoint,0,IMPORT
  43. EXTRNP Kei386EoiHelper,0,IMPORT
  45. public _HalpRealModeStart
  46. public _HalpRealModeEnd
  47. ;
  48. ; 32-bit override
  49. ;
  50. OVERRIDE equ 66h
  52. ;
  53. ; Reginfo structure
  54. ;
  56. RegInfo struc
  57. RiSegSs dd 0
  58. RiEsp dd 0
  59. RiEFlags dd 0
  60. RiSegCs dd 0
  61. RiEip dd 0
  62. RiTrapFrame dd 0
  63. RiCsLimit dd 0
  64. RiCsBase dd 0
  65. RiCsFlags dd 0
  66. RiSsLimit dd 0
  67. RiSsBase dd 0
  68. RiSsFlags dd 0
  69. RiPrefixFlags dd 0
  70. RegInfo ends
  71. REGINFOSIZE EQU 52
  73. INT_NN_OPCODE EQU 0CDH
  75. page ,132
  76. _DATA SEGMENT DWORD PUBLIC 'DATA'
  78. ;
  79. ; In order to return to the calling function after we've trapped out of
  80. ; V86 mode, we save our ESP value here.
  81. ;
  82. HalpSavedEsp dd 0
  84. _DATA ENDS
  87. _TEXT SEGMENT DWORD PUBLIC 'CODE'
  88. ASSUME DS:NOTHING, ES:NOTHING, SS:FLAT, FS:NOTHING, GS:NOTHING
  90. if DBG
  91. page ,132
  92. subttl "Processing Exception occurred in ABIOS code"
  93. ;++
  94. ; VOID
  95. ; KiAbiosException (
  96. ; VOID
  97. ; )
  98. ;
  99. ; Routine Description:
  100. ;
  101. ; This routine is called after an exception being detected
  102. ; in ABIOS ROM code. The system will switch 16 stack to 32 bit
  103. ; stack and bugcheck.
  104. ;
  105. ; N.B. In fact this routine is simply used to resolve a reference
  106. ; to KiAbiosException routine in the Kimacro.inc ENTER_TRAP
  107. ; macro.
  108. ;
  109. ;
  110. ; Arguments:
  111. ;
  112. ; None.
  113. ;
  114. ; Return value:
  115. ;
  116. ; system stopped.
  117. ;
  118. ;--
  119. public _KiAbiosException
  120. _KiAbiosException proc
  121. _Ki16BitStackException:
  122. ret
  124. _KiAbiosException endp
  126. endif
  129. ;++
  130. ; ULONG
  131. ; HalpBorrowTss (
  132. ; VOID
  133. ; )
  134. ;
  135. ; Routine Description:
  136. ;
  137. ; This routine checks if the current TSS has IO MAP space.
  138. ; if yes, it simply returns. Otherwise, it switches to use
  139. ; the regular TSS.
  140. ;
  141. ; Arguments:
  142. ;
  143. ; None.
  144. ;
  145. ; Return value:
  146. ;
  147. ; Return original TSS selector if the regular Tss is borrowed by us.
  148. ;
  149. ;--
  150. cPublicProc _HalpBorrowTss, 0
  151. cPublicFpo 0, 0
  153. xor eax, eax
  154. str ax
  155. mov edx, PCR[PcGdt]
  156. add edx, eax ; (edx)->Gdt Entry of current
  157. ; TSS
  158. xor ecx, ecx
  159. mov cl, [edx].KgdtLimitHi
  160. shl ecx, 16
  161. mov cx, [edx].KgdtLimitLow ; (ecx) = TSS limit
  162. cmp ecx, 2000H ; Is Io map space available?
  163. ja short Hbt99 ; if a, yes, return
  165. sub edx, eax ; (edx)->GDT table
  166. mov ch, [edx+KGDT_TSS+KgdtBaseHi]
  167. mov cl, [edx+KGDT_TSS+KgdtBaseMid]
  168. shl ecx, 16
  169. mov cx, [edx+KGDT_TSS+KgdtBaseLow]
  170. mov PCR[PcTss], ecx
  171. mov ecx, KGDT_TSS ; switch to use regular TSS
  172. mov byte ptr [edx+KGDT_TSS+5], 089h ; 32bit, dpl=0, present, TSS32,
  173. ; not busy.
