LECTURE NOTE 5: THE REAL MODE Allows the to address only the first 1Mbyte of memory even if its Pentium II microprocessor. The first 1Mbyte of memory is called either the real mode or system. The DOS requires the microprocessor to operate in this mode. It allows application software.

Segment and Offset Through the combination of these two, a memory location is accessed in the real mode. All real mode must consist of a segment address plus an offset address.

Segment Address Defines the beginning address of any 64k- memory segment.

Offset Address Sometimes called displacement or relative. Selects any location within the 64k-byte memory segment. It is the distance above the start of the segment.

Note: Each segment register is internally appended with a 0H on its right end.

The segment address can begin only at a 16-byte boundary, which is called paragraph. Once the beginning address in known, an ending address is known, by adding FFFFH.

The code segment register defines the start of the code segment and the instruction pointer to locate the next instruction within the code segment. This combination (CS:IP or CS:EIP) locates the next instruction executed by the microprocessor.

Stack data are referenced through the stack segment at the memory location addressed by either the stack pointer (SP/ESP) or the base pointer (BP/EBP). These combinations are referred to as SS:SP (SS:ESP) or SS:BP (SS:EBP).

Addressing Modes 1. Register Addressing Mode transfer a copy of a byte or word from the source register or memory location to the destination register or memory location. EX. Given: AX=3367; BX=2423 a. MOV AL, BL b. MOV AX, BX

2. Immediate Addressing Mode transfers the source immediate byte or word of data into the destination register or memory location. EX. Given: AX=3367 a. MOV AL, 34H b. MOV AX, 3456H 3. Direct Addressing Mode moves a byte or a word between a memory location and a register. The instruction set does not support a memory-to-memory transfer, except for the MOVS instruction. EX. Given: DS=1000; MAPUA=1023; AL=CA a. MOV AL, [500] b. MOV CL, MAPUA c. MOV [0500], AL 4. Register Indirect Addressing Mode transfers a byte or a word between a register and a memory location addressed by an index or base register. The index and base registers are BP, BX, DI and SI. EX. Given: DS=1000; BX=55; DI=36; DH=FE a. MOV AX, [BX] b. MOV [DI], DH

5. Base-Plus-Index Addressing Mode transfers a byte or a word between a register and the memory location addressed by a base register (BP or BX) plus an index register (DI or SI). EX. Given: DS=1000; BX=55; SI=BA a. MOV CX, [BX+SI] 6. Register Relative Addressing Mode moves a byte or a word between a register and the memory location addressed by an index or base register plus a displacement. EX. Given: DS=1000; BX=55 a. MOV DX, [BX+500]

7. Base-Relative-Plus Index Addressing Mode transfers a byte or a word between a register and the memory location addressed by a base and an index register plus a displacement. EX. Given: DS=1000; BX=55; SI=BA a. MOV AX, [BX+SI+500]

PROTECTED MODE Allows access to data and programs located above the first 1Mbyte of memory as well as within the first 1Mbyte of memory. Segment address is no longer present in this

mode. In place of the segment address, the segment register contains a selector that selects a descriptor from a descriptor table. The descriptor describes the memory segment location, length and access rights. Most function in the real mode will function without change in the . The difference between modes is in the way that the segment register is interpreted by the microprocessor to access the memory segment.

Global Descriptor Contains segment definitions that apply to all programs. Other term is system descriptor.

Local Descriptor Usually unique to an application. Other term is application program.

Each table contains 8192 descriptors. The base address portion of the descriptor indicates the starting location of the memory segment. The segment limit contains the last offset address found in a segment.

There is another feature found in the 80386 through the Pentium II descriptor that is not found in the 80286 descriptor: the G bit or granularity bit.

7 0000 0000 0000 0000 6 7 Base (B31-B24) G D 0 A Limit 6 V (L19-L16)

5 Access Rights Base (B23-B16) 4 5 Access Rights Base (B23-B16) 4

3 Base (B15-B0) 2 3 Base (B15-B0) 2

1 Limit (L15-L0) 0 1 Limit (L15-L0) 0

80286 80386/80486/Pentium/PentiumPro/Pentium II FIGURE 1 FIGURE 2

AV bit 1 segment is available 0 segment is not available

D bit 0 instructions are 16-bit compatible with the 8086-80286 1 instructions are 32-bit

G bit – Granularity 0 the limit specifies the segment limit of 00000H to FFFFFH 1 the value of the limit is multiplied by 4K (appended with XXXH)

00000

FF 0L 00 1L

00 2B

00 3B

10 4B

92 5ARB

00 6GD0AV/L

00 7B

FFFF

FIGURE 3 (Sample Descriptor)

TI bit 0 selects the global descriptor table 1 selects the local descriptor table RPL –Requested Privilege Level 00 highest 11 lowest

15 3 2 1 0

TI SELECTOR RPL

RPL – Requested Privilege Level 00 is the highest and 11 is the lowest

TI = 0 Global Descriptor Table TI = 1 Local Descriptor Table

Selects one descriptor from 8192 descriptors in either the global or the local descriptor table FIGURE 4

Access Rights Byte Controls access to the protected mode memory segment Describes how the segment functions in the system Allows complete control over the segment

