The shared stage 3 / main kernel for My Operating System (MOS)
This module is responsible for managing and enabling the running of user applications
For software programming, check the System calls section
Marcel Sondaar
Educational purposes
| stage3. asm [ia-common] | The shared stage 3 / main kernel for My Operating System (MOS) |
| kernelentry | contains the entry point of the kernel |
| mpentry | the common entry code for multiprocessor systems |
| Initializers | These functions constitute to the initialisation of the kernel. |
| AllocateFromHeap | Allocates several bytes at the end of heap. |
| ApicBasedDelay | delay x cycles based on bus speed |
| BootstrapAP586 | attempts to boot application processors in the system |
| BootstrapUserspace | Locates the fourth stage binary, map it into memory and create an initial task for that binary. |
| BuildKernelPageMap | Creates a default page table used when creating a new virtual address space. |
| CheckDisabledApic | Checks if a software-disabled APIC is present |
| CheckpointBSP | Synchronizes progress across CPU’s |
| CheckpointAP | Synchronizes progress across CPU’s |
| ComputeApicFrequency | Compares the local APIC with the PIT timer to calculate its operating frequency |
| ComputeProcessorUnion | calculates <qwProcessorSharedCaps> by takes all processor’s capabilities, and keeping only the bits common to all processors. |
| CreateInitialTDS | Creates the initial task description state and loads it for the current processor |
| DetectCoprocessor | Probes the current processor for an math coprocessor and sets dwaProcessorCaps1 accordingly |
| CR0_NE does not exist on a 386 | |
| DetectProcessors | Retrieves the information from the BSP, looks for APs and boots them |
| Lots of reboots/ lockups on Pentium 1 boxes | |
| HyperThreading | |
| FindMPTable | Locates the Intel multiprocessor table |
| FindRSDP | Locates the RSDP table, if present. |
| FixInterrupts | Fix PIC issues: mask all ints at the PIC, then enable interrupts |
| InitializeAllocator | Initializes the memory allocator tables |
| allocation of kernel pages | these are the amount of occupied/unoccupied pages they should later be set to the actual pages that are used. |
| InitializeAPRegisters | loads the AP’s special registers with the values generated by the BSP this also waits for the BSP to present the data |
| this is detrimental to speed on P4/ HTT processors | |
| InitializeKernelHeap | Loads pointers for all the needed structures |
| InitializeGDT32 | initializes the 32 bit GDT |
| InitializeIDT32 | Initializes the 32-bit IDT |
| replace with real handlers | |
| InitializePIC | Brings the PIC into a known state |
| Socket-A Interrupt bug | Copied from the previous kernel generation. |
| InitializePIT | Configure the PIT to a rate generator |
| InitializeRTC | Initializes the RTC as an interrupt source |
| InitializeRTC crashes some computers | |
| InitializeSyscalls | Registers the system call handlers |
| InitializeTSSAP | Creates an initial TSS for the current processor. |
| InitializeTSSBSP | Initializes the TSS for the BSP, and all the setup required for the TSSes on other processors. |
| PrintCPUCaps | |
| PrintAPICLine | Prints the APIC Bus frequency |
| PrintHex4 | Converts a dword value to hex and emit it to a string |
| PrintInitLine | prints the initalizer line |
| ProcessorDiagnostic | Gets the CPU, VM and related information |
| fix MMX and EMMI detection | |
| Extended CPUID | |
| fix cpuid bugs for intel class chips | |
| SetCPUBits | loads CR0/CR4 with the appropriate bits |
| cyrices (and possibly others) do not support cr4 | so do no write it when we don’t need it |
| set SSE bits in CR4 | |
| Runtime components | Common routines during kernel operation. |
| AddMemoryReference32 | Ups the reference count to a memory location. |
| AllocateGDT32Entry | finds an empty GDT entry and allocates it. |
| AllocateIDTEntry | Tries to allocate one entry in the IDT |
| fail stub | |
| AllocateMemory32 | Tries to allocate a piece of memory To allow for full userspace control of memory |
| ClearPageTableEntry32Hole | Clears a page table entry if it is mapped and not used by the kernel. |
| improve speed here. | |
| improve speed | |
| DumpCRState | prints a crashdump with the CRx registers |
| DumpIntState | prints a crashdump from an interrupt stackframe |
| DumpRegState | Prints a crashdump from a PUSHAD image |
| EnableIRQ | Enables one IRQ at the PIC |
| FillKernelPageDirectory | Fills a page directory with default values |
| FillKernelPageTable | Fills a page table with all the kernel pages |
| FillPage32 | Fills a page in physical memory with all ones |
| FillTaskDescriptor32 | Fills a page with a task descriptor and a schedulable stack This descriptor is designed to run 32-bit applications |
| FillTaskDescriptorRemote32 | Fills a task structure in physical memory |
| FindL3MemoryTable32 | Locks onto the memory address controlling this entry |
| resolve virtual pointers | |
| FindL2MemoryTable32 | Increases the reference count on one memory unit |
| resolve virtual pointers | |
| FindL1MemoryTable32 | Increases the reference count on one memory unit |
