Revision as of 12:46, 29 October 2007 edit217.87.99.127 (talk)No edit summary← Previous edit | Latest revision as of 13:36, 26 January 2024 edit undoRofraja (talk | contribs)Extended confirmed users, Pending changes reviewers20,638 edits Fix bare URLs references, get archive URL for dead link and add title | ||
(143 intermediate revisions by 86 users not shown) | |||
Line 1: | Line 1: | ||
{{short description|Variant of real mode in x86 computing}} | |||
{{Use dmy dates|date=May 2019|cs1-dates=y}} | |||
{{Use list-defined references|date=December 2021}} | |||
{{x86 Processor Modes}} | {{x86 Processor Modes}} | ||
⚫ | In ] ], '''unreal mode''', also '''big real mode''', '''flat real mode''', or '''voodoo mode'''<ref name="Darmawan_1"/> is a variant of ], in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the ] and later x86 processors. | ||
==Mechanism== | |||
⚫ | ''' |
||
For efficiency reasons, the ] and all later x86 processors use the base address, size and other attributes stored in their internal ] cache whenever computing effective memory addresses, even in real mode. Therefore, a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors.<ref name="Gutmann_2004"/> | |||
A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any ]. This makes an unreal mode driver simpler than a ] driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2. | |||
==Overview== | |||
For efficiency reasons, the ] and later x86 processors use the base address stored in their internal "descriptor" cache whenever accessing memory, regardless if they are operating in real or protected mode. The "selector", i.e. the 16-bit "segment number" visible to the programmer is used once, while reloading a segment register, to update the various fields of the respective "descriptor", and then is simply disregarded. | |||
Big real mode has a 1 MiB code segment and a 4 GiB data segment.<ref name="CNBlogs"/><ref name="Unreal_Mode"/> | |||
Some ]s use this feature to address the ]. It was used by many ]s in the ] to ] time frame, since it allowed programmers to use more memory than in real mode, which is restricted to 1 ] (640 ] usable), but still access the ] operating system, which doesn't work in protected mode. After the introduction of ] unreal mode quickly fell out of favour as programs using it cannot be run in the DOS prompt of ]; they require a "Restart in MS-DOS mode" in Windows 95 and ], and cannot be run at all on ] and later Windows systems. For those operating systems, an ] such as ] is the only way to run programs designed for unreal mode. Unreal mode is still extensively used by ] code. | |||
== |
== Uses == | ||
] uses this feature (both 286 and 386 variants) to address ],<ref name="Necasek_2011"/> unless DOS is switched to run in a ] that is incompatible with unreal mode. | |||
⚫ | To |
||
One of the very few games—if not the only one—that used unreal mode was '']''.<ref name="Riiser_2004"/><ref name="History"/> | |||
==A bug?== | |||
The Intel 80386 Programmers Reference Manual (section 14.5, page 210) from 1986 does not contain any information about what happens if the programmer does not follow the guidelines when returning to real mode. Thus unreal mode could be described as originally being a side-effect or a ]. However, code that makes use of unreal mode can run without changes on modern processors as well, provided that the the code is not executed in ]. | |||
Unreal mode is used by ] code as this is the initial mode of modern Intel processors.<ref name="Intel_Boot"/> Furthermore, the ] (SMM) in ] and later processors places the processor in huge real mode.<ref name="Domas_2015"/> | |||
Some ]s (such as ]) use the unreal mode to access up to 4 GiB of memory. | |||
==Enabling unreal mode== | |||
The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction ] to modify the hidden segment base registers to point to the source or target memory location above 1 MiB.<ref name="Necasek_2011"/> | |||
⚫ | To put an 80386 or higher microprocessor into unreal mode, a program must first enter ], find or create a flat descriptor in the ] or ], load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of ] from real mode.<ref name="Unreal_Mode"/> | ||
Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix.<ref name="X86-64"/> This allows programs to use an address like DS:. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed. | |||
==Variants of unreal mode== | |||
As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode"<ref name="FRM"/> or "big real mode".<ref name="RBIL_80"/> The term "unreal mode" was introduced in 1991 by Rakesh K. Agarwal.<ref name="Necasek_2018">{{cite web |last1=Necasek |first1=Michal |title=A Brief History of Unreal Mode |url=https://www.os2museum.com/wp/a-brief-history-of-unreal-mode/ |website=OS/2 Museum |date=June 15, 2018}}</ref> | |||
=== 32-bit code === | |||
The "huge real mode" (named in Ralf Brown's interrupt list) or "unREAL" mode (named by Tomasz Grysztar) adds the ability to run 32-bit code with a 4 GiB code segment. This is achieved by loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to 1. This mode allows for avoiding Operand Size Override prefixes normally required when using 32-bit addressing in 16-bit code segment, but is more difficult to set up due to interaction with interrupts.<ref name="RBIL_780000"/><ref name="Unreal_Mode"/> | |||
The use of a 32-bit CS was described in Agarwal's 1991 article introducing the term "unreal mode".<ref name="Necasek_2018"/> This mode is used in Grysztar's open-source ] and Helix RM386, a commercial DOS Extender bundled by Logitech mouse drivers. Grysztar wrote a description of techniques used for entering this mode and handling interrupts in 2010. He also reports that most of the CPUs he tested supports this previously-unknown mode, with the exception of a CPU of unknown model ("I think it was manufactured by ]") and in a later user report, the ] and ] emulators.<ref name="Grysztar_2010"/> | |||
==See also== | ==See also== | ||
* ] | |||
⚫ | *] | ||
* ] (GEMMIS) | |||
⚫ | * ] | ||
* ] | |||
==References== | |||
⚫ | ] | ||
{{Reflist|refs= | |||
] | |||
<ref name="Necasek_2011">{{cite web |url=http://www.os2museum.com/wp/himem-sys-unreal-mode-and-loadall/ |title=HIMEM.SYS, unreal mode, and LOADALL |author-first=Michal |author-last=Necasek |work=OS/2 Museum |date=2011-03-18 |access-date=2017-01-03 |url-status=live |archive-url=https://web.archive.org/web/20170103214301/http://www.os2museum.com/wp/himem-sys-unreal-mode-and-loadall/ |archive-date=2017-01-03}}</ref> | |||
] | |||
<ref name="Intel_Boot">{{cite web |author-first1=Jenny |author-last1=Pelner |author-first2=James |author-last2=Pelner |url=https://www.intel.com/content/www/us/en/intelligent-systems/intel-boot-loader-development-kit/minimal-intel-architecture-boot-loader-paper.html |title=Minimal Intel Architecture Boot Loader |access-date=2017-10-14 }}</ref> | |||
<ref name="Unreal_Mode">{{cite web |title=Unreal Mode |url=http://wiki.osdev.org/Unreal_Mode |access-date=2015-02-18 |url-status=live |archive-url=https://web.archive.org/web/20170103222752/http://wiki.osdev.org/Unreal_Mode |archive-date=2017-01-03}}</ref> | |||
<ref name="X86-64">{{cite web |title=X86-64 Instruction Coding |url=http://wiki.osdev.org/X86-64_Instruction_Encoding#Operand-size_and_address-size_override_prefix |access-date=2015-02-18 |url-status=live |archive-url=https://web.archive.org/web/20170103223543/http://wiki.osdev.org/X86-64_Instruction_Encoding |archive-date=2017-01-03}}</ref> | |||
<ref name="Domas_2015">{{cite web |author-first=Christopher |author-last=Domas |date=2015 |publisher=Battelle Memorial Institute |url=https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf |access-date=2017-01-04 |title=The Memory Sinkhole: An architectural privilege escalation vulnerability |url-status=live |archive-url=https://web.archive.org/web/20170105002958/https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf |archive-date=2017-01-05 |quote=The processor loads an architecturally defined system state "Unreal" mode}}</ref> | |||
<ref name="Gutmann_2004">{{cite book |author-last=Gutmann |author-first=Peter |author-link=Peter Gutmann (computer scientist) |url=https://archive.org/details/springer_10.1007-b97264 |access-date=2017-01-04 |title=Cryptographic Security Architecture: Design and Verification |date=2004 |orig-year=2003 |isbn=978-0-387-95387-8 |publisher=] |page= |quote= Unreal mode became so widely used that Intel was forced to support it in all later processors, although its presence was never documented }}</ref> | |||
