LOADALL

Last updated

LOADALL is the common name for two different, undocumented machine instructions of Intel 80286 and Intel 80386 processors, which allow access to areas of the internal processor state that are normally outside of the IA-32 API scope, like descriptor cache registers. The LOADALL for 286 processors is encoded 0Fh 05h, [1] while the LOADALL for 386 processors is 0Fh 07h. [2]

Contents

Both variants – as the name implies – load all CPU internal registers in one operation. LOADALL had the unique ability to set up the visible part of the segment registers (selector) independently of their corresponding cached part, allowing the programmer to bring the CPU into states not otherwise allowed by the official programming model.

Usage

As an example of the usefulness of these techniques, LOADALL can set up the CPU to allow access to all memory from real mode, without having to switch it into unreal mode (which requires switching into protected mode, accessing memory and finally switching back to real mode). Programs such as the pre-XMS versions of RAMDRIVE.SYS (1985), [3] [1] [4] SMARTDRV.SYS (1986) [4] as well as HIMEM.SYS (2.03, 1988-08-04; 2.04, 1988-08-17) [4] drivers in MS-DOS, Uniform Software Systems' The Extender (1985) and The Connector (1985) for Lotus 1-2-3, Above Disk (1986) [5] (a LIMulator by Above Software (formerly Tele-Ware West aka Los Angeles Securities Group) that converted hard disk space or extended memory into expanded memory), and OS/2 1.0 [3] [1] and 1.1 [6] used the 286 LOADALL instruction. DOS 3.3 and 4.0 reserved a 102-byte buffer at 0070:0100h (which was normally occupied by DOS BIOS data) so that there was no need to save & restore it for LOADALL. Microsoft's EMM386.EXE special-cases both the 286 and 386 LOADALL instructions in its invalid opcode handler. [7] Examination of the virtual-machine monitor code in Windows/386 2.10 shows that it uses both the 286[ citation needed ] and the even less known 386 variant[ citation needed ]. Microsoft's HIMEM.SYS version 2.06 [8] also used LOADALL to quickly copy to and from extended memory on 286 systems.

Another interesting usage of LOADALL, laid out in the book The Design of OS/2, [9] would have been to allow running former real-mode programs in 16-bit protected mode, as utilized by Digital Research's Concurrent DOS 286 since 1985, [10] [11] [12] as well as FlexOS 286 [13] and IBM 4680 OS [14] [15] since 1986. Marking all the descriptor caches in the GDT and LDTs "not present" would allow the operating system to trap segment-register reloads, as well as attempts at performing real-mode–specific "segment arithmetic" and emulate the desired behavior by updating the segment descriptors (LOADALL again). This "8086 emulation mode" for the 80286 was, however, too slow to be practical. The idea had to be mostly discarded, furthermore, due to errata in some early Intel 80286 processors before the E-2 stepping. [10] [11] [13] As a result, OS/2 1.x – and Windows in "standard" mode as well – had to run DOS programs in real mode. Nevertheless, the idea was not lost; it led Intel to introduce the virtual 8086 mode of the 80386, allowing the implementation of "DOS boxes" at last in a relatively efficient and documented way.

Because LOADALL did not perform any checks on the validity of the data loaded into processor registers, it was possible to load a processor state that could not be normally entered, such as using real mode (PE=0) together with paging (PG=1) on 386-class CPUs. [2]

An in-circuit emulator (ICE) is a tool used for low-level debugging. On Intel 80386, asserting the undocumented pin at location B6 causes the microprocessor to halt execution and enter ICE mode. The microprocessor saves its entire state to an area of memory isolated from normal system memory. The layout of this area is suitable for the LOADALL instruction, and this instruction is used by ICE code to return to normal execution.

In later processors, this evolved into System Management Mode (SMM). In SMM, the RSM instruction is used to load a full CPU state from a memory area. The layout of this memory area is similar to one used by the LOADALL instruction. [16] 386-style LOADALL instruction can be executed on 486 too, but only in SMM mode. In later processors, the RSM instruction, with a different encoding, took its role.

Microsoft's Codeview 3.0 and Borland's Turbo Debugger 2.0 correctly decode 286 and 386 LOADALL instructions. [1]

As the two LOADALL instructions were never documented and do not exist on later processors, the opcodes were reused in the AMD64 architecture. [17] The opcode for the 286 LOADALL instruction, 0F05, became the AMD64 instruction SYSCALL; the 386 LOADALL instruction, 0F07, became the SYSRET instruction. These definitions were implemented even on Intel CPUs with the introduction of the Intel 64 implementation of AMD64. [18]

80286

Opcode 0F05. The instruction reads data from addresses 0x00800–0x00866, whatever the content of the segment registers.