| GetTssBitmapStatus32 | Checks whether a page in the TSS has been mapped |
| HardwareDelay | Delays for a short period of time. |
| InsertLargePage32 | adds a given large page to a page directory |
| InsertPageTable32 | adds a given page table to a page directory |
| InsertPage32 | adds an entry to the page table. |
| InsertTSSBitmapPage | Maps a page into the shared TSS area. |
| write 486 overlay (cmpxchg) | |
| proper page flushing | |
| IntHandler | Provides the default interrupt handlers. |
| MapL1Table32 | Inserts a new leaf into the memory allocator map |
| MapL2Table32 | Ups the reference count to a memory location. |
| Oops | Kills the thread and prints a report to port e9 |
| ReadPageTableEntry32Hole | Sets a page table entry if allowed. |
| improve speed here. | |
| improve speed | |
| ReleaseMemoryLocks | Releases memory locks as given by findmemory and relatives |
| RemoveMemoryReference32 | Decrements the reference count to a memory location. |
| RequestAddress32 | Requests ownership of one location in the physical address space |
| RequestGDT32Entry | Requests ownership of one specified GDT entry |
| RequestMemory32 | Requests ownership of one memory location |
| SetIDTEntry32 | Points an IDT entry to a given function |
| SetIDTEntry32Public | Points an IDT entry to a given function, and allow it to be called from userland |
| SetPageDirEntry32Hole | Sets a page directory entry if allowed. |
| improve speed here. | |
| SetPageTableEntry32Hole | Sets a page table entry if allowed. |
| improve speed here. | |
| improve speed | |
| SwitchGDT32 | Switches to the 32 bit GDT |
| SwitchIDT32 | Switches to the 32 bit IDT |
| QueueThread | adds a thread to the execution queue |
| WritePage32 | adds an entry to the page table. |
| WriteAddressSpace32 | Map and fill out a set of address space structures |
| ZeroPage32 | Zeroes a page in physical memory |
| Scheduler components | These functions change between tasks. |
| Schedule | Causes execution to be suspended and the next thread to be readied. |
| Scheduler_Common | this function will browse through the scheduler list and pick a new task to run. |
| Address space switches | |
| Scheduler_Launchuser | return stub that gets us into userland |
| System calls | These functions form the interface to all userspace applications |
| Entrypoint_Int | Contains the handler for system calls when accessed via the syscall interrupt. |
| Entrypoint_Main | Does the actual decoding of the system call |
| KernelVersion | Returns the kernel version |
| BlockAlloc | Allocates memory and maps it to userspace |
| write address to page table if applicable | |
| release this address | OOPS |
| BlockAllocEx | Allocates a specific piece memory and maps it to userspace |
| write address to page table if applicable | |
| release this address | |
| BlockAllocPhys | Allocates an area in the physical range and maps it to userspace |
| write address to page table if applicable | |
| release this address | |
| EnterV8086 | Makes the thread enter v8086 mode |
| AllocateIoBitmap | Allocates pages for the I/O permission bitmap. |
| PortAlloc | Allocates pages for the I/O permission bitmap. |
| add port allocation management and safety stuff | |
| step up from first page to second | |
| AllocatePageTable | Maps a page table into the page directory to allow for small pages to be used |
| update destroyed regs | check RequestMemory32 AllocateMemory32 InsertPageTable32 ZeroPage32 RemoveMemoryReference32 |
| BlockAllocExL | Allocates an area of memory in the physical range and maps it to userspace |
| check destroyed regs | |
| release this address | |
| BlockAllocPhysL | Allocates an area in the physical range and maps it to userspace |
| check destroyed regs | |
| release this address | |
| AllocateIRBitmap | Allocates a page for the Interrupt Redirection Bitmap |
| SetRedirectBits | Sets redirection bits in the Interrupt Redirection Bitmap |
| ManageMemoryL1 | Insert a node into the memory manager tree at the 1st level The node will describe 2M of memory in 4K units |
| ManageMemoryL2 | Insert a node into the memory manager tree at the 3rd level The node will describe 1G of memory in 2M units |
| ESI usage? | |
| Yield | Yield the execution resource to another program |
| CreateAddressSpace | Creates a new set of paging structures |
| CreateThread | Creates a new thread structure |
| CreateThreadRemote | Creates a new thread structure in a different address space |
| Race condition. Read-addref-read pattern needs to be added | |
| TransferPage | Copies a virtual-to-physical mapping from the current address space to a remote address space |
| Race condition. Read-addref-read pattern needs to be added | |
| AllocatePageTableRemote | Maps a page table into the page directory to allow for small pages to be used |
| update destroyed regs | check RequestMemory32 AllocateMemory32 InsertPageTable32 ZeroPage32 RemoveMemoryReference32 |
| Race condition. Read-addref-read pattern needs to be added | |
| BlockDealloc | Removes references to a section of memory to allow for small pages to be used |
| Yank | Run privileged test code |
