Unreal mode

Last updated

In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode [1] is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.

Contents

Mechanism

For efficiency reasons, the 80286 and all later x86 processors use the base address, size and other attributes stored in their internal segment descriptor cache whenever computing effective memory addresses, even in real mode. Therefore, a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors. [2]

A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any thunking. This makes an unreal mode driver simpler than a DPMI driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2.

Big real mode has a 1 MiB code segment and a 4 GiB data segment. [3] [4]

Uses

HIMEM.SYS uses this feature (both 286 and 386 variants) to address extended memory, [5] unless DOS is switched to run in a virtual 8086 mode that is incompatible with unreal mode.

One of the very few games—if not the only one—that used unreal mode was Ultima VII . [6] [7]

Unreal mode is used by BIOS code as this is the initial mode of modern Intel processors. [8] Furthermore, the System Management Mode (SMM) in Intel 386SL and later processors places the processor in huge real mode. [9]

Some boot loaders (such as LILO) use the unreal mode to access up to 4 GiB of memory.

Enabling unreal mode

The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction LOADALL to modify the hidden segment base registers to point to the source or target memory location above 1 MiB. [5]

To put an 80386 or higher microprocessor into unreal mode, a program must first enter protected mode, find or create a flat descriptor in the GDT or LDT, load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of extended memory from real mode. [4]

Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix. [10] This allows programs to use an address like DS:[EBX]. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed.

Variants of unreal mode

As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode" [11] or "big real mode". [12] The term "unreal mode" was introduced in 1991 by Rakesh K. Agarwal. [13]

32-bit code

The "huge real mode" (named in Ralf Brown's interrupt list) or "unREAL" mode (named by Tomasz Grysztar) adds the ability to run 32-bit code with a 4 GiB code segment. This is achieved by loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to 1. This mode allows for avoiding Operand Size Override prefixes normally required when using 32-bit addressing in 16-bit code segment, but is more difficult to set up due to interaction with interrupts. [14] [4]

The use of a 32-bit CS was described in Agarwal's 1991 article introducing the term "unreal mode". [13] This mode is used in Grysztar's open-source FASM and Helix RM386, a commercial DOS Extender bundled by Logitech mouse drivers. Grysztar wrote a description of techniques used for entering this mode and handling interrupts in 2010. He also reports that most of the CPUs he tested supports this previously-unknown mode, with the exception of a CPU of unknown model ("I think it was manufactured by Cyrix") and in a later user report, the Bochs and DOSBox emulators. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Intel 80286</span> Microprocessor model

The Intel 80286 is a 16-bit microprocessor that was introduced on February 1, 1982. It was the first 8086-based CPU with separate, non-multiplexed address and data buses and also the first with memory management and wide protection abilities. The 80286 used approximately 134,000 transistors in its original nMOS (HMOS) incarnation and, just like the contemporary 80186, it could correctly execute most software written for the earlier Intel 8086 and 8088 processors.

x86 Family of instruction set architectures

x86 is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introduced in 1978 as a fully 16-bit extension of Intel's 8-bit 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486 processors. Colloquially, their names were "186", "286", "386" and "486".

Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. The mode gets its name from the fact that addresses in real mode always correspond to real locations in memory. Real mode is characterized by a 20-bit segmented memory address space and unlimited direct software access to all addressable memory, I/O addresses and peripheral hardware. Real mode provides no support for memory protection, multitasking, or code privilege levels.

x86 memory segmentation refers to the implementation of memory segmentation in the Intel x86 computer instruction set architecture. Segmentation was introduced on the Intel 8086 in 1978 as a way to allow programs to address more than 64 KB (65,536 bytes) of memory. The Intel 80286 introduced a second version of segmentation in 1982 that added support for virtual memory and memory protection. At this point the original mode was renamed to real mode, and the new version was named protected mode. The x86-64 architecture, introduced in 2003, has largely dropped support for segmentation in 64-bit mode.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as segmentation, virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

x86 assembly language is the name for the family of assembly languages which provide some level of backward compatibility with CPUs back to the Intel 8008 microprocessor, which was launched in April 1972. It is used to produce object code for the x86 class of processors.

x86-64 64-bit version of x86 architecture

x86-64 is a 64-bit version of the x86 instruction set, first announced in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mode.

<span class="mw-page-title-main">A20 line</span> Signal in the system bus of an x86-based computer system

The A20, or address line 20, is one of the electrical lines that make up the system bus of an x86-based computer system. The A20 line in particular is used to transmit the 21st bit on the address bus.

