I want to debug a boot sector and it reads the floppy disk. I debug it in bochs and want to check if it reads successfully or failure. I know the AH register can return the code, but I also want to see what it reads, so I want to check the es:bx stack in the physical memory, but it all spreads 0x00. why?
This code written by as86 and linked by ld86.
I created the floppy image using bochs Disk Image Creation Tool and using command dd bs=32 if=boot of=/dev/fd0 skip=1
to creat this bootable floppy image.
I noticed that flag rerturned 0x00000046 so the CF is 0 that indicate the action has no error. But the ax register is 0x0201. ah register is 0x02 is errcode. I don't know why?
Following is my bochs file:
megs: 16
romimage: file=$BXSHARE/BIOS-bochs-latest
vgaromimage: file=$BXSHARE/VGABIOS-lgpl-latest
floppya: 1_44="floppya.img", status=inserted
ata0-master: type=disk, path="hd.img", cylinders=365, heads=16, spt=63
boot: a
log: bochsout.txt
panic: action=ask
error: action=report
info: action=report
debug: action=ignore
cpu: ips=15000000
clock: sync=both
vga: extension=vbe, update_freq=15
mouse: enabled=0
Here is code:
BOOTSEG = 0x07c0
SYSSEG = 0x1000
entry start
start:
jmpi go, #BOOTSEG
go: mov ax, cs
mov ds, ax
mov ss, ax
mov sp, #400
mov dx, #0x0000
mov cx, #0x0002
mov ax, #SYSSEG
mov es, ax
xor bx, bx
mov ax, #0x201
int 0x13
.org 510
.word 0xAA55
.word 0xFFFF
Code written by as86 and I add one word at the beginning of the second sector.
I paste the debug info in bochs.
========================================================================
00000000000i[ ] reading configuration from bochsrc
00000000000i[ ] installing win32 module as the Bochs GUI
00000000000i[ ] using log file bochsout.txt
Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): jmpf 0xf000:e05b ; ea5be000
f0
<bochs:1> b 0x7c00
<bochs:2> c
(0) Breakpoint 1, 0x0000000000007c00 in ?? ()
Next at t=61419250
(0) [0x000000007c00] 0000:7c00 (unk. ctxt): jmpf 0x07c0:0005 ; ea0500c0
07
<bochs:3> s
Next at t=61419251
(0) [0x000000007c05] 07c0:0005 (unk. ctxt): mov ax, cs ; 8cc8
<bochs:4> s
Next at t=61419252
(0) [0x000000007c07] 07c0:0007 (unk. ctxt): mov ds, ax ; 8ed8
<bochs:5> s
Next at t=61419253
(0) [0x000000007c09] 07c0:0009 (unk. ctxt): mov ss, ax ; 8ed0
<bochs:6> s
Next at t=61419254
(0) [0x000000007c0b] 07c0:000b (unk. ctxt): mov sp, 0x0400 ; bc0004
<bochs:7> s
Next at t=61419255
(0) [0x000000007c0e] 07c0:000e (unk. ctxt): mov dx, 0x0000 ; ba0000
<bochs:8> s
Next at t=61419256
(0) [0x000000007c11] 07c0:0011 (unk. ctxt): mov cx, 0x0002 ; b90200
<bochs:9> s
Next at t=61419257
(0) [0x000000007c14] 07c0:0014 (unk. ctxt): mov ax, 0x1000 ; b80010
<bochs:10> s
Next at t=61419258
(0) [0x000000007c17] 07c0:0017 (unk. ctxt): mov es, ax ; 8ec0
<bochs:11> s
Next at t=61419259
(0) [0x000000007c19] 07c0:0019 (unk. ctxt): xor bx, bx ; 31db
<bochs:12> s
Next at t=61419260
(0) [0x000000007c1b] 07c0:001b (unk. ctxt): mov ax, 0x0201 ; b80102
<bochs:13> s
Next at t=61419261
(0) [0x000000007c1e] 07c0:001e (unk. ctxt): int 0x13 ; cd13
<bochs:14> s
Next at t=61419262
(0) [0x0000000fe3fe] f000:e3fe (unk. ctxt): jmp .-19908 (0x000f963d) ; e93cb2
<bochs:15> r
rax: 00000000_00000201 rcx: 00000000_00090002
rdx: 00000000_00000000 rbx: 00000000_00000000
rsp: 00000000_000003fa rbp: 00000000_00000000
rsi: 00000000_000e0000 rdi: 00000000_0000ffac
r8 : 00000000_00000000 r9 : 00000000_00000000
r10: 00000000_00000000 r11: 00000000_00000000
r12: 00000000_00000000 r13: 00000000_00000000
r14: 00000000_00000000 r15: 00000000_00000000
rip: 00000000_0000e3fe
eflags 0x00000046: id vip vif ac vm rf nt IOPL=0 of df if tf sf ZF af PF cf
<bochs:16> sreg
es:0x1000, dh=0x00009301, dl=0x0000ffff, valid=1
Data segment, base=0x00010000, limit=0x0000ffff, Read/Write, Accessed
cs:0xf000, dh=0x0000930f, dl=0x0000ffff, valid=1
Data segment, base=0x000f0000, limit=0x0000ffff, Read/Write, Accessed
ss:0x07c0, dh=0x00009300, dl=0x7c00ffff, valid=7
Data segment, base=0x00007c00, limit=0x0000ffff, Read/Write, Accessed
ds:0x07c0, dh=0x00009300, dl=0x7c00ffff, valid=1
Data segment, base=0x00007c00, limit=0x0000ffff, Read/Write, Accessed
fs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
gs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
tr:0x0000, dh=0x00008b00, dl=0x0000ffff, valid=1
gdtr:base=0x00000000000fa1f7, limit=0x30
idtr:base=0x0000000000000000, limit=0x3ff
<bochs:17> xp /40bx 0x10000
[bochs]:
0x0000000000010000 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
0x0000000000010008 <bogus+ 8>: 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
0x0000000000010010 <bogus+ 16>: 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
0x0000000000010018 <bogus+ 24>: 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
0x0000000000010020 <bogus+ 32>: 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
Your last
s
steps into the interrupt handler (note the addressf000:e3fe
- this is inside the BIOS). It did not do anything yet, soax
retains the value you passed to the interrupt. You need to either step until you return to your code, or put breakpoint after the interrupt and continue. Only then you should inspectCF
and other registers.