| Interrupt Handlers | These functions assure a proper handling of exceptions and standard interrupts |
| IsrNMHandler | Handles the coprocessor exceptions |
| segment register breakage | |
| IsrGPFHandler32 | handles the GPF exception |
| Check whether the stored state is consistent. | |
| IsrPFHandler32 | handles the pagefault exception |
| IrqRTCHandler | acknowledges the RTC timer interrupt and updates the time |
| causes panic on Bochs due to kb overflow | |
| Data storage | Contains all variables, pointers and preallocated datastructures |
| lpBootloaderData | holds the address of the structure passed by the bootloader |
| lpRamdisk | holds the base address of the ramdisk. |
| szaHostName | contains the name of the host (processor or vm) for each processor |
| baProcessorArch | contains the family, needed for MSRs, APIC, IOAPIC and related stuff values: 0 - Unknown architecture 1 - Intel 386 (external FPU) 2 - Intel 486+ (internal FPU, intel MSRs, L.APIC) 3 - AMD 4 - Cyrix (Cyrix MSRs) |
| bcdaProcessorVersion | contains an unpacked BCD version number of each processor: family.major.minor.revision |
| dwaProcessorCaps1 | contains a bitmask of host capabilities for each processor the bits generally correspond to cpuid flags, however, the startup code filters the broken/unsupported/disabled features so to make these readings more accurate. |
| dwaProcessorCaps2 | contains a bitmask of host capabilities for each processor. |
| dwaProcessorSharedCaps | the capabilities shared by all processors |
| dwaProcessorMaxCaps | all the capabilities that are supported by at least one processor |
| dwProcessorCount | the number of logical processors in the systems |
| lpRSDPBase | the location of the RSDP structure |
| lpMPTablePointer | the location of the MP pointer |
| lpKernelBasePageTable | contains a pointer to the base kernel page table (386 paging) |
| lpKernelBasePAETable | contains a pointer to the base kernel page table (PAE/LM paging) |
| lpAddressSpaceMirror | contains a pointer to the location where the current address space information structure is mapped |
| lpDirectoryTableMirror | contains a pointer to the location where the current page directory is mapped (if appropriate) |
| lp32BitGDT | the location of the 32 bit gdt |
| lp32BitIDT | the location of the 32 bit IDT |
| lp64BitIDT | the location of the 64 bit IDT |
| lpL4MemoryTable | the 4th level memory reference structure. |
| lpL3MemoryTable | the 3rd level memory reference structure. |
| lpL2MemoryTable | the 2nd level memory reference structure. |
| lpL1MemoryTable | the 1st level memory reference structure. |
| lpHeapTop | the current top of the heap |
| lpPageTableSource | the sample table that contains all the pages required by the kernel |
| lpPagingLocks | holds the lock bits for the paging hole |
| lpMMTableHoles | points to four consecutive pages where parts of the paging structures can be mapped into |
| lpPagingHoles | points to four consecutive pages where parts of the paging structures can be mapped into |
| lpPagingKernelTables | points to four consecutive pages where the paging structures for the kernel are offset + 0k - page table offset + 4k - page directory offset + 8k - 3rd level offset + 12k - top level |
| lpZeroHole | points to a page that can be mapped for clearing pages. |
| lpFPUHole | points to a series of pages that can be mapped for lazily storing FPU state |
| lpFreePagingOffset | the first address where allocations can be done |
| lpaCurrentAddressSpace | contains the currently active address space for each processor |
| lpaCurrentProcess | contains the current task’s descriptor |
| lpaCurrentScheduleProc | contains the location of the schedule_out function for the current thread |
| lpaSchedulerBase | contains the base of the scheduling table |
| lpaSchedulerOffset | contains the offset into the scheduler table of the currently executing task |
| dwSchedulerLocks | contains access locks to the scheduler queue |
| lpaTSS | contains the location of the TSSs for each processor. |
| lpaIoBitmap | contains the location of the I/O permission bitmap |
| lpaLastFPUState: | Contains the location of the FPU state to store. |
| baGDT32Bitmap | contains a bitmap of the used GDT entries |
| bMasterMask | contains the interrupt mask for the Master PIC |
| bSlaveMask | contains the interrupt mask for the Slave PIC |
| kernelimagesize | the size of the kernel image in bytes. |
| kernelbssstart | the page-aligned location where the bss should start. |
These functions constitute to the initialisation of the kernel. Once the kernel is running, these can be eliminated
Allocates several bytes at the end of heap. Only multiples of PAGE_SIZE should be used to guarantee page-alignment
| EAX | bytes required |
| EAX | location |
none
attempts to boot application processors in the system
none
none
EAX EBX ECX EDX ESI EDI
Locates the fourth stage binary, map it into memory and create an initial task for that binary.
none
none
EAX EBX ECX EDX ESI EDI
Stage4 is loaded in different locations by grub and the custom stage2
Creates a default page table used when creating a new virtual address space.