<ref name="FRM">{{cite web |title=Flat Real Mode |url=https://dflund.se/~john_e/gems/gem0022.html |url-status=dead |archive-url=https://web.archive.org/web/20150818131329/https://dflund.se/~john_e/gems/gem0022.html |date=1998-03-16 |archive-date=2015-08-18}}</ref> | |||
<ref name="RBIL_80">{{cite web |author-first=Ralf D. |author-last=Brown |author-link=Ralf D. Brown |title=Interrupt List |url=https://www.cs.cmu.edu/~ralf/files.html |access-date=2017-10-14 |at=INT 80 (AMI BIOS)}}</ref> | |||
<ref name="RBIL_780000">{{cite web |author-first=Ralf D. |author-last=Brown |author-link=Ralf D. Brown |title=Interrupt List |url=https://www.cs.cmu.edu/~ralf/files.html |access-date=2017-10-14 |at=INT 78 (HugeRealMode Driver)}}</ref> | |||
<ref name="Grysztar_2010">{{cite web |author-first=Tomasz |author-last=Grysztar |title=unREAL Mode |url=https://board.flatassembler.net/topic.php?t=11940 |date=2010-09-17 |access-date=2017-10-14}}</ref> | |||
<ref name="Riiser_2004">{{cite newsgroup |author-first=Haakon |author-last=Riiser |title=HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs |url=https://groups.google.com/d/msg/comp.os.msdos.programmer/bkX3EW5drZg/LjowxgosZlAJ |newsgroup=comp.os.msdos.programmer |access-date=2017-10-14 |url-status=live |archive-url=https://archive.today/20190421214912/https://groups.google.com/forum/%23!msg/comp.os.msdos.programmer/bkX3EW5drZg/LjowxgosZlAJ |archive-date=2019-04-21}}</ref> | |||
<ref name="Darmawan_1">{{cite web |author-first=Darmawan |author-last=Salihun |title=System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems |url=https://sites.google.com/site/pinczakko/bios-articles/System%20Address%20Map%20Initialization%20in%20x86_x64%20-%20Part%201.pdf |date=2013-09-16 |access-date=2019-08-19}}</ref> | |||
<ref name="History">{{Cite web|url=http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/|title = A Brief History of Unreal Mode | OS/2 Museum}}</ref> | |||
<ref name="CNBlogs">{{cite web| url=https://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg | title=Modes graph | archive-url=https://web.archive.org/web/20230118185832/https://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg | archive-date=2023-01-18 | format=JPG}}</ref> | |||
}} | |||
==Further reading== | |||
] | |||
* {{cite book |title=IBM Operating System/2 Technical Reference - Programming Family |publisher=] |date=September 1987 |orig-year=1986 |volume=1 |edition=1st |url=http://bitsavers.informatik.uni-stuttgart.de/pdf/ibm/pc/os2/84X1434_OS2_Technical_Reference_Volume_1_Sep87.pdf |url-status=live |archive-url=https://web.archive.org/web/20170103220718/http://bitsavers.informatik.uni-stuttgart.de/pdf/ibm/pc/os2/84X1434_OS2_Technical_Reference_Volume_1_Sep87.pdf |archive-date=2017-01-03}} | |||
] | |||
* {{cite magazine |title=Four Gigabytes in Real Mode - A slick trick to access large memory spaces on the 80386 from DOS |series=386 Now |author-first=Thomas |author-last=Roden |date=November–December 1989 |magazine=Programmer's Journal - The Resource Journal for IBM PC Programmers |volume=7 |issue=6 |issn=0747-5861 |publisher=Oakley Publishing Company |publication-place=Eugene, Oregon, USA |location=Irvine, California, USA |pages=89–94 |url=https://www.unzcloud.net/PDF/PERIODICAL/ProgrammersJournal-1989nov/91-97// |access-date=2020-02-21 |url-status=live |archive-url=https://web.archive.org/web/20200221183757/https://www.unzcloud.net/PDF/PERIODICAL/ProgrammersJournal-1989nov/91-97// |archive-date=2020-02-21}} | |||
* {{cite magazine |title=DOS + 386 = 4 Gigabytes! |author-last=Williams |author-first=Al |magazine=] |publisher=] |date=July 1990 |volume=15 |pages=62–71 |url=https://archive.org/details/dr_dobbs_journal_vol_15/dr_dobbs_journal_vol_15}} Errata: | |||
* {{cite book |author-last=Williams |author-first=Al |title=DOS 5: A Developer's Guide - Advanced Programming Guide to DOS |chapter=Chapter 18: Accessing 4 Gigabytes in Real Mode |location=Redwood City, California, USA |publisher=] / ] |date=1991 |edition=1 |isbn=0-13-217993-8<!-- international ISBN with disk --> |pages=691–712 |url-access=registration |url=https://archive.org/details/dos5developersgu00will}} (NB. Implements "Big real mode" SEG4G.) | |||
