Ricky Zhang
rickycheung@21cn.com
2005-2-14
1、实验目的:
了解Minix如何封装中断调用,并如本身内核消息传递机制融合。
2、实验目标:
动态上跟踪:在Bochs上,对系统的键盘中断调用代码/kernel/Mpx386.s的hwint_master01加断点,续步跟踪了解。
静态上跟踪:与系统中断有关源代码有,/kernel/Mpx386.s(待续)
3、实验步骤:
动态跟踪笔记:
一、把Minix的内核映像(/minix/XXX)上传到windows上,用任何反编译器反汇编(Debug也可以,但我用了W32Dasm)。
用sti为关键字找到/kernel/Mpx386.s的hwint_master01代码段,源码中在中断汇编代码使用了宏
----------------/kernel/Mpx386.s的hwint_master01代码段-------------------------------
!*===========================================================================*
!* hwint00 - 07 *
!*===========================================================================*
! Note this is a macro, it looks like a subroutine.
#define hwint_master(irq) call save /* save interrupted process state */; inb INT_CTLMASK ; orb al, [1<<irq] ; outb INT_CTLMASK /* disable the irq */; movb al, ENABLE ; outb INT_CTL /* reenable master 8259 */; sti /* enable interrupts */; push irq /* irq */; call (_irq_table + 4*irq) /* eax = (*irq_table[irq])(irq) */; pop ecx ; cli /* disable interrupts */; test eax, eax /* need to reenable irq? */; jz 0f ; inb INT_CTLMASK ; andb al, ~[1<<irq] ; outb INT_CTLMASK /* enable the irq */;0: ret /* restart (another) process */
! Each of these entry points is an expansion of the hwint_master macro
.align 16
_hwint00: ! Interrupt routine for irq 0 (the clock).
hwint_master(0)
.align 16
_hwint01: ! Interrupt routine for irq 1 (keyboard)
hwint_master(1)
--------------------------------------------------------------------------------------------------
------------------------------------对应/kernel/Mpx386.s的hwint_master01的内核映像反汇编的结果
:000002F1 E8CB020000 call 000005C1
:000002F6 E421 in al, 21
:000002F8 0C02 or al, 02
:000002FA E621 out 21, al
:000002FC B020 mov al, 20
:000002FE E620 out 20, al
:00000300 FB sti
:00000301 6A01 push 00000001
:00000303 FF15C86C0000 call dword ptr [00006CC8]
:00000309 59 pop ecx
:0000030A FA cli
:0000030B 85C0 test eax, eax
:0000030D 7406 je 00000315
:0000030F E421 in al, 21
:00000311 24FD and al, FD
:00000313 E621 out 21, al
:00000315 C3 ret
:00000316 00000000000000000000 BYTE 10 DUP(0)
:00000320 00 BYTE 0
---------------------------------------------------------------------------------------------------------------------------------
2、从笔记一中提到,由Secondary Boot把minix的映像文件(在/minix下),装载到内存物理0x00800地址上(源码在/boot/boot.h下定义'#define MINIXPOS 0x00800L /* Minix is loaded here (rounded up towards)')
3、用bochs的debug功能bochsdbg,添加一个物理地址的断点
因为minix映象在内存的物理开始地址是0x00800,而hwint_master01的偏移是0x000002F1 (里面有200h的a.out.h的头,因些要减去200h),所以在内存中hwint01的物理开始地址是0x00800+0x002F1-200h-1h=0x8f0
在bochs的后台,按Ctrl+C,停机
<bochs:32> pb 0x08f0 //物理地址断点
<bochs:33> c // continue
4、回到minix,随意按一外键
5、Bochs自动进入debug
(0) Breakpoint 4, 0x8f0 in ?? ()
Next at t=2340001600
(0) [0x000008f0] 0030:000000f0 (unk. ctxt): call 0x3c0 ; e8cb0200
00
<bochs:46>
6、开始进入Hwint01的中断陷入部分.
7、待续跟踪中....
(待扩展的是静态源码跟踪)