After calling this, AllocateFromHeap will no longer allocate memory that is global.
none
none
EAX ECX EDI ESI
Checks if a software-disabled APIC is present
EDX = CPUID output
EDX = corrected CPUID output
none
Compares the local APIC with the PIT timer to calculate its operating frequency
none
none
EAX, EBX, ECX, EDX
calculates <qwProcessorSharedCaps> by takes all processor’s capabilities, and keeping only the bits common to all processors.
none
none
EAX EBX ECX ESI EDI
Creates the initial task description state and loads it for the current processor
| EAX | processor number |
| ECX | entries on the stack to copy |
none
ESI, EDX, ECX, EDI
Probes the current processor for an math coprocessor and sets dwaProcessorCaps1 accordingly
| EAX | processor number |
none
none
Retrieves the information from the BSP, looks for APs and boots them
none
none
EAX EBX ECX EDX ESI EDI
Locates the RSDP table, if present. The location is stored for further reference
none
none
ESI
Fix PIC issues: mask all ints at the PIC, then enable interrupts
none
none
EAX
Initializes the memory allocator tables
The memory allocator basically is a reference counter with a 4-level tree covering the entire canonical address space. The tree is formatted as follows:
each entry consists of the top 3 levels consists of one Qword, the 4th layer only uses one Dword as it does not need to contain 64-bit pointers. each entry can be either a pointer or a reference count. The two most significant bits indicate the usage. 00 - non-memory area, use count 01 - memory area, use count 10 - reference, mapped into physical space 11 - reference, mapped into linear space For level 4, only the most significant bit is considered. 1 - memory with use count 0 - non-memory with use count References contain the address in the entry, which is aligned to a page boundary, and a count of references/areas that have free memory in the least significant bits. Non-referenced areas simply consist of a reference count.
none
none
all non-stack GPRs
these are the amount of occupied/unoccupied pages they should later be set to the actual pages that are used.
loads the AP’s special registers with the values generated by the BSP this also waits for the BSP to present the data
none
none
none
Brings the PIC into a known state
maps the master PIC’s irq’s 0-7 to the non-intel area maps the slave PIC’s irq’s 8-15 after the masters’
none
none
EAX, EBX
Copied from the previous kernel generation. However there was an issue regarding PIT interrupts not firing. Masking interrupts should instead of disabling interrupts should fix this (according to brendan). PIC/PIT should be tested with Socket-A systems before removal of fixme
both fixed in current version, needs testing
in all cases, the code is currently not used and can safely be kept disabled
Creates an initial TSS for the current processor. All TSSes will share the IO permission bitmap of the other TSSes. The offset hereto has to be set bits.
| ECX | the processor number |
none
EAX EDX EDI
Initializes the TSS for the BSP, and all the setup required for the TSSes on other processors.
The TSSes are located after one another, and they share an IRB/IOPB. the topmost 256 ports of the address space are not supported to save a page per instance of the bitmap. This method allows that the version of a bitmap in any address space can simply be overridden by paging in different memory. The amount of CPUs that are supported by this method is at 511 (512*128 overflows the 16 bit offset to the bitmap) This is well above the hardcoded limit of 8 CPUs currently in place.
none
none
EAX ECX EDX EDI
Converts a dword value to hex and emit it to a string
| ESI | location to write |
| EDX | value to convert |
none
ESI
Gets the CPU, VM and related information
| EAX | index to use |
none
EAX EBX ECX EDX ESI
so do no write it when we don’t need it
| ECX | processor number |
none
EAX
Ups the reference count to a memory location.
| EAX | memory address to reference |
none
ECX, EDX
finds an empty GDT entry and allocates it.
none
| EAX | GDT segment selector |
| CF | clear on success, set if the GDT is fully occupied |
none
Tries to allocate one entry in the IDT
| EAX | interrupt number |
| CF | clear on success, set if the entry has been taken |
none
Tries to allocate a piece of memory To allow for full userspace control of memory
none
| EAX | physical address of allocated page of memory |
| CF | set if no memory could be allocated |
ECX, EDX
Clears a page table entry if it is mapped and not used by the kernel.
