The question isn't a minimal complete verifiable example. I am having to improvise and fill in some of the gaps and clean things up.
Noticeable problems:
- Primary issue is that your second stage isn't actually running in 32-bit protected mode. When you jump to it from the bootloader it is still 16-bit realmode. You will have to enable A20 line, set up a GDT and switch to protected mode. Your code is modelled around existing projects and tutorials that usually include a
gdt.asm, switch_pm.asm, and 32print_pm.asm. The code below uses these files to get into protected mode and print using a 32-bit print_string_pm function. Printing in protected mode can't use the BIOS. Your stage 2 will effectively need a 16-bit realmode part and a 32-bit protected mode part.
- Your realmode code has a combination of calling
print and print_string. I have modified it all and kept it consistent as print_string.
- You need to set the BOOT_DRIVE after you set DS, not before it.
- You have the signature
0xface at the beginning of stage 2. You will need to jump to 2 bytes beyond it to avoid executing the signature as code. You also rely on CS being set as you copy it to DS and ES. You will need to ensure you set CS first. You can rectify that FAR JMP using 0x0000:0x9002. That will set CS to 0x0000 and IP to 0x9002.
The revised code could look like:
boot.asm:
bits 16
org 0x7c00
xor ax, ax
mov es, ax
mov ds, ax
mov ss, ax
mov sp, 0x7c00
mov bp, sp
mov [BOOT_DRIVE], dl ; Save the boot drive after setting DS, not before
cld
mov bx, boot_msg
call print_string
mov dx, [0x9000]
call print_hex
mov bx, 0x9000
mov dh, 2
mov dl, [BOOT_DRIVE]
call load_disk
mov dx, [0x9000]
call print_hex
jmp 0x0000:0x9002 ; FAR JMP to second stage that sets CS to 0x0000
; We use 9002 since the first 2 bytes are the stage2 sig
boot_msg db "Booting cornoS", 0
%include "print.asm"
%include "print_hex.asm"
%include "load_disk.asm"
BOOT_DRIVE db 0
times 510-($-$$) db 0
dw 0xaa55
stage2.asm:
bits 16
dw 0xface
stage2:
; Still in 16-bit realmode at this point
mov ax, cs
mov ds, ax
mov es, ax
mov bx, stage2_called
call print_string
; Enter protected mode
; Should check for A20 being enabled before enabling it
; For the original poster to clean up
call enable_a20
call switch_to_pm
%include "print.asm"
%include "a20.asm"
%include "switch_pm.asm"
%include "gdt.asm"
bits 32
BEGIN_PM:
mov ebx, stage2_in_pm
call print_string_pm
jmp $
%include "32print_pm.asm"
stage2_called db "Stage two successfully called!", 0
stage2_in_pm db "In protected mode!", 0
load_disk.asm:
load_disk:
pusha
push dx
mov ah, 0x02
mov al, dh
mov ch, 0x00
mov cl, 0x02
mov dh, 0x00
int 0x13
jc disk_error
pop dx
cmp al, dh
jne sectors_error
mov bx, read_disk_success
call print_string
popa
ret
disk_error:
mov bx, read_disk_failed
call print_string
mov dh, ah
call print_hex
jmp $
sectors_error:
mov bx, incorrect_sectors
call print_string
jmp $
read_disk_success db "Successfully read disk!", 0
read_disk_failed db "Failed to read disk", 0
incorrect_sectors db "Incorrect number of sectors read", 0
print.asm:
print_string:
pusha
; keep this in mind:
; while (string[i] != 0) { print string[i]; i++ }
; the comparison for string end (null byte)
start:
mov al, [bx] ; 'bx' is the base address for the string
cmp al, 0
je done
; the part where we print with the BIOS help
mov ah, 0x0e
int 0x10 ; 'al' already contains the char
; increment pointer and do next loop
add bx, 1
jmp start
done:
popa
ret
print_nl:
pusha
mov ah, 0x0e
mov al, 0x0a ; newline char
int 0x10
mov al, 0x0d ; carriage return
int 0x10
popa
ret
print_hex.asm:
print_hex:
; manipulate chars at HEX_OUT to reflect DX
mov cx, dx
and cx, 0xf000
shr cx, 12
call to_char
mov [HEX_OUT + 2], cx
mov cx, dx
and cx, 0x0f00
shr cx, 8
call to_char
mov [HEX_OUT + 3], cx
mov cx, dx
and cx, 0x00f0
shr cx, 4
call to_char
mov [HEX_OUT + 4], cx
mov cx, dx
and cx, 0x000f
call to_char
