Debug int 13h 02h function of boot sector in bochs

616 views Asked by At

I want to debug a boot sector and it reads the floppy disk. I debug it in bochs and want to check if it reads successfully or failure. I know the AH register can return the code, but I also want to see what it reads, so I want to check the es:bx stack in the physical memory, but it all spreads 0x00. why?

This code written by as86 and linked by ld86. I created the floppy image using bochs Disk Image Creation Tool and using command dd bs=32 if=boot of=/dev/fd0 skip=1 to creat this bootable floppy image.

I noticed that flag rerturned 0x00000046 so the CF is 0 that indicate the action has no error. But the ax register is 0x0201. ah register is 0x02 is errcode. I don't know why?

Following is my bochs file:

megs: 16

romimage: file=$BXSHARE/BIOS-bochs-latest
vgaromimage: file=$BXSHARE/VGABIOS-lgpl-latest

floppya: 1_44="floppya.img", status=inserted

ata0-master: type=disk, path="hd.img", cylinders=365, heads=16, spt=63

boot: a

log: bochsout.txt

panic: action=ask
error: action=report
info: action=report
debug: action=ignore

cpu: ips=15000000
clock: sync=both

vga: extension=vbe, update_freq=15

mouse: enabled=0

Here is code:

BOOTSEG = 0x07c0
SYSSEG    = 0x1000

entry start
start:
    jmpi go, #BOOTSEG
go: mov ax, cs
    mov ds, ax
    mov ss, ax
    mov sp, #400

    mov dx, #0x0000
    mov cx, #0x0002
    mov ax, #SYSSEG
    mov es, ax
    xor   bx, bx
    mov ax, #0x201
    int 0x13

.org 510
    .word 0xAA55
    .word 0xFFFF

Code written by as86 and I add one word at the beginning of the second sector.

I paste the debug info in bochs.

========================================================================
00000000000i[      ] reading configuration from bochsrc
00000000000i[      ] installing win32 module as the Bochs GUI
00000000000i[      ] using log file bochsout.txt
Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): jmpf 0xf000:e05b          ; ea5be000
f0
<bochs:1> b 0x7c00
<bochs:2> c
(0) Breakpoint 1, 0x0000000000007c00 in ?? ()
Next at t=61419250
(0) [0x000000007c00] 0000:7c00 (unk. ctxt): jmpf 0x07c0:0005          ; ea0500c0
07
    <bochs:3> s
Next at t=61419251
(0) [0x000000007c05] 07c0:0005 (unk. ctxt): mov ax, cs                ; 8cc8
<bochs:4> s
Next at t=61419252
(0) [0x000000007c07] 07c0:0007 (unk. ctxt): mov ds, ax                ; 8ed8
<bochs:5> s
Next at t=61419253
(0) [0x000000007c09] 07c0:0009 (unk. ctxt): mov ss, ax                ; 8ed0
<bochs:6> s
Next at t=61419254
(0) [0x000000007c0b] 07c0:000b (unk. ctxt): mov sp, 0x0400            ; bc0004
<bochs:7> s
Next at t=61419255
(0) [0x000000007c0e] 07c0:000e (unk. ctxt): mov dx, 0x0000            ; ba0000
<bochs:8> s
Next at t=61419256
(0) [0x000000007c11] 07c0:0011 (unk. ctxt): mov cx, 0x0002            ; b90200
<bochs:9> s
Next at t=61419257
(0) [0x000000007c14] 07c0:0014 (unk. ctxt): mov ax, 0x1000            ; b80010
<bochs:10> s
Next at t=61419258
(0) [0x000000007c17] 07c0:0017 (unk. ctxt): mov es, ax                ; 8ec0
<bochs:11> s
Next at t=61419259
(0) [0x000000007c19] 07c0:0019 (unk. ctxt): xor bx, bx                ; 31db
<bochs:12> s
Next at t=61419260
(0) [0x000000007c1b] 07c0:001b (unk. ctxt): mov ax, 0x0201            ; b80102
<bochs:13> s
Next at t=61419261
(0) [0x000000007c1e] 07c0:001e (unk. ctxt): int 0x13                  ; cd13
<bochs:14> s
Next at t=61419262
(0) [0x0000000fe3fe] f000:e3fe (unk. ctxt): jmp .-19908 (0x000f963d)  ; e93cb2
<bochs:15> r
rax: 00000000_00000201 rcx: 00000000_00090002
rdx: 00000000_00000000 rbx: 00000000_00000000
rsp: 00000000_000003fa rbp: 00000000_00000000
rsi: 00000000_000e0000 rdi: 00000000_0000ffac
r8 : 00000000_00000000 r9 : 00000000_00000000
r10: 00000000_00000000 r11: 00000000_00000000
r12: 00000000_00000000 r13: 00000000_00000000
r14: 00000000_00000000 r15: 00000000_00000000
rip: 00000000_0000e3fe
eflags 0x00000046: id vip vif ac vm rf nt IOPL=0 of df if tf sf ZF af PF cf
<bochs:16> sreg
es:0x1000, dh=0x00009301, dl=0x0000ffff, valid=1
        Data segment, base=0x00010000, limit=0x0000ffff, Read/Write, Accessed
cs:0xf000, dh=0x0000930f, dl=0x0000ffff, valid=1
        Data segment, base=0x000f0000, limit=0x0000ffff, Read/Write, Accessed
ss:0x07c0, dh=0x00009300, dl=0x7c00ffff, valid=7
        Data segment, base=0x00007c00, limit=0x0000ffff, Read/Write, Accessed
ds:0x07c0, dh=0x00009300, dl=0x7c00ffff, valid=1
        Data segment, base=0x00007c00, limit=0x0000ffff, Read/Write, Accessed
fs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
        Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
gs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
        Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
tr:0x0000, dh=0x00008b00, dl=0x0000ffff, valid=1
gdtr:base=0x00000000000fa1f7, limit=0x30
idtr:base=0x0000000000000000, limit=0x3ff
<bochs:17> xp /40bx 0x10000
[bochs]:
0x0000000000010000 <bogus+       0>:    0x00    0x00    0x00    0x00    0x00
0x00    0x00    0x00
0x0000000000010008 <bogus+       8>:    0x00    0x00    0x00    0x00    0x00
0x00    0x00    0x00
0x0000000000010010 <bogus+      16>:    0x00    0x00    0x00    0x00    0x00
0x00    0x00    0x00
0x0000000000010018 <bogus+      24>:    0x00    0x00    0x00    0x00    0x00
0x00    0x00    0x00
0x0000000000010020 <bogus+      32>:    0x00    0x00    0x00    0x00    0x00
0x00    0x00    0x00
2