This version uses the paging holes to temporarily map in the tables for write access. Other write methods may be faster
This assumes the processor is in 32-bit paged mode
| EDX | the physical address of the page directory |
| EDI | the virtual address to unmap |
| EDX | the page table entry |
| CF | clear if the entry was unmapped, set if the write could not be performed |
EAX, EDX, EDI
prints a crashdump from an interrupt stackframe
| EBP | pointer to top of interrupt frame |
| EAX | interrupt/exception number |
none
none
Fills a page directory with default values
| EDI | virtual address of the first page table |
| EBX | virtual address of the page directory |
| ESI | physical address of the first page table |
| EDX | physical address of the page directory |
none
EDI, ESI, ECX
Fills a page table with all the kernel pages
| EDI | virtual address to write to |
| ESI | physical address of the page table |
| EDX | physical address of the page directory |
none
EDI ECX
Fills a page in physical memory with all ones
Maps the page into a predefined memory hole, then clears it.
Assumes the processor is in 32-bit paged mode
| EAX | offset of the page |
none
none
Fills a page with a task descriptor and a schedulable stack This descriptor is designed to run 32-bit applications
| EDI | location to write |
| ESI | location of page in target virtual memory |
| EDX | location of page in physical memory |
| EBX | starting EIP |
| EBX | pointer to GPR contents |
EAX
Fills a task structure in physical memory
Maps the page into a predefined memory hole, then clears it.
Assumes the processor is in 32-bit paged mode
| ESI | location of page in target virtual memory |
| EAX | location of page in physical memory |
| EBX | starting EIP |
| EDX | starting ESP out: none |
EBX, ESI, EDI
Locks onto the memory address controlling this entry
| EAX | address to add reference to |
| CL | level of this entry |
| CH | locks taken |
| EDX | memory location governing this entry (points to dword containing reference count) |
ECX
Increases the reference count on one memory unit
| EAX | address to add reference to |
| ESI | address of the corresponding L2 memory table |
| CL | level of this entry |
| CH | locks taken |
| EDX | memory location governing this entry |
ECX
Increases the reference count on one memory unit
| EAX | address to add reference to |
| ESI | address of the corresponding L1 memory table |
| CL | level of this entry |
| CH | locks taken |
| EDX | memory location governing this entry |
ECX(16:31)
Checks whether a page in the TSS has been mapped
| EDI | the page’s index |
| CF | set if the page can be written to, clear if unmapped |
EAX
adds a given large page to a page directory
| EAX | 4M Page address |
| EBX | Directory address |
| EDX | address to map to |
| CF | success if clear, error if set |
none
adds a given page table to a page directory
| EAX | table address |
| EBX | directory address |
| EDX | address to map to |
| CF | success if clear, error if set |
none
adds an entry to the page table.
The entry may not be allocated before writing
| EDX | location of the page table |
| ESI | physical address and access bytes of the page to map |
| EDI | virtual address to map to |
| CF | success if clear, error if set |
none
Maps a page into the shared TSS area. Checks if the map can be performed, then sets the map atomically.
| EAX | address of the page to map |
| EDI | index of the page to map (0-1) |
| CF | clear on success, set on failure |
ECX
Provides the default interrupt handlers. These functions are called by the processor, and should not be accessed from applications
do not call
none
none
Inserts a new leaf into the memory allocator map
| EAX | memory address to reference |
| EDI | memory location to point to |
none
ECX, EDX
Ups the reference count to a memory location.
| EAX | memory address to reference |
| EDI | memory location to point to |
none
ECX, EDX
Sets a page table entry if allowed.
This version uses the paging holes to temporarily map in the tables for write access. Other write methods may be faster
This assumes the processor is in 32-bit legacy paged mode
| EDX | the physical address of the page directory |
| EDI | the virtual address to look up |
| CF | clear for bottom level entries, set for higher-level entries |
| EDX | the entry stored |
EAX, EDX, EDI
Releases memory locks as given by findmemory and relatives
| CH | bitmask of locks in need of releasemment |
none
CH, EDX
Decrements the reference count to a memory location.
| EAX | memory address to reference |
none
ECX, EDX
Requests ownership of one location in the physical address space
| EAX | memory address contained in the requested page |
| EAX | zero on success, all ones on failure |
| CL | level of this entry |
EDX
Requests ownership of one specified GDT entry
| EAX | selector number |
| CF | clear if the entry was allocated, set on failure |
none
Requests ownership of one memory location
This function will fail if the location is in use or not marked as memory
| EAX | memory address contained in the requested page |
| EAX | zero on success, all ones on failure |
| CL | level of this entry |
ECX, EDX
Points an IDT entry to a given function
| EAX | Interrupt number |
| EDX | Address of the function |
none
EAX
Points an IDT entry to a given function, and allow it to be called from userland
| EAX | Interrupt number |
| EDX | Address of the function |
none
EAX
Sets a page directory entry if allowed.
