Unreal mode

From HandWiki
Short description: Variant of real mode in x86 computing

In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode[1] is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.

Mechanism

For efficiency reasons, the 80286 and all later x86 processors use the base address, size and other attributes stored in their internal segment descriptor cache whenever computing effective memory addresses, even in real mode. Therefore, a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors.[2]

A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any thunking. This makes an unreal mode driver simpler than a DPMI driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2.

Big real mode has a 1 MiB code segment and a 4 GiB data segment.[3][4]

Uses

HIMEM.SYS uses this feature (both 286 and 386 variants) to address extended memory,[5] unless DOS is switched to run in a virtual 8086 mode that is incompatible with unreal mode.

One of the very few games—if not the only one—that used unreal mode was Ultima VII.[6][7]

Unreal mode is used by BIOS code as this is the initial mode of modern Intel processors.[8] Furthermore, the System Management Mode (SMM) in Intel 386SL and later processors places the processor in huge real mode.[9]

Some boot loaders (such as LILO) use the unreal mode to access up to 4 GiB of memory.

Enabling unreal mode

The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction LOADALL to modify the hidden segment base registers to point to the source or target memory location above 1 MiB.[5]

To put an 80386 or higher microprocessor into unreal mode, a program must first enter protected mode, find or create a flat descriptor in the GDT or LDT, load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of extended memory from real mode.[4]

Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix.[10] This allows programs to use an address like DS:[EBX]. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed.

Variants of unreal mode

As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode"[11] or "big real mode".[12] The term "unreal mode" was introduced in 1991 by Rakesh K. Agarwal.[13]

32-bit code

The "huge real mode" (named in Ralf Brown's interrupt list) or "unREAL" mode (named by Tomasz Grysztar) adds the ability to run 32-bit code with a 4 GiB code segment. This is achieved by loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to 1. This mode allows for avoiding Operand Size Override prefixes normally required when using 32-bit addressing in 16-bit code segment, but is more difficult to set up due to interaction with interrupts.[14][4]

The use of a 32-bit CS was described in Agarwal's 1991 article introducing the term "unreal mode".[13] This mode is used in Grysztar's open-source FASM and Helix RM386, a commercial DOS Extender bundled by Logitech mouse drivers. Grysztar wrote a description of techniques used for entering this mode and handling interrupts in 2010. He also reports that most of the CPUs he tested supports this previously-unknown mode, with the exception of a CPU of unknown model ("I think it was manufactured by Cyrix") and in a later user report, the Bochs and DOSBox emulators.[15]

See also

References

  1. "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems". 2013-09-16. https://sites.google.com/site/pinczakko/bios-articles/System%20Address%20Map%20Initialization%20in%20x86_x64%20-%20Part%201.pdf. 
  2. Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. 2004. p. 58. ISBN 978-0-387-95387-8. https://archive.org/details/springer_10.1007-b97264. Retrieved 2017-01-04. "[…] Unreal mode became so widely used […] that Intel was forced to support it in all later processors, although its presence was never documented […]" 
  3. "Modes graph" (JPG). https://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg. 
  4. 4.0 4.1 4.2 "Unreal Mode". http://wiki.osdev.org/Unreal_Mode. 
  5. 5.0 5.1 "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. 2011-03-18. http://www.os2museum.com/wp/himem-sys-unreal-mode-and-loadall/. 
  6. Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroupcomp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.
  7. "A Brief History of Unreal Mode | OS/2 Museum". http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/. 
  8. "Minimal Intel Architecture Boot Loader". https://www.intel.com/content/www/us/en/intelligent-systems/intel-boot-loader-development-kit/minimal-intel-architecture-boot-loader-paper.html. 
  9. "The Memory Sinkhole: An architectural privilege escalation vulnerability". Battelle Memorial Institute. 2015. https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf. "The processor loads an architecturally defined system state "Unreal" mode" 
  10. "X86-64 Instruction Coding". http://wiki.osdev.org/X86-64_Instruction_Encoding#Operand-size_and_address-size_override_prefix. 
  11. "Flat Real Mode". 1998-03-16. https://dflund.se/~john_e/gems/gem0022.html. 
  12. "Interrupt List". INT 80 (AMI BIOS). https://www.cs.cmu.edu/~ralf/files.html. 
  13. 13.0 13.1 Necasek, Michal (June 15, 2018). "A Brief History of Unreal Mode". https://www.os2museum.com/wp/a-brief-history-of-unreal-mode/. 
  14. "Interrupt List". INT 78 (HugeRealMode Driver). https://www.cs.cmu.edu/~ralf/files.html. 
  15. "unREAL Mode". 2010-09-17. https://board.flatassembler.net/topic.php?t=11940. 

Further reading