  174. ltr cx
  175. stdRET _HalpBorrowTss ; (eax) = Original TSS sel
  177. Hbt99:
  178. xor eax, eax ; No TSS swapped
  179. stdRET _HalpBorrowTss
  181. stdENDP _HalpBorrowTss
  184. ;++
  185. ; VOID
  186. ; HalpReturnTss (
  187. ; ULONG TssSelector
  188. ; )
  189. ;
  190. ; Routine Description:
  191. ;
  192. ; This routine switches the current TSS from regular TSS back to
  193. ; the panic TSS (NMI TSS or Double fault TSS).
  194. ;
  195. ; Arguments:
  196. ;
  197. ; TssSelector - the TSS selector to return to.
  198. ;
  199. ; Return value:
  200. ;
  201. ; None.
  202. ;
  203. ;--
  204. cPublicProc _HalpReturnTss, 1
  205. cPublicFpo 1, 0
  207. mov edx, PCR[PcGdt] ; (edx)-> Gdt table
  208. mov eax, [esp + 4]
  209. and eax, 0FFFFh ; (eax)= New TSS sel
  210. add edx, eax ; (edx)->Gdt Entry of new TSS
  212. mov ch, [edx+KgdtBaseHi]
  213. mov cl, [edx+KgdtBaseMid]
  214. shl ecx, 16
  215. mov cx, [edx+KgdtBaseLow]
  216. mov PCR[PcTss], ecx
  217. mov byte ptr [edx+5], 089h ; 32bit, dpl=0, present, TSS32,
  218. ltr ax
  219. stdRET _HalpReturnTss ; return and clear stack
  221. stdENDP _HalpReturnTss
  223. ;++
  224. ;
  225. ; VOID
  226. ; HalpBiosCall
  227. ; VOID
  228. ; )
  229. ;
  230. ; Routine Description:
  231. ;
  232. ; This routine completes the transition to real mode, calls BIOS, and
  233. ; returns to protected mode.
  234. ;
  235. ; Arguments:
  236. ;
  237. ; None.
  238. ;
  239. ; Return Value:
  240. ;
  241. ; None.
  242. ;
  243. ;--
  244. ;;ALIGN 4096
  245. cPublicProc _HalpBiosCall ,0
  247. push ebp
  248. mov ebp, esp
  249. pushfd
  250. push edi
  251. push esi
  252. push ebx
  253. push ds
  254. push es
  255. push fs
  256. push gs
  257. push offset FLAT:HbcProtMode ; address where we will start
  258. ; protected mode again once
  259. ; V86 has completed.
  260. mov HalpSavedEsp, esp
  262. mov eax, cr0 ; make sure alignment
  263. and eax, not CR0_AM ; checks are disabled
  264. mov cr0, eax
  266. ;
  267. ; Create space for the V86 trap frame and update the ESP0 value in the TSS
  268. ; to use this space. We will set this up just below our current stack pointer.
  269. ; The stuff we push on the stack after we set ESP0 is irrelevant once we
  270. ; make it to V86 mode, so it's ok to blast it.
  271. ;
  272. mov esi, fs:PcTss ; (esi) -> TSS
  273. mov eax, esp
  274. sub eax, NPX_FRAME_LENGTH ; skip FP save area
  275. mov [esi]+TssEsp0, eax
  277. push dword ptr 0h ; V86 GS
  278. push dword ptr 0h ; V86 FS
  279. push dword ptr 0h ; V86 DS
  280. push dword ptr 0h ; V86 ES
  281. push dword ptr 2000h ; V86 SS
  283. ;
  284. ; We calculate the V86 sp by adding the difference between the linear address
  285. ; of the V86 ip (HbcReal) and the linear address of the V86 sp (HbcV86Stack)
  286. ; to the offset of the V86 ip (HbcReal & 0xfff).
  287. ;
  289. mov eax, offset FLAT:HbcV86Stack-4
  290. sub eax, offset FLAT:HbcReal
  291. mov edx, offset HbcReal
  292. and edx, 0fffh
  293. add eax, edx
  294. push eax ; V86 esp
  296. pushfd
  297. or dword ptr [esp], EFLAGS_V86_MASK; V86 eflags
  298. or [esp], 03000h ; Give IOPL3
  299. push dword ptr 2000h ; V86 CS
  300. mov eax, offset HbcReal
  301. and eax, 0fffh
  303. push edx ; V86-mode EIP is offset
  304. ; into CS.