This version uses the paging holes to temporarily map in the tables for write access. Other write methods may be faster
This assumes the processor is in 32-bit paged mode
| EDX | the physical address of the page directory |
| ESI | the physical address and bits of the entry to map |
| EDI | the virtual address to map to |
| CF | clear on success, set if the write could not be performed |
EAX, EDX, EDI
Sets a page table entry if allowed.
This version uses the paging holes to temporarily map in the tables for write access. Other write methods may be faster
This assumes the processor is in 32-bit paged mode
| EDX | the physical address of the page directory |
| ESI | the physical address and bits of the entry to map |
| EDI | the virtual address to map to |
| CF | clear on success, set if the write could not be performed |
EAX, EDX, EDI
adds a thread to the execution queue
| ECX | CPU number |
| EDX | Address space field |
| ESI | Task Description Structure field |
| CF | set on failure, clear on success |
none
adds an entry to the page table.
This version does not perform any checking. Use InsertPage32 when necessary
| EDX | location of the page table |
| ESI | physical address and access bytes of the page to map |
| EDI | virtual address to map to |
none
none
Map and fill out a set of address space structures
Maps a pagedirectory and pagetable, then load them with the appropriate values.
| EAX | physical location of pagetable |
| EBX | physical location of page directory |
none
unknown
Zeroes a page in physical memory
Maps the page into a predefined memory hole, then clears it.
Assumes the processor is in 32-bit paged mode
| EAX | offset of the page |
none
none
Causes execution to be suspended and the next thread to be readied.
none
none
| none | the task is suspended and the state is restored upon return |
this function will browse through the scheduler list and pick a new task to run.
| EBX | processor number * 8 |
none
unknown
Contains the handler for system calls when accessed via the syscall interrupt.
| EAX | function number |
| EBX | argument 1 |
| ESI | argument 2 |
| EDI | argument 3 |
| EAX | return value if applicable |
| EBX | return value if applicable |
| ESI | return value if applicable |
| EDI | return value if applicable |
| CF | clear on success |
ECX, EDX, depending on syscall: EAX, EBX, ESI, EDI
Does the actual decoding of the system call
| EAX | function number |
| EBX | argument |
| ESI | argument |
| EDI | argument |
| EAX | return value if applicable |
| EBX | return value if applicable |
| ESI | return value if applicable |
| EDI | return value if applicable |
| CF | clear on success |
ECX, EDX, depending on syscall: EAX, EBX, ESI, EDI
Returns the kernel version
Informational
none
Allocates memory and maps it to userspace
Returns the amount of memory actually mapped
User
EAX EDX ESI
Allocates a specific piece memory and maps it to userspace
Returns the amount of memory actually mapped
User
EAX EDX ESI EDI ECX
Allocates an area in the physical range and maps it to userspace
Returns the amount of memory actually mapped
Driver
EAX EDX ESI EDI ECX
Allocates pages for the I/O permission bitmap.
Due to the handling of the bitmaps in the TSS, the top 256 ports are inaccessible.
| EAX | 0x00000005 |
| DI | allocate the part of the bitmap starting with this port number |
| BX | the amount of ports that are requested |
| ESI | the starting physical page to use. Supply all ones to let the kernel choose free pages |
| CF | set if the area was not fully mapped |
EAX, EBX, ECX, EDX, ESI, EDI
Allocates pages for the I/O permission bitmap.
Due to the handling of the bitmaps in the TSS, the top 256 ports are inaccessible.