Addressnumber
of bytes		registerregisterregisterregister
008006not used
008062MSW, machine status word
0080814not used
008162TR (task register)
008182flags
0081A2IP (instruction pointer)
0081C2LDTR, local
descriptor table register
0081E4× 2DS (data segment)SS (stack segment)CS (code segment)ES (extra segment)
008264× 2DI (destination index)SI (source index)BP (base pointer)SP (stack pointer)
0082E4× 2BXDXCXAX
008364× 6ES segment descriptor CS segment descriptorSS segment descriptorDS segment descriptor
0084E4× 6GDT,
global descriptor table		LDT,
local descriptor table		IDT,
interrupt descriptor table		TSS,
task state segment

The 80286 LOADALL instruction can not be used to switch from protected back to real mode [19] (it can't clear the PE bit in the MSW). However, use of the LOADALL instruction can avoid the need to switch to protected mode altogether.

80386

Opcode 0F07. The instruction loads data from address ES:EDI. It actually uses ES, not the ES descriptor.

Addressnumber
of bytes		registerregisterregisterregister
ES:EDI+004CR0, control register 0
ES:EDI+044EFLAGS
ES:EDI+084EIP, instruction pointer
ES:EDI+0C4× 4EDI, destination indexESI, source indexEBP, base pointerESP, stack pointer
ES:EDI+1C4× 4EBXEDXECXEAX
ES:EDI+2C2× 4DR6DR7
ES:EDI+344TR, task state selector
ES:EDI+384LDTR,
local descriptor table
ES:EDI+3C4× 2GS, extra segmentnot usedFS, extra segmentnot used
ES:EDI+444× 2DS, data segmentnot usedSS, stack segmentnot used
ES:EDI+4C4× 2CS, code segmentnot usedES, extra segmentnot used
ES:EDI+544× 12TSS descriptor,
task state selector		IDT descriptor,
interrupt descriptor table		GDT descriptor,
global descriptor table		LDT descriptor,
local descriptor table
ES:EDI+844× 12GS segment descriptor FS segment descriptorDS segment descriptorSS segment descriptor
ES:EDI+B42× 12CS segment descriptorES segment descriptor

See also

Related Research Articles

<span class="mw-page-title-main">Intel 80286</span> Microprocessor model

The Intel 80286 is a 16-bit microprocessor that was introduced on February 1, 1982. It was the first 8086-based CPU with separate, non-multiplexed address and data buses and also the first with memory management and wide protection abilities. The 80286 used approximately 134,000 transistors in its original nMOS (HMOS) incarnation and, just like the contemporary 80186, it could correctly execute most software written for the earlier Intel 8086 and 8088 processors.

Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. The mode gets its name from the fact that addresses in real mode always correspond to real locations in memory. Real mode is characterized by a 20-bit segmented memory address space and unlimited direct software access to all addressable memory, I/O addresses and peripheral hardware. Real mode provides no support for memory protection, multitasking, or code privilege levels.

x86 memory segmentation refers to the implementation of memory segmentation in the Intel x86 computer instruction set architecture. Segmentation was introduced on the Intel 8086 in 1978 as a way to allow programs to address more than 64 KB (65,536 bytes) of memory. The Intel 80286 introduced a second version of segmentation in 1982 that added support for virtual memory and memory protection. At this point the original mode was renamed to real mode, and the new version was named protected mode. The x86-64 architecture, introduced in 2003, has largely dropped support for segmentation in 64-bit mode.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

x86 assembly language is the name for the family of assembly languages which provide some level of backward compatibility with CPUs back to the Intel 8008 microprocessor, which was launched in April 1972. It is used to produce object code for the x86 class of processors.

<span class="mw-page-title-main">A20 line</span> Signal in the system bus of an x86-based computer system

The A20, or address line 20, is one of the electrical lines that make up the system bus of an x86-based computer system. The A20 line in particular is used to transmit the 21st bit on the address bus.

In computing, the DOS Protected Mode Interface (DPMI) is a specification introduced in 1989 which allows a DOS program to run in protected mode, giving access to many features of the new PC processors of the time not available in real mode. It was initially developed by Microsoft for Windows 3.0, although Microsoft later turned control of the specification over to an industry committee with open membership. Almost all modern DOS extenders are based on DPMI and allow DOS programs to address all memory available in the PC and to run in protected mode.