* {{cite web |title=How to kick out a memory manager |author-first=Michel |author-last=Lespinasse |publisher=Walken / Impact Studios |location=Amiens, France |url=http://dgi_il.tripod.com/gemmis.txt |access-date=2015-10-21 |url-status=live |archive-url=https://web.archive.org/web/20170104093930/http://dgi_il.tripod.com/gemmis.txt |archive-date=2017-01-04}} | |||
* | |||
* The Unabridged Pentium 4: IA32 Processor Genealogy, Addison Wesley {{ISBN|0-321-24656-X}}. "Big real mode" | |||
* {{cite web |url=http://www.delorie.com/djgpp/doc/rbinter/it/91/37.html |title=Call HugeRealMode Server "Enable Two-Stage Interrupt Model" function}} | |||
* {{cite web |title=A Brief History of Unreal Mode |author-first=Michal |author-last=Necasek |date=2018-06-15 |work=OS/2 Museum |url=http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/ |access-date=2018-09-15 |url-status=live |archive-url=https://archive.today/20180915003042/http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/ |archive-date=2018-09-15 }} | |||
* {{cite web |url=http://www.rcollins.org/Productivity/DescriptorCache.html |title=Descriptor Cache Registers}} | |||
* {{cite book |title=DOS Internals |author-first=Geoff |author-last=Chappell |editor-first1=Andrew |editor-last1=Schulman |editor-first2=Amorette |editor-last2=Pedersen |date=January 1994 |edition=1st printing, 1st |series=The Andrew Schulman Programming Series |publisher=] |isbn=978-0-201-60835-9 }} (xxvi+738+iv pages, 3.5"-floppy ) Errata: | |||
* | |||
⚫ | ] | ||
] |
Latest revision as of 13:36, 26 January 2024
Variant of real mode in x86 computing
Part of a series on |
Microprocessor modes for the x86 architecture |
---|
|
First supported platform shown in parentheses |
In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.
Mechanism
For efficiency reasons, the 80286 and all later x86 processors use the base address, size and other attributes stored in their internal segment descriptor cache whenever computing effective memory addresses, even in real mode. Therefore, a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors.
A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any thunking. This makes an unreal mode driver simpler than a DPMI driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2.
Big real mode has a 1 MiB code segment and a 4 GiB data segment.
Uses
HIMEM.SYS uses this feature (both 286 and 386 variants) to address extended memory, unless DOS is switched to run in a virtual 8086 mode that is incompatible with unreal mode.
One of the very few games—if not the only one—that used unreal mode was Ultima VII.
Unreal mode is used by BIOS code as this is the initial mode of modern Intel processors. Furthermore, the System Management Mode (SMM) in Intel 386SL and later processors places the processor in huge real mode.
Some boot loaders (such as LILO) use the unreal mode to access up to 4 GiB of memory.
Enabling unreal mode
The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction LOADALL to modify the hidden segment base registers to point to the source or target memory location above 1 MiB.
To put an 80386 or higher microprocessor into unreal mode, a program must first enter protected mode, find or create a flat descriptor in the GDT or LDT, load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of extended memory from real mode.
Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix. This allows programs to use an address like DS:. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed.
Variants of unreal mode
As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode" or "big real mode". The term "unreal mode" was introduced in 1991 by Rakesh K. Agarwal.
32-bit code
The "huge real mode" (named in Ralf Brown's interrupt list) or "unREAL" mode (named by Tomasz Grysztar) adds the ability to run 32-bit code with a 4 GiB code segment. This is achieved by loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to 1. This mode allows for avoiding Operand Size Override prefixes normally required when using 32-bit addressing in 16-bit code segment, but is more difficult to set up due to interaction with interrupts.
