保护操作系统（4）

保护操作系统（3）
对异常的支持
2026-02-05 19:13:21 +08:00 · 2016-05-04 18:57:39 +08:00 · 2016-05-04 18:14:40 +08:00 · 2016-05-04 18:11:53 +08:00 · 2016-05-04 17:53:44 +08:00 · 2016-05-04 17:15:26 +08:00
12 changed files with 130 additions and 20 deletions
--- a/21_day/Makefile
+++ b/21_day/Makefile
@@ -67,8 +67,17 @@ hello3.hrb : hello3.bim Makefile
 haribote.sys : asmhead.bin bootpack.hrb Makefile
 	copy /B asmhead.bin+bootpack.hrb haribote.sys

+crack1.bim : crack1.obj Makefile
+	$(OBJ2BIM) @$(RULEFILE) out:crack1.bim map:crack1.map crack1.obj a_nask.obj
+
+crack1.hrb : crack1.bim Makefile
+	$(BIM2HRB) crack1.bim crack1.hrb 0
+
+crack2.hrb : crack2.nas Makefile
+	$(NASK) crack2.nas crack2.hrb crack2.lst
+
 haribote.img : ipl10.bin haribote.sys Makefile \
-		hello.hrb hello2.hrb a.hrb hello3.hrb
+		hello.hrb hello2.hrb a.hrb hello3.hrb crack1.hrb crack2.hrb
 	$(EDIMG)   imgin:../z_tools/fdimg0at.tek \
 		wbinimg src:ipl10.bin len:512 from:0 to:0 \
 		copy from:haribote.sys to:@: \
@@ -78,6 +87,8 @@ haribote.img : ipl10.bin haribote.sys Makefile \
 		copy from:hello2.hrb to:@: \
 		copy from:a.hrb to:@: \
 		copy from:hello3.hrb to:@: \
+		copy from:crack1.hrb to:@: \
+		copy from:crack2.hrb to:@: \
 		imgout:haribote.img

 # 其他指令
--- a/21_day/a.c
+++ b/21_day/a.c
@@ -1,7 +1,8 @@
 void api_putchar(int c);
+void api_end(void);

 void HariMain(void)
 {
 	api_putchar('A');
-	return;
+	api_end();
 }
--- a/21_day/a_nask.nas
+++ b/21_day/a_nask.nas
@@ -4,6 +4,7 @@
 [FILE "a_nask.nas"]		; 源文件名信息

 		GLOBAL	_api_putchar
+		GLOBAL	_api_end

 [SECTION .text]

@@ -12,3 +13,6 @@ _api_putchar:	; void api_putchar(int c);
 		MOV		AL,[ESP+4]		; c
 		INT		0x40
 		RET
+_api_end: ; void api_end(void); 
+		MOV			EDX,4
+		INT			0x40
--- a/21_day/bootpack.h
+++ b/21_day/bootpack.h
@@ -24,6 +24,7 @@ void load_idtr(int limit, int addr);
 int load_cr0(void);
 void store_cr0(int cr0);
 void load_tr(int tr);
+void asm_inthandler0d(void);
 void asm_inthandler20(void);
 void asm_inthandler21(void);
 void asm_inthandler27(void);
@@ -32,6 +33,7 @@ unsigned int memtest_sub(unsigned int start, unsigned int end);
 void farjmp(int eip, int cs);
 void farcall(int eip, int cs);
 void asm_hrb_api(void);
+void start_app(int eip, int cs, int esp, int ds, int *tss_esp0);

 /* fifo.c */
 struct FIFO32 {
@@ -245,7 +247,8 @@ void cmd_cls(struct CONSOLE *cons);
 void cmd_dir(struct CONSOLE *cons);
 void cmd_type(struct CONSOLE *cons, int *fat, char *cmdline);
 int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline);
-void hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int eax);
+int *hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int eax);
+int *inthandler0d(int *esp);

 /* file.c */
 struct FILEINFO {
--- a/21_day/console.c
+++ b/21_day/console.c
@@ -237,7 +237,6 @@ void cmd_type(struct CONSOLE *cons, int *fat, char *cmdline)
 	struct MEMMAN *memman = (struct MEMMAN *) MEMMAN_ADDR;
 	struct FILEINFO *finfo = file_search(cmdline + 5, (struct FILEINFO *) (ADR_DISKIMG + 0x002600), 224);
 	char *p;
-	int i;
 	if (finfo != 0) {
 		/*找到文件的情况*/
 		p = (char *) memman_alloc_4k(memman, finfo->size);
@@ -257,7 +256,8 @@ int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline)
 	struct MEMMAN *memman = (struct MEMMAN *) MEMMAN_ADDR;
 	struct FILEINFO *finfo;
 	struct SEGMENT_DESCRIPTOR *gdt = (struct SEGMENT_DESCRIPTOR *) ADR_GDT;
-	char name[18], *p;
+	char name[18], *p, *q;
+	struct TASK *task = task_now();
 	int i;