  305. iretd
  307. _HalpRealModeStart label byte
  309. HbcReal:
  310. db OVERRIDE ; make mov 32-bits
  311. mov eax, 12h ; 640x480x16 colors
  312. int 10h
  314. db 0c4h, 0c4h ; BOP to indicate V86 mode is done.
  316. ;
  317. ; V86-mode stack
  318. ;
  319. align 4
  320. db 2048 dup(0)
  321. HbcV86Stack:
  323. _HalpRealModeEnd label byte
  325. HbcProtMode:
  326. ;
  327. ; We are back from V86 mode, so restore everything we saved and we are done.
  328. ;
  329. pop gs
  330. pop fs
  331. pop es
  332. pop ds
  333. pop ebx
  334. pop esi
  335. pop edi
  336. popfd
  337. pop ebp
  338. stdRET _HalpBiosCall
  340. public _HalpBiosCallEnd
  341. _HalpBiosCallEnd label byte
  345. _HalpBiosCall endp
  348. subttl "HAL General Protection Fault"
  349. ;++
  350. ;
  351. ; Routine Description:
  352. ;
  353. ; Handle General protection fault.
  354. ;
  355. ; This fault handler is used by the HAL for V86 mode faults only.
  356. ; It should NEVER be used except when running in V86 mode. The HAL
  357. ; replaces the general-purpose KiTrap0D handler entry in the IDT with
  358. ; this routine. This allows us to emulate V86-mode instructions which
  359. ; cause a fault. After we return from V86 mode, we can restore the
  360. ; KiTrap0D handler in the IDT.
  361. ;
  362. ; Arguments:
  363. ;
  364. ; At entry, the saved CS:EIP point to the faulting instruction
  365. ; Error code (whose value depends on detected condition) is provided.
  366. ;
  367. ; Return value:
  368. ;
  369. ; None
  370. ;
  371. ;--
  372. ASSUME DS:FLAT, SS:NOTHING, ES:FLAT
  374. ENTER_DR_ASSIST Htd_a, Htd_t, NoAbiosAssist
  375. cPublicProc _HalpTrap0D ,0
  377. ENTER_TRAP Htd_a, Htd_t
  379. ;
  380. ; Did the trap occur in V86 mode? If not, something is completely messed up.
  381. ;
  382. test dword ptr [ebp]+TsEFlags,00020000H
  383. jnz Ht0d10
  385. ;
  386. ; The trap was not from V86 mode, so something is very wrong. We cannot
  387. ; BugCheck, since we are probably already in a BugCheck. So just stop.
  388. ;
  390. if DBG
  391. _TEXT segment
  392. MsgBadHalTrap db 'HAL: Trap0D while not in V86 mode',0ah,0dh,0
  393. _TEXT ends
  395. push offset FLAT:MsgBadHalTrap
  396. call _DbgPrint
  397. add esp,4
  398. stdCall _DbgBreakPoint
  399. endif
  400. ;
  401. ; We can't bugcheck, so just commit suicide. Maybe we should reboot?
  402. ;
  403. jmp $
  405. Ht0d10:
  406. stdCall HalpDispatchV86Opcode
  407. SPURIOUS_INTERRUPT_EXIT
  408. stdENDP _HalpTrap0d
  410. subttl "HAL Invalid Opcode Fault"
  411. ;++
  412. ;
  413. ; Routine Description:
  414. ;
  415. ; Handle invalid opcode fault
  416. ;
  417. ; This fault handler is used by the HAL to indicate when V86 mode
  418. ; execution is finished. The V86 code attempts to execute an invalid
  419. ; instruction (BOP) when it is done, and that brings us here.
  420. ; This routine just removes the trap frame from the stack and does
  421. ; a RET. Note that this assumes that ESP0 in the TSS has been set
  422. ; up to point to the top of the stack that we want to be running on
  423. ; when the V86 call has completed.
  424. ;
  425. ; This should NEVER be used except when running in V86 mode. The HAL
  426. ; replaces the general-purpose KiTrap06 handler entry in the IDT with
  427. ; this routine. It also sets up ESP0 in the TSS appropriately. After
  428. ; the V86 call has completed, it restores these to their previous values.
  429. ;
  430. ; Arguments:
  431. ;
  432. ; At entry, the saved CS:EIP point to the faulting instruction
  433. ; Error code (whose value depends on detected condition) is provided.
