Andrey and I took Jeff's suggestion and looked at the X11 x86 emulator,
and it was good enough to make it worth extracting from the X11 source
tree. So Andrey did it, and I have been pounding it into usable shape,
minux X11 encumbrances.
So freebios/utils/vgabios contains the following x86 emulator:
* Realmode X86 Emulator Library
*
* Copyright (C) 1996-1999 SciTech Software, Inc.
* Copyright (C) David Mosberger-Tang
* Copyright (C) 1999 Egbert Eich
There is a test program, testbios, used as follows:
./testbios <BIOS file> <size> <Physical address space location> <EIP> <CS>
For example, suppose you want to try running your machine's bios and you
know it lives at 0xfffe0000 in /dev/mem. It needs to be in x86 space at
0xe0000. You want the initial CS:IP to be the reset vector
(0xf000:0xfff0). You would do something like this:
# tmmap dumps chunks of /dev/mem to files
# 0xfffe is the top 16 bits of the address. Due to a long-running strtol
# bug.
tmmap 0xfffe 0x20000 > /tmp/it
# now run testbios using that BIOS
./testbios /tmp/it 0x20000 0xe0000 0xfff0 0xf000
The one fix I have already made is that the emulator as it exists in X11
did not properly handle 0x66-prefix jump instructions. That is now fixed.
The emulator is well-written enough that the fix is about 4 lines of code.
I regret knowing enough about the x86 that I was able to find and fix the
problem in a few minutes.
Be real careful with this. I have enabled I/O. If I run that BIOS much
further it locks up my machine since it resets the memory controller. You
can really make a mess of your system if you start having a BIOS do random
things to it!
Here is a sample run. Sorry for the formmatting problems. It is in
single-step mode and to step the next instruction you type 't'.
[root@localhost emu]# ./testbios /tmp/it 0x20000 0xe0000 0xfff0 0xf000
0:0 -t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=f000 IP=fff5 NV UP DI PL NZ NA PO NC
f000:fff0 eae04f00fb JMP FAR fb00:4fe0
f000:fff0 -t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=fb00 IP=4fe5 NV UP DI PL NZ NA PO NC
fb00:4fe0 ea000000fb JMP FAR fb00:0000
fb00:4fe0 -t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=fb00 IP=0001 NV UP DI PL NZ NA PO NC
fb00:0000 66 DATA:
fb00:0 -t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=fb00 IP=0006 NV UP DI PL NZ NA PO NC
fb00:0001 e914080000 JMP 081a
fb00:1 -t
AX=0000 BX=0000 CX=0000 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
DS=0000 ES=0000 SS=0000 CS=fb00 IP=081c NV UP DI PL NZ NA PO NC
fb00:081a 8cc8 MOV AX,CS
fb00:81a -