 	/*根据命令行生成文件名*/
@@ -284,9 +284,11 @@ int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline)
 	if (finfo != 0) {
 		/*找到文件的情况*/
 		p = (char *) memman_alloc_4k(memman, finfo->size);
+		q = (char *) memman_alloc_4k(memman, 64 * 1024);
 		*((int *) 0xfe8) = (int) p;
 		file_loadfile(finfo->clustno, finfo->size, p, fat, (char *) (ADR_DISKIMG + 0x003e00));
-		set_segmdesc(gdt + 1003, finfo->size - 1, (int) p, AR_CODE32_ER);
+		set_segmdesc(gdt + 1003, finfo->size - 1, (int) p, AR_CODE32_ER + 0x60);
+		set_segmdesc(gdt + 1004, 64 * 1024 - 1, (int) q, AR_DATA32_RW + 0x60);
 		if (finfo->size >= 8 && strncmp(p + 4, "Hari", 4) == 0) {
 			p[0] = 0xe8;
 			p[1] = 0x16;
@@ -295,8 +297,9 @@ int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline)
 			p[4] = 0x00;
 			p[5] = 0xcb;
 		} 
-		farcall(0, 1003 * 8);
+		start_app(0, 1003 * 8, 64 * 1024, 1004 * 8, &(task->tss.esp0));
 		memman_free_4k(memman, (int) p, finfo->size);
+		memman_free_4k(memman, (int) q, 64 * 1024);
 		cons_newline(cons);
 		return 1;
 	}
@@ -304,9 +307,10 @@ int cmd_app(struct CONSOLE *cons, int *fat, char *cmdline)
 	return 0;
 }

-void hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int eax)
+int *hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int eax)
 {
 	int cs_base = *((int *) 0xfe8);
+	struct TASK *task = task_now();
 	struct CONSOLE *cons = (struct CONSOLE *) *((int *) 0x0fec);
 	if (edx == 1) {
 		cons_putchar(cons, eax & 0xff, 1);
@@ -314,6 +318,16 @@ void hrb_api(int edi, int esi, int ebp, int esp, int ebx, int edx, int ecx, int
 		cons_putstr0(cons, (char *) ebx + cs_base);
 	} else if (edx == 3) {
 		cons_putstr1(cons, (char *) ebx + cs_base, ecx);
+	} else if (edx == 4) {
+		return &(task->tss.esp0);
 	}
-	return;
+	return 0;
+}
+
+int *inthandler0d(int *esp)
+{
+	struct CONSOLE *cons = (struct CONSOLE *) *((int *) 0x0fec);
+	struct TASK *task = task_now();
+	cons_putstr0(cons, "\nINT 0D :\n General Protected Exception.\n");
+	return &(task->tss.esp0);	/*强制结束程序*/
 }
--- a/21_day/crack1.c
+++ b/21_day/crack1.c
@@ -0,0 +1,7 @@
+void api_end(void);
+
+void HariMain(void)
+{
+	*((char *) 0x00102600) = 0;
+	api_end();
+}
--- a/21_day/crack2.nas
+++ b/21_day/crack2.nas
@@ -0,0 +1,7 @@
+[INSTRSET "i486p"]
+[BITS 32]
+		MOV		EAX,1*8			; OS用的段号
+		MOV		DS,AX				; 将其存入DS
+		MOV		BYTE [0x102600],0
+		MOV		EDX,4
+		INT		0x40
--- a/21_day/dsctbl.c
+++ b/21_day/dsctbl.c
@@ -23,11 +23,12 @@ void init_gdtidt(void)
 	load_idtr(LIMIT_IDT, ADR_IDT);

 	/* IDT设置*/
+	set_gatedesc(idt + 0x0d, (int) asm_inthandler0d, 2 * 8, AR_INTGATE32);
 	set_gatedesc(idt + 0x20, (int) asm_inthandler20, 2 * 8, AR_INTGATE32);
 	set_gatedesc(idt + 0x21, (int) asm_inthandler21, 2 * 8, AR_INTGATE32);
 	set_gatedesc(idt + 0x27, (int) asm_inthandler27, 2 * 8, AR_INTGATE32);
 	set_gatedesc(idt + 0x2c, (int) asm_inthandler2c, 2 * 8, AR_INTGATE32);
-	set_gatedesc(idt + 0x40, (int) asm_hrb_api, 2 * 8, AR_INTGATE32);
+	set_gatedesc(idt + 0x40, (int) asm_hrb_api, 2 * 8, AR_INTGATE32 + 0x60); 

 	return;
 }
--- a/21_day/hello.nas
+++ b/21_day/hello.nas
@@ -10,6 +10,7 @@ putloop:
 		ADD		ECX,1
 		JMP		putloop
 fin:
-		RETF
+		MOV 	EDX,4
+		INT		0x40
 msg:
 		DB	"hello",0
--- a/21_day/hello2.nas
+++ b/21_day/hello2.nas
@@ -3,6 +3,7 @@
 		MOV		EDX,2
 		MOV		EBX,msg
 		INT		0x40
-		RETF
+		MOV 	EDX,4
+		INT		0x40
 msg:
 		DB	"hello",0
--- a/21_day/hello3.c
+++ b/21_day/hello3.c
@@ -1,4 +1,5 @@
 void api_putchar(int c);
+void api_end(void);