| EAX | 0x00000006 |
| DI | allocate the part of the bitmap starting with this port number |
| BX | the amount of ports that are requested |
| CF | set if the area was not fully mapped |
EAX, EBX, ECX, EDX, ESI, EDI
Maps a page table into the page directory to allow for small pages to be used
| EAX | 0x00000007 |
| EDI | the virtual address that this page table needs to cover |
| ESI | the starting physical page to use. Supply all ones to let the kernel choose a free page |
| CF | set if the mapping could not be done |
EAX, EBX, ECX, EDX, ESI, EDI
Allocates an area of memory in the physical range and maps it to userspace
Returns the amount of memory actually mapped
Driver
EAX EDX ESI EDI ECX
Allocates an area in the physical range and maps it to userspace
Returns the amount of memory actually mapped
Driver
EAX EDX ESI EDI ECX
Allocates a page for the Interrupt Redirection Bitmap
| EAX | 0x0000000A |
| ESI | the starting physical page to use. Supply all ones to let the kernel choose free pages |
| CF | set if the area was not fully mapped |
EAX, EBX, ECX, EDX, ESI
Sets redirection bits in the Interrupt Redirection Bitmap
| EAX | 0x0000000B |
| ESI | the starting interrupt number |
| EDI | the amount of entries to set |
| EBX | zero to enable redirects, nonzero to disable |
| CF | set if the area was not fully mapped |
EAX, EBX, ECX, EDX, ESI
Insert a node into the memory manager tree at the 1st level The node will describe 2M of memory in 4K units
| EAX | 0x0000000C |
| ESI | the page in physical memory to be used. Supply all ones to let the kernel choose a free page |
| EDI | the physical address that the node should contain |
| CF | set if the node couldn’t be mapped |
unknown
Insert a node into the memory manager tree at the 3rd level The node will describe 1G of memory in 2M units
| EAX | 0x0000000D |
| ESI | the page in physical memory to be used. Supply all ones to let the kernel choose a free page |
| EDI | the physical address that the node should contain |
| CF | set if the node couldn’t be mapped |
unknown
Creates a new set of paging structures
| EAX | 0x0000000F |
| ESI | the page in physical memory to be used. Supply all ones to let the kernel choose a free page |
| EDI | the virtual address to map the page table |
| CF | set if the set could not be created |
unknown
Creates a new thread structure
| EAX | 0x00000010 |
| ESI | the page in physical memory to be used. Supply all ones to let the kernel choose a free page |
| EDI | the virtual address to map the thread structure |
| EBX | the entry point of the new thread |
| EDX | the initial value for the new thread’s stackpointer |
| CF | set if the thread could not be created |
unknown
Creates a new thread structure in a different address space
| EAX | 0x00000011 |
| ESI | the page in physical memory to be used. Supply all ones to let the kernel choose a free page |
| EDI | the virtual address to map the thread structure |
| EBX | the entry point of the new thread |
| EDX | the initial value for the new thread’s stackpointer |
| ECX | the handle of the address space |
| CF | set if the thread could not be created |
unknown
Copies a virtual-to-physical mapping from the current address space to a remote address space
| EAX | 0x00000012 |
| ESI | location of the page in the current address space |
| EDI | virtual address to copy the mapping to |
| EBX | handle of the remote address space |
| CF | clear on success, set on failure |
Maps a page table into the page directory to allow for small pages to be used
| EAX | 0x00000013 |
| EDI | the virtual address that this page table needs to cover |
| ESI | the starting physical page to use. Supply all ones to let the kernel choose a free page |
| EBX | handle of the remote address space |
| CF | set if the mapping could not be done |
EAX, EBX, ECX, EDX, ESI, EDI
Removes references to a section of memory to allow for small pages to be used
| EAX | 0x00000014 |
| ESI | The starting virtual address to deallocate |
| EDI | The ending virtual address to deallocate |
| CF | set if the mapping could not be completed |
| EAX | the last virtual address unmapped. |
ECX, EDX, EDI
Run privileged test code
Will not stay here forever
Currently uses a really ugly hack to change video modes
EAX = 0x00000015 EDX = mode number
CF = CF value returned by the bios
EAX, ECX, EDX
szaHostName: TIMES 8 * 16 DB 0
contains the name of the host (processor or vm) for each processor
baProcessorArch: TIMES 8 DB 0
contains the family, needed for MSRs, APIC, IOAPIC and related stuff values: 0 - Unknown architecture 1 - Intel 386 (external FPU) 2 - Intel 486+ (internal FPU, intel MSRs, L.APIC) 3 - AMD 4 - Cyrix (Cyrix MSRs)
bcdaProcessorVersion: TIMES 8 DD 0
contains an unpacked BCD version number of each processor: family.major.minor.revision
dwaProcessorCaps1: TIMES 8 DD 0
contains a bitmask of host capabilities for each processor the bits generally correspond to cpuid flags, however, the startup code filters the broken/unsupported/disabled features so to make these readings more accurate. bit 0 - FPU present
dwaProcessorCaps2: TIMES 8 DD 0
contains a bitmask of host capabilities for each processor. see dwaProcessorCaps1
lpKernelBasePageTable: DD 0
contains a pointer to the base kernel page table (386 paging)
lpKernelBasePAETable: DD 0
contains a pointer to the base kernel page table (PAE/LM paging)
lpAddressSpaceMirror: DD 0
contains a pointer to the location where the current address space information structure is mapped
lpDirectoryTableMirror: DD 0
contains a pointer to the location where the current page directory is mapped (if appropriate)
lpL2MemoryTable: DD 0
the 2nd level memory reference structure. (comparable to PAE page directory)
lpL1MemoryTable: DD 0
the 1st level memory reference structure. (comparable to PAE table: covers 0-2M)
lpPageTableSource: DD 0
the sample table that contains all the pages required by the kernel
lpMMTableHoles: DQ 0
points to four consecutive pages where parts of the paging structures can be mapped into
lpPagingHoles: DQ 0
points to four consecutive pages where parts of the paging structures can be mapped into
lpPagingKernelTables: DQ 0
points to four consecutive pages where the paging structures for the kernel are offset + 0k - page table offset + 4k - page directory offset + 8k - 3rd level offset + 12k - top level
lpaCurrentAddressSpace: TIMES 8 DQ 0
contains the currently active address space for each processor
lpaCurrentScheduleProc: TIMES 8 DQ 0
contains the location of the schedule_out function for the current thread
contains a bitmask of host capabilities for each processor the bits generally correspond to cpuid flags, however, the startup code filters the broken/unsupported/disabled features so to make these readings more accurate.