<span class="mw-page-title-main">Expanded memory</span>

In DOS memory management, expanded memory is a system of bank switching that provided additional memory to DOS programs beyond the limit of conventional memory (640 KiB).

<span class="mw-page-title-main">Conventional memory</span> First 640K of RAM under DOS

In DOS memory management, conventional memory, also called base memory, is the first 640 kilobytes of the memory on IBM PC or compatible systems. It is the read-write memory directly addressable by the processor for use by the operating system and application programs. As memory prices rapidly declined, this design decision became a limitation in the use of large memory capacities until the introduction of operating systems and processors that made it irrelevant.

<span class="mw-page-title-main">High memory area</span>

In DOS memory management, the high memory area (HMA) is the RAM area consisting of the first 65520 bytes above the one megabyte in an IBM AT or compatible computer.

<span class="mw-page-title-main">IBM TopView</span> Former front-end to DOS

TopView is the first object-oriented, multitasking, and windowing, personal computer operating environment for PC DOS developed by IBM, announced in August 1984 and shipped in March 1985. TopView provided a text-mode operating environment that allowed users to run more than one application at the same time on a PC. IBM demonstrated an early version of the product to key customers before making it generally available, around the time they shipped their new PC AT computer.

Quarterdeck Expanded Memory Manager (QEMM) is a memory manager produced by Quarterdeck Office Systems in the late 1980s through the late 1990s. It was the most popular third-party memory manager for the MS-DOS and other DOS operating systems.

In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.

Virtual DOS machines (VDM) refer to a technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs when there is already another operating system running and controlling the hardware.

<span class="mw-page-title-main">Multiuser DOS</span> Family of CP/M- and DOS-compatible multi-user multi-tasking operating systems

Multiuser DOS is a real-time multi-user multi-tasking operating system for IBM PC-compatible microcomputers.

EMM386 is the expanded memory manager of Microsoft's MS-DOS, IBM's PC DOS, Digital Research's DR-DOS, and Datalight's ROM-DOS which is used to create expanded memory using extended memory on Intel 80386 CPUs. There also is an EMM386.EXE available in FreeDOS.

<span class="mw-page-title-main">Illegal opcode</span> Undocumented CPU instruction that has an effect

An illegal opcode, also called an unimplemented operation, unintended opcode or undocumented instruction, is an instruction to a CPU that is not mentioned in any official documentation released by the CPU's designer or manufacturer, which nevertheless has an effect. Illegal opcodes were common on older CPUs designed during the 1970s, such as the MOS Technology 6502, Intel 8086, and the Zilog Z80. On these older processors, many exist as a side effect of the wiring of transistors in the CPU, and usually combine functions of the CPU that were not intended to be combined. On old and modern processors, there are also instructions intentionally included in the processor by the manufacturer, but that are not documented in any official specification.

FlexOS is a discontinued modular real-time multiuser multitasking operating system (RTOS) designed for computer-integrated manufacturing, laboratory, retail and financial markets. Developed by Digital Research's Flexible Automation Business Unit in Monterey, California, in 1985, the system was considered to become a successor of Digital Research's earlier Concurrent DOS, but with a new, modular, and considerably different system architecture and portability across several processor families. Still named Concurrent DOS 68K and Concurrent DOS 286, it was renamed into FlexOS on 1 October 1986 to better differentiate the target audiences. FlexOS was licensed by several OEMs who selected it as the basis for their own operating systems like 4680 OS, 4690 OS, S5-DOS/MT and others. Unrelated to FlexOS, the original Concurrent DOS system architecture found a continuation in successors like Concurrent DOS XM and Concurrent DOS 386 as well.

<span class="mw-page-title-main">MS-DOS 4.0 (multitasking)</span>

MS-DOS 4.0 was a multitasking release of MS-DOS developed by Microsoft based on MS-DOS 2.0. Lack of interest from OEMs, particularly IBM, led to it being released only in a scaled-back form. It is sometimes referred to as European MS-DOS 4.0, as it was primarily used there. It should not be confused with PC DOS 4.00 or MS-DOS 4.01 and later, which did not contain the multi-tasking features.