<span class="mw-page-title-main">Extended memory</span>

In DOS memory management, extended memory refers to memory above the first megabyte (220 bytes) of address space in an IBM PC or compatible with an 80286 or later processor. The term is mainly used under the DOS and Windows operating systems. DOS programs, running in real mode or virtual x86 mode, cannot directly access this memory, but are able to do so through an application programming interface called the Extended Memory Specification (XMS). This API is implemented by a driver (such as HIMEM.SYS) or the operating system, which takes care of memory management and copying memory between conventional and extended memory, by temporarily switching the processor into protected mode. In this context, the term "extended memory" may refer to either the whole of the extended memory or only the portion available through this API.

<span class="mw-page-title-main">Conventional memory</span> First 640 KB of RAM under DOS

In DOS memory management, conventional memory, also called base memory, is the first 640 kilobytes of the memory on IBM PC or compatible systems. It is the read-write memory directly addressable by the processor for use by the operating system and application programs. As memory prices rapidly declined, this design decision became a limitation in the use of large memory capacities until the introduction of operating systems and processors that made it irrelevant.

<span class="mw-page-title-main">High memory area</span>

In DOS memory management, the high memory area (HMA) is the RAM area consisting of the first 65520 bytes above the one megabyte in an IBM AT or compatible computer.

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

In the 80386 microprocessor and later, virtual 8086 mode allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running a protected mode operating system. It is a hardware virtualization technique that allowed multiple 8086 processors to be emulated by the 386 chip. It emerged from the painful experiences with the 80286 protected mode, which by itself was not suitable to run concurrent real-mode applications well. John Crawford developed the Virtual Mode bit at the register set, paving the way to this environment.

Memory segmentation is an operating system memory management technique of dividing a computer's primary memory into segments or sections. In a computer system using segmentation, a reference to a memory location includes a value that identifies a segment and an offset within that segment. Segments or sections are also used in object files of compiled programs when they are linked together into a program image and when the image is loaded into memory.

Virtual DOS machines (VDM) refer to a technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs when there is already another operating system running and controlling the hardware.

A DOS extender is a computer software program running under DOS that enables software to run in a protected mode environment even though the host operating system is only capable of operating in real mode.

LOADALL is the common name for two different, undocumented machine instructions of Intel 80286 and Intel 80386 processors, which allow access to areas of the internal processor state that are normally outside of the IA-32 API scope, like descriptor cache registers. The LOADALL for 286 processors is encoded 0Fh 05h, while the LOADALL for 386 processors is 0Fh 07h.

In computing, the reset vector is the default location a central processing unit will go to find the first instruction it will execute after a reset. The reset vector is a pointer or address, where the CPU should always begin as soon as it is able to execute instructions. The address is in a section of non-volatile memory initialized to contain instructions to start the operation of the CPU, as the first step in the process of booting the system containing the CPU.

The interrupt descriptor table (IDT) is a data structure used by the x86 architecture to implement an interrupt vector table. The IDT is used by the processor to determine the correct response to interrupts and exceptions.

The Global Descriptor Table (GDT) is a data structure used by Intel x86-family processors starting with the 80286 in order to define the characteristics of the various memory areas used during program execution, including the base address, the size, and access privileges like executability and writability. These memory areas are called segments in Intel terminology.

References

  1. Salihun, Darmawan (2013-09-16). "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems" (PDF). Retrieved 2019-08-19.
  2. Gutmann, Peter (2004) [2003]. Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. p.  58. ISBN   978-0-387-95387-8 . Retrieved 2017-01-04. […] Unreal mode became so widely used […] that Intel was forced to support it in all later processors, although its presence was never documented […]
  3. "Modes graph". Archived from the original (JPG) on 2023-01-18.
  4. 1 2 3 "Unreal Mode". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
  5. 1 2 Necasek, Michal (2011-03-18). "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2017-01-03.
  6. Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroup:  comp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.
  7. "A Brief History of Unreal Mode | OS/2 Museum".
  8. Pelner, Jenny; Pelner, James. "Minimal Intel Architecture Boot Loader" . Retrieved 2017-10-14.
  9. Domas, Christopher (2015). "The Memory Sinkhole: An architectural privilege escalation vulnerability" (PDF). Battelle Memorial Institute. Archived (PDF) from the original on 2017-01-05. Retrieved 2017-01-04. The processor loads an architecturally defined system state "Unreal" mode
  10. "X86-64 Instruction Coding". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
  11. "Flat Real Mode". 1998-03-16. Archived from the original on 2015-08-18.
  12. Brown, Ralf D. "Interrupt List". INT 80 (AMI BIOS). Retrieved 2017-10-14.
  13. 1 2 Necasek, Michal (2018-06-15). "A Brief History of Unreal Mode". OS/2 Museum.
  14. Brown, Ralf D. "Interrupt List". INT 78 (HugeRealMode Driver). Retrieved 2017-10-14.
  15. Grysztar, Tomasz (2010-09-17). "unREAL Mode" . Retrieved 2017-10-14.

Further reading