mov [HEX_OUT + 5], cx
mov bx, HEX_OUT
call print_string
mov byte [HEX_OUT + 2], '0'
mov byte [HEX_OUT + 3], '0'
mov byte [HEX_OUT + 4], '0'
mov byte [HEX_OUT + 5], '0'
ret
to_char:
cmp cx, 0xa
jl digits
sub cx, 0xa
add cx, 'a'
ret
digits:
add cx, '0'
ret
HEX_OUT: db '0x0000', 0
a20.asm:
;;
;; NASM 32bit assembler
;;
;; From OSDev Wiki
enable_a20:
cli
call a20wait
mov al,0xAD
out 0x64,al
call a20wait
mov al,0xD0
out 0x64,al
call a20wait2
in al,0x60
push eax
call a20wait
mov al,0xD1
out 0x64,al
call a20wait
pop eax
or al,2
out 0x60,al
call a20wait
mov al,0xAE
out 0x64,al
call a20wait
sti
ret
a20wait:
in al,0x64
test al,2
jnz a20wait
ret
a20wait2:
in al,0x64
test al,1
jz a20wait2
ret
gdt.asm:
gdt_start: ; don't remove the labels, they're needed to compute sizes and jumps
; the GDT starts with a null 8-byte
dd 0x0 ; 4 byte
dd 0x0 ; 4 byte
; GDT for code segment. base = 0x00000000, length = 0xfffff
; for flags, refer to os-dev.pdf document, page 36
gdt_code:
dw 0xffff ; segment length, bits 0-15
dw 0x0 ; segment base, bits 0-15
db 0x0 ; segment base, bits 16-23
db 10011010b ; flags (8 bits)
db 11001111b ; flags (4 bits) + segment length, bits 16-19
db 0x0 ; segment base, bits 24-31
; GDT for data segment. base and length identical to code segment
; some flags changed, again, refer to os-dev.pdf
gdt_data:
dw 0xffff
dw 0x0
db 0x0
db 10010010b
db 11001111b
db 0x0
gdt_end:
; GDT descriptor
gdt_descriptor:
dw gdt_end - gdt_start - 1 ; size (16 bit), always one less of its true size
dd gdt_start ; address (32 bit)
; define some constants for later use
CODE_SEG equ gdt_code - gdt_start
DATA_SEG equ gdt_data - gdt_start
switch_pm.asm:
[bits 16]
switch_to_pm:
cli ; 1. disable interrupts
lgdt [gdt_descriptor] ; 2. load the GDT descriptor
mov eax, cr0
or eax, 0x1 ; 3. set 32-bit mode bit in cr0
mov cr0, eax
jmp CODE_SEG:init_pm ; 4. far jump by using a different segment
[bits 32]
init_pm: ; we are now using 32-bit instructions
mov ax, DATA_SEG ; 5. update the segment registers
mov ds, ax
mov ss, ax
mov es, ax
mov fs, ax
mov gs, ax
mov ebp, 0x90000 ; 6. update the stack right at the top of the free space
mov esp, ebp
call BEGIN_PM ; 7. Call a well-known label with useful code
32print_pm.asm:
[bits 32] ; using 32-bit protected mode
; this is how constants are defined
VIDEO_MEMORY equ 0xb8000
WHITE_OB_BLACK equ 0x0f ; the color byte for each character
print_string_pm:
pusha
mov edx, VIDEO_MEMORY
print_string_pm_loop:
mov al, [ebx] ; [ebx] is the address of our character
mov ah, WHITE_OB_BLACK
cmp al, 0 ; check if end of string
je print_string_pm_done
mov [edx], ax ; store character + attribute in video memory
add ebx, 1 ; next char
add edx, 2 ; next video memory position
jmp print_string_pm_loop
print_string_pm_done:
popa
ret
You can use the same commands you used before to build the disk image:
nasm -f bin -o boot.bin boot.asm
nasm -f elf32 -o stage2.o stage2.asm
ld -melf_i386 -Ttext=0x9000 -nostdlib --nmagic -o stage2.elf stage2.o
objcopy -O binary stage2.elf stage2.bin
dd if=/dev/zero of=corn.img bs=512 count=2880
dd if=boot.bin of=corn.img bs=512 conv=notrunc
dd if=stage2.bin of=corn.img bs=512 seek=1 conv=notrunc
qemu-system-i386 -fda corn.img
The output should appear something like:
More Advanced print_string_pm function
The generic print_string_pm in most of the tutorials starts printing in the upper left of the screen and is very basic. I wrote some example code for a more advanced print_string_pm function that:
- Continues printing in protected where the BIOS TTY functions left off
- Supports scrolling down
- Takes a color attribute to print with
- Takes a color attribute to fill the bottom line with when scrolling occurs
- Handles line wrapping
- Supports backspace, but not beyond beginning of screen
- Handles Carriage Return and Line Feed
- Ignores the TAB character
- Requires calling
call update_screen_state_from_bios once after entering protected mode