There are 2 answers

1
Igor Skochinsky On BEST ANSWER

Your last s steps into the interrupt handler (note the address f000:e3fe - this is inside the BIOS). It did not do anything yet, so ax retains the value you passed to the interrupt. You need to either step until you return to your code, or put breakpoint after the interrupt and continue. Only then you should inspect CF and other registers.

2
Jester On

You forgot to show what command you tried (maybe you were looking at the wrong address), and whether your floppy image has something other than zero bytes in the sector you load ;) You also didn't say what assembler you were using and how you created the image.

I have tested with this code, using nasm:

    mov dx, 0x0000
    mov cx, 0x0002
    mov ax, 0x1000
    mov es, ax
    xor bx, bx
    mov ax, 0x201
    int 0x13
    jmp $

times 510 - ($-$$) db 0
dw 0xAA55 ; signature
times 512 db 0xaa ; fill 2nd sector with 0xaa
times 1474560 - ($-$$) db 0 ; fill rest of image with 00

Booting the created image in bochs:

(0) [0x0000000000007c10] 0000:7c10 (unk. ctxt): int 0x13                  ; cd13
<bochs:9>
Next at t=13210529
(0) [0x0000000000007c12] 0000:7c12 (unk. ctxt): jmp .-2 (0x00007c12)      ; ebfe
<bochs:10> r
rax: 0x00000000_00000001 rcx: 0x00000000_00000002
rdx: 0x00000000_00000000 rbx: 0x00000000_00000000
rsp: 0x00000000_0000ffd6 rbp: 0x00000000_00000000
rsi: 0x00000000_000e91b9 rdi: 0x00000000_0000ffac
r8 : 0x00000000_00000000 r9 : 0x00000000_00000000
r10: 0x00000000_00000000 r11: 0x00000000_00000000
r12: 0x00000000_00000000 r13: 0x00000000_00000000
r14: 0x00000000_00000000 r15: 0x00000000_00000000
rip: 0x00000000_00007c12
eflags 0x00000046: id vip vif ac vm rf nt IOPL=0 of df if tf sf ZF af PF cf
<bochs:11> xp/32bx 0x10000
[bochs]:
0x0000000000010000 <bogus+       0>:    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa
0x0000000000010008 <bogus+       8>:    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa
0x0000000000010010 <bogus+      16>:    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa
0x0000000000010018 <bogus+      24>:    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa    0xaa

You can see that AH=0 (meaning no error), AL=1 (meaning 1 sector loaded) and indeed the data is there in memory.