The use of a 32-bit CS was described in Agarwal's 1991 article introducing the term "unreal mode". This mode is used in Grysztar's open-source FASM and Helix RM386, a commercial DOS Extender bundled by Logitech mouse drivers. Grysztar wrote a description of techniques used for entering this mode and handling interrupts in 2010. He also reports that most of the CPUs he tested supports this previously-unknown mode, with the exception of a CPU of unknown model ("I think it was manufactured by Cyrix") and in a later user report, the Bochs and DOSBox emulators.
See also
References
- Salihun, Darmawan (2013-09-16). "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems" (PDF). Retrieved 2019-08-19.
- Gutmann, Peter (2004) . Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. p. 58. ISBN 978-0-387-95387-8. Retrieved 2017-01-04.
Unreal mode became so widely used that Intel was forced to support it in all later processors, although its presence was never documented
- "Modes graph". Archived from the original (JPG) on 2023-01-18.
- ^ "Unreal Mode". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
- ^ Necasek, Michal (2011-03-18). "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2017-01-03.
- Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroup: comp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.
- "A Brief History of Unreal Mode | OS/2 Museum".
- Pelner, Jenny; Pelner, James. "Minimal Intel Architecture Boot Loader". Retrieved 2017-10-14.
- Domas, Christopher (2015). "The Memory Sinkhole: An architectural privilege escalation vulnerability" (PDF). Battelle Memorial Institute. Archived (PDF) from the original on 2017-01-05. Retrieved 2017-01-04.
The processor loads an architecturally defined system state "Unreal" mode
- "X86-64 Instruction Coding". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
- "Flat Real Mode". 1998-03-16. Archived from the original on 2015-08-18.
- Brown, Ralf D. "Interrupt List". INT 80 (AMI BIOS). Retrieved 2017-10-14.
- ^ Necasek, Michal (2018-06-15). "A Brief History of Unreal Mode". OS/2 Museum.
- Brown, Ralf D. "Interrupt List". INT 78 (HugeRealMode Driver). Retrieved 2017-10-14.
- Grysztar, Tomasz (2010-09-17). "unREAL Mode". Retrieved 2017-10-14.
Further reading
- IBM Operating System/2 Technical Reference - Programming Family (PDF). Vol. 1 (1st ed.). IBM. September 1987 . Archived (PDF) from the original on 2017-01-03.
- Roden, Thomas (November–December 1989). Written at Irvine, California, USA. "Four Gigabytes in Real Mode - A slick trick to access large memory spaces on the 80386 from DOS". Programmer's Journal - The Resource Journal for IBM PC Programmers. 386 Now. Vol. 7, no. 6. Eugene, Oregon, USA: Oakley Publishing Company. pp. 89–94. ISSN 0747-5861. Archived from the original on 2020-02-21. Retrieved 2020-02-21.
- Williams, Al (July 1990). "DOS + 386 = 4 Gigabytes!". Dr. Dobb's Journal. Vol. 15. People's Computer Company. pp. 62–71. Errata:
- Williams, Al (1991). "Chapter 18: Accessing 4 Gigabytes in Real Mode". DOS 5: A Developer's Guide - Advanced Programming Guide to DOS (1 ed.). Redwood City, California, USA: M&T Publishing, Inc. / Prentice Hall International (UK) Limited. pp. 691–712. ISBN 0-13-217993-8. (NB. Implements "Big real mode" SEG4G.)
- Lespinasse, Michel. "How to kick out a memory manager". Amiens, France: Walken / Impact Studios. Archived from the original on 2017-01-04. Retrieved 2015-10-21.
- Intel IA-32 Software Developer's Manual - Volume 3A
- The Unabridged Pentium 4: IA32 Processor Genealogy, Addison Wesley ISBN 0-321-24656-X. "Big real mode"
- "Call HugeRealMode Server "Enable Two-Stage Interrupt Model" function".
- Necasek, Michal (2018-06-15). "A Brief History of Unreal Mode". OS/2 Museum. Archived from the original on 2018-09-15. Retrieved 2018-09-15.
- "Descriptor Cache Registers".
- Chappell, Geoff (January 1994). Schulman, Andrew; Pedersen, Amorette (eds.). DOS Internals. The Andrew Schulman Programming Series (1st printing, 1st ed.). Addison Wesley Publishing Company. ISBN 978-0-201-60835-9. (xxvi+738+iv pages, 3.5"-floppy ) Errata:
- Method for expanding addressable memory range in real-mode processing to facilitate loading of large programs into high memory