How to load FREEBSD
To begin with, we will describe the patient. I disassembled FREEBSD 8.0 Stable, namely the most minimal image for booting from CD-ROM (44 MB). I chose it because it is the smallest and most convenient (for the proceedings).
So, the start for loading is standard - at address 0000: 7C00 the boot sector is loaded (just do not forget that the CD-ROM sector has 2 Kb each), and it is launched for execution. As it turned out, with this CD-ROM, this sector is also a file / boot / cdboot, 1201 bytes in size. This file consists of two parts - the main and a small stub, which will be needed later. That is, we have a memory card like this:
')
What does this file CDBOOT? Pretty much everything. First, it loads the / boot / loader file at 0000: 9000, but immediately transfers it to the area under two megabytes (00200000). This file consists of three parts. Let's call them BTXLDR, BTX and LOADER.
Then he transfers the BTX back (to address 0000: 9000).
Then he transfers the stub to the address 0000: A000 and launches the BTX program (from the address 0000: 9000). That's all, CDBOOT doesn't work anymore, so we won't draw it:
BTX works further. The only task of this program is to set up a protected mode environment and start another program (from the address A000). Therefore, BTX configures interrupts, a table of descriptors, a task segment, and other wisdom of protected mode and starts the program from address A000. And there, as you can see, we have a stub. So it starts.
The stub is a stub and that does almost nothing. It causes a 30H interrupt with EAX = 1, passing the address 00200000 by the parameter. This interrupt is intercepted by the BTX and it starts to process it. This interruption in BTX means the EXEC function, that is, “start the program from the given address”. Since the address is 00200000, BTXLDR is launched.
BTXLDR is needed to solve one problem: the LOADER file is a standard ELF file typical of FREEBSD (and not only). But the kernel is not there yet, and there is no one to handle such files. Therefore, BTXLDR simply converts the ELF file into a regular set of codes, without any headers. After this, the LOADER is transferred to the address 0000: A000.
And then ... There is a transition to the address 0000: 9000. There we have a BTX. Yes! BTX is working the second time. As you remember, it sets up protected mode and starts the program from address 0000: A000. That's just where there is no longer a stub, but a full-fledged program - LOADER, without any headers, only the code.
To tell what a LOADER is, you need not one article, but this one will end here. If anyone is interested, then articles about LOADER will appear soon.
So, the start for loading is standard - at address 0000: 7C00 the boot sector is loaded (just do not forget that the CD-ROM sector has 2 Kb each), and it is launched for execution. As it turned out, with this CD-ROM, this sector is also a file / boot / cdboot, 1201 bytes in size. This file consists of two parts - the main and a small stub, which will be needed later. That is, we have a memory card like this:
')
What does this file CDBOOT? Pretty much everything. First, it loads the / boot / loader file at 0000: 9000, but immediately transfers it to the area under two megabytes (00200000). This file consists of three parts. Let's call them BTXLDR, BTX and LOADER.
Then he transfers the BTX back (to address 0000: 9000).
Then he transfers the stub to the address 0000: A000 and launches the BTX program (from the address 0000: 9000). That's all, CDBOOT doesn't work anymore, so we won't draw it:
BTX works further. The only task of this program is to set up a protected mode environment and start another program (from the address A000). Therefore, BTX configures interrupts, a table of descriptors, a task segment, and other wisdom of protected mode and starts the program from address A000. And there, as you can see, we have a stub. So it starts.
The stub is a stub and that does almost nothing. It causes a 30H interrupt with EAX = 1, passing the address 00200000 by the parameter. This interrupt is intercepted by the BTX and it starts to process it. This interruption in BTX means the EXEC function, that is, “start the program from the given address”. Since the address is 00200000, BTXLDR is launched.
BTXLDR is needed to solve one problem: the LOADER file is a standard ELF file typical of FREEBSD (and not only). But the kernel is not there yet, and there is no one to handle such files. Therefore, BTXLDR simply converts the ELF file into a regular set of codes, without any headers. After this, the LOADER is transferred to the address 0000: A000.
And then ... There is a transition to the address 0000: 9000. There we have a BTX. Yes! BTX is working the second time. As you remember, it sets up protected mode and starts the program from address 0000: A000. That's just where there is no longer a stub, but a full-fledged program - LOADER, without any headers, only the code.
To tell what a LOADER is, you need not one article, but this one will end here. If anyone is interested, then articles about LOADER will appear soon.
Source: https://habr.com/ru/post/131679/
All Articles