v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?

Conclusion

v8086, Execute 16bit Code in ProtectedMode

Corentin Derbois

corentin@lse.epita.frhttp://www.lse.epita.fr

July 17, 2013

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086CPU execution workflow

Why?

How to?

Conclusion

Plan

1 v8086CPU execution workflowWhy?

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086CPU execution workflow

Why?

How to?

Conclusion

Workflow

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086CPU execution workflow

Why?

How to?

Conclusion

Rationale

• Easy video management• 16 bit code execution• BIOS data information access

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Plan

2 How to?Enable Virtual-8086 ModeInterruption managementExecutionExit from v8086Issues & Solutions

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Enable Virtual-8086 Mode

Needed value

• CS/SS/SP/IP• Eflags

• VM• IOCTLX• NT if iret is used

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

VM & NT

Man page: 20.2

The processor runs in virtual-8086 mode when the VM(virtual machine) flag in the EFLAGS register is set.• A CALL or JMP instruction.• An IRET instruction, where the NT flag in the

EFLAGS image is set to 1.

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Tss

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Interruption managment

Interruption mode

In v8086 all interruptions can be managed in two differentway:• Redirected in protected mode• Managed by the 8086 virtual processor

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

IOPL table

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Execution

Real mode

• Real mode address• Pagination is enabled• Virtualized interruptions

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

RealMode address

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Exit

Exit

• Don’t exit, use task• Use interruptions to comunicate

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Issues

Issues

• Switch time• Lower addresses in vitual address space• BIOS at specific address• Long mode

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?Enable Virtual-8086 Mode

Interruption management

Execution

Exit from v8086

Issues & Solutions

Conclusion

Solution

Emulation 8086Emulation of 8086 gave the possibility to bypass most ofthe problems of v8086, like switching context.

Special case: Emulation of interruption

• IVT at 0x0• transform interrupt to jump

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?

Conclusion

Plan

3 Conclusion

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?

Conclusion

Conclusion

Used by current system

• Windows• Linux• Bsd

v8086, Execute16bit Code in

Protected Mode

Corentin Derbois

v8086

How to?

Conclusion

Questions?