Unreal mode
In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode[1] is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.
Mechanism
For efficiency reasons, the 80286 and all later x86 processors use the base address, size and other attributes stored in their internal segment descriptor cache whenever computing effective memory addresses, even in real mode. Therefore, a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors.[2]
A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any thunking. This makes an unreal mode driver simpler than a DPMI driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2.
Big real mode has a 1 MiB code segment and a 4 GiB data segment.[3][4]
Uses
HIMEM.SYS uses this feature (both 286 and 386 variants) to address extended memory,[5] unless DOS is switched to run in a virtual 8086 mode that is incompatible with unreal mode.
One of the very few games—if not the only one—that used unreal mode was Ultima VII.[6][7]
Unreal mode is used by BIOS code as this is the initial mode of modern Intel processors.[8] Furthermore, the System Management Mode (SMM) in Intel 386SL and later processors places the processor in huge real mode.[9]
Some boot loaders (such as LILO) use the unreal mode to access up to 4 GiB of memory.
Enabling unreal mode
The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction LOADALL to modify the hidden segment base registers to point to the source or target memory location above 1 MiB.[5]
To put an 80386 or higher microprocessor into unreal mode, a program must first enter protected mode, find or create a flat descriptor in the GDT or LDT, load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of extended memory from real mode.[4]
Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix.[10] This allows programs to use an address like DS:[EBX]. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed.
Variants of unreal mode
As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode"[11] or "big real mode".[12] The term "unreal mode" was introduced in 1991 by Rakesh K. Agarwal.[13]
32-bit code
The "huge real mode" (named in Ralf Brown's interrupt list) or "unREAL" mode (named by Tomasz Grysztar) adds the ability to run 32-bit code with a 4 GiB code segment. This is achieved by loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to 1. This mode allows for avoiding Operand Size Override prefixes normally required when using 32-bit addressing in 16-bit code segment, but is more difficult to set up due to interaction with interrupts.[14][4]
The use of a 32-bit CS was described in Agarwal's 1991 article introducing the term "unreal mode".[13] This mode is used in Grysztar's open-source FASM and Helix RM386, a commercial DOS Extender bundled by Logitech mouse drivers. Grysztar wrote a description of techniques used for entering this mode and handling interrupts in 2010. He also reports that most of the CPUs he tested supports this previously-unknown mode, with the exception of a CPU of unknown model ("I think it was manufactured by Cyrix") and in a later user report, the Bochs and DOSBox emulators.[15]
See also
References
- ↑ "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems". 2013-09-16. https://sites.google.com/site/pinczakko/bios-articles/System%20Address%20Map%20Initialization%20in%20x86_x64%20-%20Part%201.pdf.
- ↑ Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. 2004. p. 58. ISBN 978-0-387-95387-8. https://archive.org/details/springer_10.1007-b97264. Retrieved 2017-01-04. "[…] Unreal mode became so widely used […] that Intel was forced to support it in all later processors, although its presence was never documented […]"
- ↑ "Modes graph" (JPG). https://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg.
- ↑ 4.0 4.1 4.2 "Unreal Mode". http://wiki.osdev.org/Unreal_Mode.
- ↑ 5.0 5.1 "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. 2011-03-18. http://www.os2museum.com/wp/himem-sys-unreal-mode-and-loadall/.
- ↑ Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroup: comp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.
- ↑ "A Brief History of Unreal Mode | OS/2 Museum". http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/.
- ↑ "Minimal Intel Architecture Boot Loader". https://www.intel.com/content/www/us/en/intelligent-systems/intel-boot-loader-development-kit/minimal-intel-architecture-boot-loader-paper.html.
- ↑ "The Memory Sinkhole: An architectural privilege escalation vulnerability". Battelle Memorial Institute. 2015. https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf. "The processor loads an architecturally defined system state "Unreal" mode"
- ↑ "X86-64 Instruction Coding". http://wiki.osdev.org/X86-64_Instruction_Encoding#Operand-size_and_address-size_override_prefix.
- ↑ "Flat Real Mode". 1998-03-16. https://dflund.se/~john_e/gems/gem0022.html.
- ↑ "Interrupt List". INT 80 (AMI BIOS). https://www.cs.cmu.edu/~ralf/files.html.
- ↑ 13.0 13.1 Necasek, Michal (June 15, 2018). "A Brief History of Unreal Mode". https://www.os2museum.com/wp/a-brief-history-of-unreal-mode/.
- ↑ "Interrupt List". INT 78 (HugeRealMode Driver). https://www.cs.cmu.edu/~ralf/files.html.
- ↑ "unREAL Mode". 2010-09-17. https://board.flatassembler.net/topic.php?t=11940.
Further reading
- IBM Operating System/2 Technical Reference - Programming Family. 1 (1st ed.). IBM. September 1987. http://bitsavers.informatik.uni-stuttgart.de/pdf/ibm/pc/os2/84X1434_OS2_Technical_Reference_Volume_1_Sep87.pdf.
- "Four Gigabytes in Real Mode - A slick trick to access large memory spaces on the 80386 from DOS". Programmer's Journal - The Resource Journal for IBM PC Programmers. 386 Now (Eugene, Oregon, USA: Oakley Publishing Company) 7 (6): 89–94. November–December 1989. ISSN 0747-5861. https://www.unzcloud.net/PDF/PERIODICAL/ProgrammersJournal-1989nov/91-97//. Retrieved 2020-02-21.
- "DOS + 386 = 4 Gigabytes!". Dr. Dobb's Journal (People's Computer Company) 15: 62–71. July 1990. https://archive.org/details/dr_dobbs_journal_vol_15/dr_dobbs_journal_vol_15. [1][2] Errata: [3]
- "Chapter 18: Accessing 4 Gigabytes in Real Mode". DOS 5: A Developer's Guide - Advanced Programming Guide to DOS (1 ed.). Redwood City, California, USA: M&T Publishing, Inc. / Prentice Hall International (UK) Limited. 1991. pp. 691–712. ISBN 0-13-217993-8. https://archive.org/details/dos5developersgu00will. (NB. Implements "Big real mode" SEG4G.)
- "How to kick out a memory manager". Amiens, France: Walken / Impact Studios. http://dgi_il.tripod.com/gemmis.txt.
- Intel IA-32 Software Developer's Manual - Volume 3A
- The Unabridged Pentium 4: IA32 Processor Genealogy, Addison Wesley ISBN:0-321-24656-X. "Big real mode"
- "Call HugeRealMode Server "Enable Two-Stage Interrupt Model" function". http://www.delorie.com/djgpp/doc/rbinter/it/91/37.html.
- "A Brief History of Unreal Mode". OS/2 Museum. 2018-06-15. http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/.
- "Descriptor Cache Registers". http://www.rcollins.org/Productivity/DescriptorCache.html.
- DOS Internals. The Andrew Schulman Programming Series (1st printing, 1st ed.). Addison Wesley Publishing Company. January 1994. ISBN 978-0-201-60835-9. (xxvi+738+iv pages, 3.5"-floppy [4][5]) Errata: [6][7][8]
- Method for expanding addressable memory range in real-mode processing to facilitate loading of large programs into high memory
Original source: https://en.wikipedia.org/wiki/Unreal mode.
Read more |