  434. ;
  435. ; Return value:
  436. ;
  437. ; None
  438. ;
  439. ;--
  440. ASSUME DS:FLAT, SS:NOTHING, ES:FLAT
  442. cPublicProc _HalpTrap06 ,0
  443. mov eax,KGDT_R3_DATA OR RPL_MASK
  444. mov ds,ax
  445. mov es,ax
  446. mov esp, HalpSavedEsp
  447. ret
  449. stdENDP _HalpTrap06
  451. subttl "Instruction Emulation Dispatcher"
  452. ;++
  453. ;
  454. ; Routine Description:
  455. ;
  456. ; This routine dispatches to the opcode specific emulation routine,
  457. ; based on the first byte of the opcode. Two byte opcodes, and prefixes
  458. ; result in another level of dispatching, from the handling routine.
  459. ;
  460. ; This code blatantly stolen from ke\i386\instemul.asm
  461. ;
  462. ; Arguments:
  463. ;
  464. ; ebp = pointer to trap frame
  465. ;
  466. ; Returns:
  467. ;
  468. ; Nothing
  469. ;
  471. cPublicProc HalpDispatchV86Opcode ,0
  473. RI equ [ebp - REGINFOSIZE]
  474. push ebp
  475. mov ebp,esp
  476. sub esp,REGINFOSIZE
  477. push esi
  478. push edi
  480. ; Initialize RegInfo
  482. mov esi,[ebp]
  483. mov RI.RiTrapFrame,esi
  484. movzx eax,word ptr [esi].TsHardwareSegSs
  485. mov RI.RiSegSs,eax
  486. mov eax,[esi].TsHardwareEsp
  487. mov RI.RiEsp,eax
  488. mov eax,[esi].TsEFlags
  489. mov RI.RiEFlags,eax
  490. movzx eax,word ptr [esi].TsSegCs
  491. mov RI.RiSegCs,eax
  492. mov eax,[esi].TsEip
  493. mov RI.RiEip,eax
  495. xor eax,eax
  496. mov RI.RiPrefixFlags,eax
  497. lea esi,RI
  499. ;
  500. ; Convert CS to a linear address
  501. ;
  503. mov eax,[esi].RiSegCs
  504. shl eax,4
  505. mov [esi].RiCsBase,eax
  506. mov [esi].RiCsLimit,0FFFFh
  507. mov [esi].RiCsFlags,0
  509. mov edi,RI.RiEip
  510. cmp edi,RI.RiCsLimit
  511. ja doerr
  513. add edi,RI.RiCsBase
  514. mov dl, [edi] ; get faulting opcode
  515. cmp dl, INT_NN_OPCODE
  516. je short @f
  518. stdCall HalpOpcodeInvalid
  519. jmp short doerr
  521. @@:
  522. stdCall HalpOpcodeINTnn
  523. test eax,0FFFFh
  524. jz do20
  526. mov edi,RI.RiTrapFrame
  527. mov eax,RI.RiEip ; advance eip
  528. mov [edi].TsEip,eax
  529. mov eax,1
  530. do20: pop edi
  531. pop esi
  532. mov esp,ebp
  533. pop ebp
  534. ret
  536. doerr: xor eax,eax
  537. jmp do20
  538. stdENDP HalpDispatchV86Opcode
  540. page ,132
  541. subttl "Invalid Opcode Handler"
  542. ;++
  543. ;
  544. ; Routine Description:
  545. ;
  546. ; This routine handles invalid opcodes. It prints the invalid
  547. ; opcode message, and breaks into the kernel debugger.
  548. ;
  549. ; Arguments:
  550. ;
  551. ; esi = address of reg info
  552. ; edx = opcode
  553. ;
  554. ; Returns:
  555. ;
  556. ; nothing
  557. ;
  559. _TEXT segment
  560. HalpMsgInvalidOpcode db 'HAL: An invalid V86 opcode was encountered at '
  561. db 'address %x:%x',0ah, 0dh, 0
  562. _TEXT ends
  564. cPublicProc HalpOpcodeInvalid ,0
  566. push [esi].RiEip
  567. push [esi].RiSegCs
  568. push offset FLAT:HalpMsgInvalidOpcode
  569. call _DbgPrint ; display invalid opcode message
  570. add esp,12
  571. int 3
  572. xor eax,eax
  573. stdRET HalpOpcodeInvalid
  575. stdENDP HalpOpcodeInvalid
  577. subttl "INTnn Opcode Handler"
  578. ;++
  579. ;
  580. ; Routine Description:
  581. ;
  582. ; This routine emulates an INTnn opcode. It retrieves the handler
  583. ; from the IVT, pushes the current cs:ip and flags on the stack,
  584. ; and dispatches to the handler.