 void HariMain(void)
 {
@@ -7,5 +8,5 @@ void HariMain(void)
 	api_putchar('l');
 	api_putchar('l');
 	api_putchar('o');
-	return;
+	api_end();
 }
--- a/21_day/naskfunc.nas
+++ b/21_day/naskfunc.nas
@@ -15,11 +15,13 @@
 		GLOBAL	_load_tr
 		GLOBAL	_asm_inthandler20, _asm_inthandler21
 		GLOBAL	_asm_inthandler27, _asm_inthandler2c
+		GLOBAL	_asm_inthandler0d
 		GLOBAL	_memtest_sub
 		GLOBAL	_farjmp, _farcall
-		GLOBAL	_asm_hrb_api
+		GLOBAL	_asm_hrb_api, _start_app
 		EXTERN	_inthandler20, _inthandler21
 		EXTERN	_inthandler27, _inthandler2c
+		EXTERN	_inthandler0d
 		EXTERN	_hrb_api

 [SECTION .text]
@@ -176,6 +178,26 @@ _asm_inthandler2c:
 		POP		ES
 		IRETD

+_asm_inthandler0d:
+		STI
+		PUSH	ES
+		PUSH	DS
+		PUSHAD
+		MOV		EAX,ESP
+		PUSH	EAX
+		MOV		AX,SS
+		MOV		DS,AX
+		MOV		ES,AX
+		CALL	_inthandler0d
+		CMP		EAX,0		
+		JNE		end_app		
+		POP		EAX
+		POPAD
+		POP		DS
+		POP		ES
+		ADD		ESP,4			; INT 0x0d需要这句
+		IRETD
+
 _memtest_sub:	; unsigned int memtest_sub(unsigned int start, unsigned int end)
 		PUSH	EDI						; （由于还要使用EBX, ESI, EDI）
 		PUSH	ESI
@@ -210,18 +232,55 @@ mts_fin:
 		RET

 _farjmp:		; void farjmp(int eip, int cs);
-		JMP    FAR [ESP+4]    ; eip, cs
+		JMP		FAR	[ESP+4]				; eip, cs
 		RET

 _farcall:		; void farcall(int eip, int cs);
-		CALL		FAR [ESP+4]     ; eip, cs
+		CALL	FAR	[ESP+4]				; eip, cs
 		RET

 _asm_hrb_api:
 		STI
-		PUSHAD		; 用于保存寄存器值的PUSH
-		PUSHAD		; 用于向hrb_api传值的PUSH
-		CALL		_hrb_api
-		ADD			ESP,32
+		PUSH	DS
+		PUSH	ES
+		PUSHAD			; 用于保存的PUSH
+		PUSHAD			; 用于向hrb_api传值的PUSH
+		MOV		AX,SS
+		MOV			DS,AX ; 将操作系统用段地址存入DS和ES
+		MOV		ES,AX
+		CALL	_hrb_api
+		CMP			EAX,0 ; 当EAX不为0时程序结束
+		JNE		end_app
+		ADD		ESP,32
 		POPAD
+		POP		ES
+		POP		DS
 		IRETD
+end_app:
+;	EAX为tss.esp0的地址
+		MOV		ESP,[EAX]
+		POPAD
+		RET			; 返回cmd_app
+
+_start_app:		; void start_app(int eip, int cs, int esp, int ds, int *tss_esp0);
+		PUSHAD								; 将32位寄存器的值全部保存起来
+		MOV			EAX,[ESP+36]	; 应用程序用EIP
+		MOV			ECX,[ESP+40]	; 应用程序用CS
+		MOV			EDX,[ESP+44]	; 应用程序用ESP
+		MOV			EBX,[ESP+48]	; 应用程序用DS/SS
+		MOV			EBP,[ESP+52]	; tss.esp0的地址
+		MOV			[EBP ],ESP		; 保存操作系统用ESP
+		MOV			[EBP+4],SS		; 保存操作系统用SS
+		MOV		ES,BX
+		MOV		DS,BX
+		MOV		FS,BX
+		MOV		GS,BX
+; 下面调整栈，以免用RETF跳转到应用程序
+		OR			ECX,3 				; 将应用程序用段号和3进行OR运算
+		OR      EBX,3 				; 将应用程序用段号和3进行OR运算
+		PUSH		EBX						; 应用程序的SS
+		PUSH		EDX						; 应用程序的ESP
+		PUSH		ECX						; 应用程序的CS
+		PUSH		EAX						; 应用程序的EIP
+		RETF
+; 应用程序结束后不会回到这里
Author	SHA1	Message	Date
Yourtion	e846dbd700	保护操作系统（4）	2016-05-04 18:57:39 +08:00
Yourtion	4241eb28d8	保护操作系统（3）	2016-05-04 18:14:40 +08:00
Yourtion	154a2c5791	对异常的支持	2016-05-04 18:11:53 +08:00
Yourtion	0fd3455e42	保护操作系统（2）	2016-05-04 17:53:44 +08:00
Yourtion	17b146940c	保护操作系统（1）	2016-05-04 17:15:26 +08:00