- Updates the hardware cursor when finished
32print_pm.asm:
bits 32
VIDEO_TEXT_ADDR EQU 0xb8000 ; Hard code beginning of text video memory
CR EQU 0x0d ; Carriage return
LF EQU 0x0a ; Line feed
BS EQU 0x08 ; Back space
TAB EQU 0x09 ; Tab
; Function: update_screen_info_from_bios
; set the hardware cursor position based on the
; current column (cur_col) and current row (cur_row) coordinates
;
; Inputs: None
; Clobbers: EAX
; Returns: None
update_screen_state_from_bios:
xor eax, eax ; Clear EAX for the instructions below
mov al, [0x450] ; Byte at address 0x450 = last BIOS column position
mov [cur_col], eax ; Copy to current column
mov al, [0x451] ; Byte at address 0x451 = last BIOS row position
mov [cur_row], eax ; Copy to current row
mov al, [0x484] ; Word at address 0x484 = # of rows-1 (screen height)
mov [screen_height],eax ; Copy to screen height
mov ax, [0x44a] ; Word at address 0x44a = # of columns (screen width)
mov [screen_width], eax ; Copy to screen width
ret
; Function: set_cursor
; set the hardware cursor position based on the
; current column (cur_col) and current row (cur_row) coordinates
; See: https://wiki.osdev.org/Text_Mode_Cursor#Moving_the_Cursor_2
;
; Inputs: None
; Clobbers: EAX, ECX, EDX
; Returns: None
set_cursor:
mov ecx, [cur_row] ; EAX = cur_row
imul ecx, [screen_width] ; ECX = cur_row * screen_width
add ecx, [cur_col] ; ECX = cur_row * screen_width + cur_col
; Send low byte of cursor position to video card
mov edx, 0x3d4
mov al, 0x0f
out dx, al ; Output 0x0f to 0x3d4
inc edx
mov al, cl
out dx, al ; Output lower byte of cursor pos to 0x3d5
; Send high byte of cursor position to video card
dec edx
mov al, 0x0e
out dx, al ; Output 0x0e to 0x3d4
inc edx
mov al, ch
out dx, al ; Output higher byte of cursor pos to 0x3d5
ret
; Function: print_string_pm
; Display a string to the console on display page 0 in protected mode.
; Handles carriage return, line feed, and backspace. Tab characters
; are not processed. Scrolling and wrapping are supported.
; Backspacing beyond the first line does nothing.
;
; Inputs: ESI = Offset of address to print
; AH = Attribute of string to print
; AL = Attribute to use when filling bottom line during down scrolling
; Clobbers: ECX, EDX
; Returns: None
print_string_pm:
push edi
push esi
push eax
push ebx
push ebp
; Assume base of text video memory is ALWAYS 0xb8000
mov ebx, VIDEO_TEXT_ADDR ; EBX = beginning of video memory
mov cl, al ; CL = attribute to use for clearing while scrolling
call .init ; Initialize register state for use while printing
jmp .getch
.repeat:
cmp al, CR ; Is the character a carriage return?
jne .chk_lf ; If not skip and check for line feed
lea edi, [ebx + edx * 2] ; Set current video memory pointer to beginning of line
mov dword [cur_col], 0 ; Set current column to 0
xor al, al ; AL = 0 = Don't print character
jmp .chk_bounds ; Check screen bounds
.chk_lf:
; Process line feed
cmp al, LF ; Is the character a line feed?
jne .chk_bs ; If not check for backspace
mov ebp, [screen_width]
lea edi, [edi + ebp * 2] ; Set current video memory ptr to same pos on next line
inc dword [cur_row] ; Set current row to next line
xor al, al ; AL = 0 = Don't print character
jmp .chk_bounds ; Check screen bounds
.chk_bs:
; Process back space
cmp al, BS ; Is the character a Back space?
jne .chk_tab ; If not check for tab
cmp edi, ebx
je .getch ; If at beginning of display, ignore and get next char
dec dword [cur_col] ; Set current column to previous column
jmp .chk_bounds ; Check screen bounds
; Process tab - ignore character
.chk_tab:
cmp al, TAB ; Is the character a Tab?
je .getch ; If it is, skip and get next character
; Check row and column boundaries and clip them if necessary
; If we exceed the number of rows on display,scroll down by a line
.chk_bounds:
mov ebp, [screen_width] ; EAX=screen width
cmp [cur_col], ebp ; Have we reached edge of display?