dwaProcessorCaps1: TIMES 8 DD 0
holds the address of the structure passed by the bootloader
lpBootloaderData: DD 0
holds the base address of the ramdisk.
lpRamdisk: DD 0
contains the name of the host (processor or vm) for each processor
szaHostName: TIMES 8 * 16 DB 0
contains the family, needed for MSRs, APIC, IOAPIC and related stuff values: 0 - Unknown architecture 1 - Intel 386 (external FPU) 2 - Intel 486+ (internal FPU, intel MSRs, L.APIC) 3 - AMD 4 - Cyrix (Cyrix MSRs)
baProcessorArch: TIMES 8 DB 0
contains an unpacked BCD version number of each processor: family.major.minor.revision
bcdaProcessorVersion: TIMES 8 DD 0
contains a bitmask of host capabilities for each processor.
dwaProcessorCaps2: TIMES 8 DD 0
the number of logical processors in the systems
dwProcessorCount: DD 1
the location of the RSDP structure
lpRSDPBase: DD 0
the location of the MP pointer
lpMPTablePointer: DD 0
contains a pointer to the base kernel page table (386 paging)
lpKernelBasePageTable: DD 0
contains a pointer to the base kernel page table (PAE/LM paging)
lpKernelBasePAETable: DD 0
contains a pointer to the location where the current address space information structure is mapped
lpAddressSpaceMirror: DD 0
contains a pointer to the location where the current page directory is mapped (if appropriate)
lpDirectoryTableMirror: DD 0
the location of the 32 bit gdt
lp32BitGDT: DD 0
the location of the 32 bit IDT
lp32BitIDT: DD 0
the location of the 64 bit IDT
lp64BitIDT: DD 0
the 4th level memory reference structure.
lpL4MemoryTable: DD 0
the 3rd level memory reference structure.
lpL3MemoryTable: DD 0
the 2nd level memory reference structure.
lpL2MemoryTable: DD 0
the 1st level memory reference structure.
lpL1MemoryTable: DD 0
the current top of the heap
lpHeapTop: DD 0
the sample table that contains all the pages required by the kernel
lpPageTableSource: DD 0
holds the lock bits for the paging hole
lpPagingLocks: DD 0
points to four consecutive pages where parts of the paging structures can be mapped into
lpMMTableHoles: DQ 0
points to four consecutive pages where parts of the paging structures can be mapped into
lpPagingHoles: DQ 0
points to four consecutive pages where the paging structures for the kernel are offset + 0k - page table offset + 4k - page directory offset + 8k - 3rd level offset + 12k - top level
lpPagingKernelTables: DQ 0
points to a page that can be mapped for clearing pages.
lpZeroHole: DQ 0
points to a series of pages that can be mapped for lazily storing FPU state
lpFPUHole: DQ 0
the first address where allocations can be done
lpFreePagingOffset: DQ 0
contains the currently active address space for each processor
lpaCurrentAddressSpace: TIMES 8 DQ 0
contains the current task’s descriptor
lpaCurrentProcess: TIMES 8 DQ 0
contains the location of the schedule_out function for the current thread
lpaCurrentScheduleProc: TIMES 8 DQ 0
contains the base of the scheduling table
lpaSchedulerBase: TIMES 8 DQ 0
contains the offset into the scheduler table of the currently executing task
lpaSchedulerOffset: TIMES 8 DQ 0
contains access locks to the scheduler queue
dwSchedulerLocks: DD 0
contains the location of the TSSs for each processor.
lpaTSS: TIMES 8 DQ 0
contains the location of the I/O permission bitmap
lpaIoBitmap: DQ 0
Contains the location of the FPU state to store.
lpaLastFPUState: TIMES 8 DQ 0
contains a bitmap of the used GDT entries
baGDT32Bitmap: DB 0x7f
contains the interrupt mask for the Master PIC
bMasterMask: DB 0
contains the interrupt mask for the Slave PIC
bSlaveMask: DB 0