References

  1. 1 2 3 4 Schulman, Andrew; Michels, Raymond J.; Kyle, Jim; Paterson, Tim; Maxey, David; Brown, Ralf D. (1990). Undocumented DOS: A programmer's guide to reserved MS-DOS functions and data structures (1 ed.). Addison-Wesley. pp. 14–15. ISBN   978-0-201-57064-9. (xviii+694+viii pages, 2× 5.25"-floppies ) Errata:
  2. 1 2 Van Gilluwe, Frank (1994). The Undocumented PC (1 ed.). Addison-Wesley. pp. 62–70. ISBN   0-201-62277-7.
  3. 1 2 Duncan, Ray; Petzold, Charles; Baker, M. Steven; Schulman, Andrew; Davis, Stephen R.; Nelson, Ross P.; Moote, Robert (1990). Extending DOS (1 ed.). Reading, MA, USA: Addison-Wesley Publishing Company, Inc. pp. 100–103. ISBN   0-20155053-9.
  4. 1 2 3 Necasek, Michal (2013-10-27). "More on LOADALL and OS/2". OS/2 Museum. Archived from the original on 2018-10-17. Retrieved 2018-10-17.
  5. Collins, Robert R. (October 1991). "The LOADALL Instruction". TECH Specialist - the Journal for Advanced PC Developers. Lawrence, Kansas, USA: R&D Publications, Inc. 2 (10). ISSN   1049-913X. Archived from the original on 2020-02-20. Retrieved 2018-10-17. (NB. The magazine was soon renamed into "The DOS Developers Journal" and eventually into "The Windows/DOS Developer's Journal" (ISSN 1059-2407).)
  6. Necasek, Michal (2011-03-18). "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2017-01-03.
  7. Schulman, Andrew; Brown, Ralf D.; Maxey, David; Michels, Raymond J.; Kyle, Jim (1994) [November 1993]. Williams, Andrew (ed.). Undocumented DOS: A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 . The Andrew Schulman Programming Series (1st printing, 2nd ed.). Reading, Massachusetts, USA: Addison Wesley Publishing Company. p.  42. ISBN   0-201-63287-X. (xviii+856+vi pages, 3.5"-floppy ) Errata:
  8. "Microsoft HIMEM.SYS 2.06 source code".
  9. Deitel, Harvey M.; Kogan, Michael S. (1992). The Design of OS/2 . Addison-Wesley. ISBN   0-201-54889-5.
  10. 1 2 Foster, Edward (1985-05-13). "Super DOS awaits new 80286 – Concurrent DOS 286 – delayed until Intel upgrades chip – offers Xenix's power and IBM PC compatibility". InfoWorld . InfoWorld Media Group. 7 (19): 17–18. ISSN   0199-6649. Archived from the original on 2019-04-21. Retrieved 2019-04-21.
  11. 1 2 Foster, Edward (1985-08-26). "Intel shows new 80286 chip – Future of DRI's Concurrent DOS 286 still unclear after processor fixed". InfoWorld . InfoWorld Media Group. 7 (34): 21. ISSN   0199-6649. Archived from the original on 2019-04-21. Retrieved 2019-04-21.
  12. "Concurrent DOS 68K 1.2 - Developer Kit for Motorola VME/10 - Disk 2". 1986-08-06 [1986-04-08]. Archived from the original on 2019-04-03. Retrieved 2018-09-13. (NB. This package also includes some header files from Concurrent DOS 286, including STRUCT.H explicitly mentioning LOADALL for "8086 emulation".)
  13. 1 2 FlexOS Supplement for Intel iAPX 286-based Computers (PDF). 1.3 (1 ed.). Digital Research, Inc. November 1986. Archived (PDF) from the original on 2019-04-21. Retrieved 2018-08-14.
  14. Calvo, Melissa; Forbes, Jim (1986-02-10). "IBM to use a DRI operating system". InfoWorld . InfoWorld Media Group. Archived from the original on 2019-04-21. Retrieved 2011-09-06.
  15. "IBM selects Concurrent DOS-286 for PC AT retail system" (PDF). European Review . Digital Research (18): 1. March 1986. Archived (PDF) from the original on 2019-04-03. Retrieved 2018-09-15.
  16. Collins, Robert R. (January 1997). "Intel's System Management Mode". Archived from the original on 2017-01-03. Retrieved 2017-01-03.
  17. Necasek, Michal (2013-10-18). "LOADALL Strikes Again". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2016-01-27.
  18. "Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 2B" (PDF). Intel Corporation. December 2015. Archived (PDF) from the original on 2019-04-21. Retrieved 2016-01-27.
  19. Slater, Michael (October 1987). "Secret 286 LOADALL instruction allows access to extended memory in real mode". Microprocessor Report .

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.