P DPL S E ED R/ A /C W

A = 0 Segment not accessed A = 1 Segment has been accessed

E = 0 Descriptor describes a Data Segment ED = 0 Segment expands upward (DS) ED = 1 Segment expands downward (SS) W = 0 Data may not be written W = 1 Data may be written

E = 1 Descriptor describes a Code Segment C = 0 Ignore descriptor privilege level C = 1 Abide by privilege level R = 0 Code Segment may not be read R = 1 Code Segment may be read

S = 0 System Descriptor S = 1 Code or Data Segment Descriptor

DPLP = 0 =Descriptor Sets the Descriptor is undefined Privilege Level FIGURE 5 P = 1 Segment contains a Valid Base and Limit PROGRAM MEMORY ADDRESSING

1. DIRECT PROGRAM MEMORY ADDRESSING Intersegment Jump – is a jump to any memory location within the entire memory system. Direct Jump is often called a far jump.

Label – refers to the location that is called or jumped to instead of the actual numeric address

EX. JMP [10000H] CS:IP

2. RELATIVE PROGRAM MEMORY ADDRESSING Relative – relative to the instruction pointer Intrasegment Jump – a jump anywhere within the current code segment Short Jump – contain an 8-bit displacement Near Jump – contain a 16-bit displacement

EX. JMP [02] short JMP [1122] near

3. INDIRECT PROGRAM MEMORY ADDRESSING Indirect Jump – if a relative register holds the address Indirect-indirect or Double-Indirect Jump – if the register is considered to be relative

EX. JMP BX axcxdxsidi JMP [BX]

4. STACK PROGRAM MEMORY ADDRESSING Stack Segment and Stack Pointer - maintains the stack memory Whenever a word of data is pushed onto the stack, the higher-order-8-bits are placed in the location addressed by SP-1. The low-order-8-bits are placed in the location addressed by SP-2. SP is decremented by 2 so that the next word of data is stored in the next available stack memory location.

Whenever data are popped from the stack, the low-order-8-bits are removed from the location addressed by SP. The high-order-8-bits are removed from the location addressed by Sp+1. The Sp register is then incremented by 2.

EX. PUSH BX POP CX

QUESTIONS: REAL MODE A. In the real mode, show the starting and ending address of the segment located by the following segment register values:

SEGMENT ADDRESS STARTING ADDRESS ENDING ADDRESS 1. 1234H 2. 3456H 3. ABCDH

B. Find the memory address of the next instruction executed by the microprocessor, when operated in the real mode, for the following CS:IP and 80286 register combinations:

1. CS=EADEH & IP=7325H 2. DS=1111H & AX=23H 3. SS=DEEEH& BP=657H

PROTECTED MODE 1. For an 80286 descriptor that contains a base address A00000H and a limit of 1000H, what starting and ending locations are addressed by this descriptor?

2. For an 80486 descriptor that contains a base address of 01000000H, a limit of 0FFFFH, and G = 0, what starting and ending locations are addressed by this descriptor?

3. For a Pentium II descriptor that contains a base address of 00280000H, a limit of 00010H, and G = 1, what starting and ending locations are addressed by this descriptor?

4. If DS = 0103H is a protected mode system, the requested privilege level is?

5. If DS = 0105 is a protected mode system, which entry, table and requested privilege level are selected?

6. Code a descriptor that describes a memory segment that begins at location 210000H and ends at location 21001FH. This memory segment is a code segment that can be read. The descriptor is for an 80286 microprocessor. 7. Code a descriptor that describes a memory segment that begins at location 03000000H and ends at location 05FFFFFFH. This memory segment is a data segment that grows upward in the memory system and can be written. The descriptor is for an 80386 microprocessor.

For Numbers 8-11. Use Figure 1.

EBX = 0001 2400H, EDI = 0000 004BH, EBP = 0008 7654H, ESI = 0001 6250H, MITC = 1DH and MAPUA = 232H

8. Suppose that DS = 0015H, what will be the address/es is being accessed by the instruction, MOV ESP, [EBX+EDI], assuming protected mode?

9. Suppose that SS = 0009H, what will be the address/es accessed by the instruction, MOV MITC [EBP+ESI], AL, assuming protected mode? 10. Suppose that DS = 0048H, what will be the address/es being accessed by the instruction, MOV CX, MITC [EBX], assuming protected mode?

11. Suppose that DS = 0026H, what will be the address/es being accessed by the instruction, MOV DI, MAPUA [ESI+5H], assuming protected mode?

12. Suppose that CS = 1500H, an instruction JMP [D2200H] occurs which is located at 15500H, what will be the new value of CS and IP, assuming real mode?

13. Suppose that CS = 1500H, an instruction JMP [B9] occurs which is located at 22111H, at what address will the program jump to, assuming real mode?

14. Suppose that CS = CA00H and BX = 0010H, an instruction JMP BX occurs which is located at CA100H, at what address will the program jump to, assuming real mode?

15. Suppose that CS = 0030H, an instruction JMP [30007000] occurs which is located at 00300200H, what will be the new value of CS and IP, assuming protected mode? RPL = 00H

16. A SUB instruction stores a value E789h at offset value A3BCh. If the computed address is F9EA2h, what will be the ending address? Assume real mode operation.

17. Indicate the effective address where the instruction PUSH [CX] will store a word value if CS=0019h, DS=0036h, and SS=000Ch. Assume real mode operation. Let SP= CCEBh