jl .chk_col_start ; If not - continue by checking for beginning of line
mov dword [cur_col], 0 ; Reset current column to beginning of line
inc dword [cur_row] ; Advance to the next row
jmp .chk_rows ; Check number of rows in bounds
.chk_col_start:
cmp dword [cur_col], 0 ; Check if beginning of line
jge .chk_rows ; If not negative (beginning of line) check row bounds
mov dword [cur_col], 0 ; Set column to 0
.chk_rows:
mov ebp, [screen_height] ; EAX=screen width
cmp [cur_row], ebp ; Have we reached edge of display?
jle .test_char ; If not then continue by updating display
dec dword [cur_row] ; Back one row since we will be scrolling down a line
call .scroll_down_one_line ; Scroll display down by a line
call .init ; Reinitialize register state after scroll
; Display character to video memory at current location if not a NUL character
.test_char:
test al, al ; Is the character 0?
jz .getch ; If it is we are finished, get next character
cmp al, BS ; Is the character a Back space?
jne .not_bs ; If not back space print char and advance cursor
mov al, ' '
sub edi, 2 ; Go back one cell in video memory
mov [es:edi], al ; Print a space to clear previous character
jmp .getch ; Don't advance cursor and get next character
.not_bs:
stosw ; Update current character at current location
inc dword [cur_col] ; Advance the current column by 1 position
; Get next character from string parameter
.getch:
lodsb ; Get character from string
test al, al ; Have we reached end of string?
jnz .repeat ; if not process next character
.end:
call set_cursor ; Update hardware cursor position
pop ebp
pop ebx
pop eax
pop esi
pop edi
ret
; Function: print_string_pm.scroll_down_one_line
; Internal function of print_string_pm to scroll the display down
; by a single line. The top line is lost and the bottom line is
; filled with spaces.
;
; Inputs: EBX = Base address of video page
; AH = Attribute to use when clearing last line
; Clobbers: None
; Returns: None, display updated
.scroll_down_one_line:
pusha
mov ebp, [screen_height] ; EBP = (num_rows-1)
mov eax, [screen_width] ; EAX = screen_width
lea esi, [ebx + eax * 2] ; ESI = pointer to second line on screen
mov edi, ebx ; EDI = pointer to first line on screen
mul ebp ; EAX = screen_width * (num_rows-1)
mov ecx, eax ; ECX = number of screen cells to copy
rep movsw
lea edi, [ebx + eax * 2] ; Destination offset =
; last row = screen_width * (num_rows-1)
mov ecx, [screen_width] ; Update a rows worth of word cells
mov ah, cl
mov al, ' ' ; Use a space character with current background attribute
rep stosw ; to clear the last line.
popa
ret
; Function: print_string_pm.init
; Internal function of print_string_pm to compute the video memory
; address of the current cursor location and the address to the
; beginning of the current line
;
; Inputs: EBX = Base address of video page
; Returns: EDI = Current video memory offset of cursor
; EDX = Video memory offset to beginning of line
; Clobbers: None
.init:
push eax
mov eax, [cur_row] ; EAX = cur_row
mul dword [screen_width] ; EAX = cur_row * screen_width
mov edx, eax ; EDX = copy of offset to beginning of line
add eax, [cur_col] ; EAX = cur_row * screen_width + cur_col
lea edi, [ebx + eax * 2] ; EDI = memory location of current screen cell
pop eax
ret
align 4
cur_row: dd 0x00
cur_col: dd 0x00
screen_width: dd 0x00
screen_height:dd 0x00
stage2.asm:
ATTR_WHITE_ON_BLACK EQU 0x07 ; White on black attribute
bits 16
dw 0xface
stage2:
; Still in 16-bit realmode at this point
mov ax, cs
mov ds, ax
mov es, ax
mov bx, stage2_called
call print_string
; Enter protected mode
; Should check for A20 being enabled before enabling it
; For the original poster to clean up
call enable_a20
call switch_to_pm
%include "print.asm"
%include "a20.asm"
%include "switch_pm.asm"
%include "gdt.asm"
bits 32
BEGIN_PM:
; Advanced print_string_pm needs to be initialized with the coordinate and screen
; info from the BIOS to continue here the BIOS left off.
call update_screen_state_from_bios
; Advanced print_string_pm takes the address of the string in ESI and
; attribute information in AX (AL/AH).
mov esi, stage2_in_pm
mov ah, ATTR_WHITE_ON_BLACK ; Attribute to print with
mov al, ah ; Attribute to clear last line when scrolling
call print_string_pm
jmp $
%include "32print_pm.asm"
stage2_called db "Stage two successfully called!", 0
stage2_in_pm db "In protected mode!", 0
The output should appear something like:
