Running code from GCC using STPC bootloader in real mode

Posted on June 19, 2003 at 09:35

Chaps,

I've got a problem which I cant work out. I'm using an STPC elite evaluation kit and booting the CPU using the STPC bootloader. I've written some code using GCC, setup as a cross compiler in RH7.2 for i486-coff. I'm booting in real mode, and copy/executing from 10000h. I'm using a 128K flash, and copying all of the top 64K to 10000h.

The code i've written is below, but in low-level as this is what i understand.

The problem is the code gets as far as a call and stops. Well i think it's the calls that are stopping it, but i'm a little unsure.

When booting the system, I get all the normall post codes from the boot loader.

Then the post code display should show 'CC', then 'DD', then 'BB'. Although I'm only getting as far as 'DD'.

'BB' is output by section __main which is called by section main. After main is called, only ebp/esp get changed and __main is called.

I can't understand why 'BB' is never displayed, as changing esp/ebp should not effect the call (only the stack).

Any help?

PS the code is in AT&T standard format (not masm)

a.out: file format coff-i386

Disassembly of section .text:

00010000 :

10000: 31 c0 xor %eax,%eax

10002: 8c c8 mov %cs,%eax

10004: 8e d8 mov %eax,%ds

10006: 8e c0 mov %eax,%es

10008: b0 cc mov $0xcc,%al

1000a: e6 80 out %al,$0x80

1000c: bc 04 00 00 00 mov $0x4,%esp

10011: b8 08 12 00 00 mov $0x1208,%eax

10016: 8e d0 mov %eax,%ss

10018: b0 dd mov $0xdd,%al

1001a: e6 80 out %al,$0x80

1001c: e8 07 00 00 00 call 10028

10021: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi

00010028 :

10028: 55 push %ebp

10029: 89 e5 mov %esp,%ebp

1002b: 83 ec 08 sub $0x8,%esp

1002e: 83 e4 f0 and $0xfffffff0,%esp

10031: b8 00 00 00 00 mov $0x0,%eax

10036: 29 c4 sub %eax,%esp

10038: e8 3e 00 00 00 call 1007b

1003d: b0 aa mov $0xaa,%al

1003f: e6 80 out %al,$0x80

10041: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp)

10048: 81 7d fc fd ff ff 7f cmpl $0x7ffffffd,0xfffffffc(%ebp)

1004f: 7e 02 jle 10053

10051: eb 0b jmp 1005e

10053: b0 11 mov $0x11,%al

10055: e6 80 out %al,$0x80

10057: 8d 45 fc lea 0xfffffffc(%ebp),%eax

1005a: ff 00 incl (%eax)

1005c: eb ea jmp 10048

1005e: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp)

10065: 81 7d fc fd ff ff 7f cmpl $0x7ffffffd,0xfffffffc(%ebp)

1006c: 7e 02 jle 10070

1006e: eb d1 jmp 10041

10070: b0 22 mov $0x22,%al

10072: e6 80 out %al,$0x80

10074: 8d 45 fc lea 0xfffffffc(%ebp),%eax

10077: ff 00 incl (%eax)

10079: eb ea jmp 10065

0001007b :

1007b: 55 push %ebp

1007c: 89 e5 mov %esp,%ebp

1007e: b0 bb mov $0xbb,%al

10080: e6 80 out %al,$0x80

10082: 5d pop %ebp

10083: c3 ret

Disassembly of section .data:

Posted on June 19, 2003 at 13:35

MurF,

When you start the loader in real mode, the data segments DS and ES are initialized in the GDT in ''flat mode'' and can access the whole memory. It is not the case for the code segment CS which have got the standard real mode limitation of 16 bits for the offset.

This means your jump to 10028 is going to perform a jump to 0028 and have to be replace by a far jump to 1000:0028 (CS=1000 then a jump to 002

.

To be honest, it will be quite difficult to use gcc in real mode. The compiler have been designed for 32bits protected mode. You will probably also have to manually switch your segment from 16bits to 32bits in the GDT.

I highly suggest you to use the example of secondary loader you get from the STPC Development Kit available on this web-site. The examples of loader present in this kit are downloading and executing a WinCE image or a Linux kernel but you can easily replace by your own code. It is also written in C language for gcc

Farfalla