  585. ;
  586. ; Arguments:
  587. ;
  588. ; esi = address of reg info
  589. ; edx = opcode
  590. ;
  591. ; Returns:
  592. ;
  593. ; Current CS:IP on user stack
  594. ; RiCs:RiEip -> handler from IVT
  595. ;
  597. cPublicProc HalpOpcodeINTnn ,0
  599. push ebp
  600. push edi
  601. push ebx
  603. ;
  604. ; Convert SS to linear address
  605. ;
  606. mov eax,[esi].RiSegSs
  607. shl eax,4
  608. mov [esi].RiSsBase,eax
  609. mov [esi].RiSsLimit,0FFFFh
  610. mov [esi].RiSsFlags,0
  612. inc [esi].RiEip ; point to int #
  613. mov edi,[esi].RiEip
  614. cmp edi,[esi].RiCsLimit
  615. ja oinerr
  617. add edi,[esi].RiCsBase
  618. movzx ecx,byte ptr [edi] ; get int #
  619. inc [esi].RiEip ; inc past end of instruction
  620. stdCall HalpPushInt
  621. test eax,0FFFFh
  622. jz oin20 ; error!
  623. ;
  624. ; Note: Some sort of check for BOP should go here, or in push int.
  625. ;
  627. mov ebp,[esi].RiTrapFrame
  628. mov eax,[esi].RiSegSs
  629. mov [ebp].TsHardwareSegSs,eax
  630. mov eax,[esi].RiEsp
  631. mov [ebp].TsHardwareEsp,eax
  632. mov eax,[esi].RiSegCs
  633. mov [ebp].TsSegCs,eax
  634. mov eax,[esi].RiEFlags
  635. mov [ebp].TsEFlags,eax
  636. mov eax,1
  637. oin20: pop ebx
  638. pop edi
  639. pop ebp
  640. stdRET HalpOpcodeINTnn
  642. oinerr: xor eax,eax
  643. jmp oin20
  645. stdENDP HalpOpcodeINTnn
  647. page ,132
  648. subttl "Push Interrupt frame on user stack"
  649. ;++
  650. ;
  651. ; Routine Description:
  652. ;
  653. ; This routine pushes an interrupt frame on the user stack
  654. ;
  655. ; Arguments:
  656. ;
  657. ; ecx = interrupt #
  658. ; esi = address of reg info
  659. ; Returns:
  660. ;
  661. ; interrupt frame pushed on stack
  662. ; reg info updated
  663. ;
  664. cPublicProc HalpPushInt ,0
  665. push ebx
  667. mov edx,[esi].RiEsp
  668. mov ebx,[esi].RiSsBase
  669. and edx,0FFFFh ; only use a 16 bit sp
  670. sub dx,2
  671. mov ax,word ptr [esi].RiEFlags
  672. mov [ebx+edx],ax ; push flags
  673. sub dx,2
  674. mov ax,word ptr [esi].RiSegCs
  675. mov [ebx+edx],ax ; push cs
  676. sub dx,2
  677. mov ax,word ptr [esi].RiEip
  678. mov [ebx+edx],ax ; push ip
  679. mov eax,[ecx*4] ; get new cs:ip value
  680. push eax
  681. movzx eax,ax
  682. mov [esi].RiEip,eax
  683. pop eax
  684. shr eax,16
  685. mov [esi].RiSegCs,eax
  686. mov word ptr [esi].RiEsp,dx
  688. ;
  689. ; Convert CS to a linear address
  690. ;
  692. mov eax,[esi].RiSegCs
  693. shl eax,4
  694. mov [esi].RiCsBase,eax
  695. mov [esi].RiCsLimit,0FFFFh
  696. mov [esi].RiCsFlags,0
  698. mov eax,1 ; success
  699. pi80: pop ebx
  700. stdRET HalpPushInt
  701. stdENDP HalpPushInt
  704. _TEXT ends
  705. end