Path: utzoo!attcan!uunet!peregrine!ccicpg!turnkey!conexch!rob From: rob@conexch.UUCP (Robert Collins) Newsgroups: comp.sys.intel Subject: Re: Returning the 80286 to Real Mode Message-ID: <11367@conexch.UUCP> Date: 4 Nov 88 08:44:09 GMT References: <1081@xenon.idec.stc.co.uk> Reply-To: rob@conexch.UUCP (PUT YOUR NAME HERE) Organization: The Consultants' Exchange, Orange County, CA. (714) 842-6348 Lines: 56 In article <1081@xenon.idec.stc.co.uk> sanders@idec.stc.co.uk (Tom Sanders) writes: > > Rumour has it that it is possible to switch the 80286 back to real mode > once having gone protected. Can anyone advise me how this is done? > It is quite possible to return to real mode. Remember, IBM and everybody else MUST perform memory testing in protected mode. When YOU get control of your computer, you are in REAL mode. One of the many reasons software engineers HATE the 80286 is because of the lack of a built-in mechanism for switching to REAL mode from protected mode. The 386 has this feature built in. But, in the 286, the proccess in quite involved. The process involves actually shutting down the processor. This is typically done by sending a command to the keyboard controller (yeah, the keyboard controller). But here is a synopsis of exiting to real mode from protected mode. * While in real mode, write a byte to CMOS to indicate the 'type' of shutdown that will occur (Kludge #1) * While in real mode, write the return address (real mode address) down in 40:XXX. (Kludge #2) * Enter protected mode * Write the appropriate command to the keyboard controller to shutdown the processor. (KLUDGE #3) If memory serves me correctly, IBM states that the processor shutdown will typically take 60ms to take place. One the processor shuts down, you go executing the ROM BIOS @ F000:FFF0. Before POST (Power On Self Test), the BIOS checks for a 'magic' byte down in CMOS. IF such a magic byte appears, then POST says "Oh, I get it, I'm really returning from protected mode." (What is completely hidden from you, at this point, is the fact that when the processor is reset, it automatically is in REAL mode.) After POST determines there is a 'magic' byte in CMOS, he goes and does a FAR JUMP to the location you put in memory @ 40:XXX. (Kludge #4) So, the bottom line is this: Kludge #3 takes ~60ms. Kludge #4 takes another few ms. In other words, it's SLOW! There is another MUCH more elegant way to cause a processor shutdown without using the keyboard controller. In fact, it takes ~1ms (or less). This method involves telling the processor you will service NO interrupts, (lidt to a idt w/ 0 entries), then generate an interrupt. Since the processor can't service the interrupt, it generates an exception. The exception also can't be service (since you hosed IDT), which will in turn will reset the processor. The former method is rather well documented in magazines, and the IBM tech-ref manual. The latter method was developed by a friend of mine, so I don't feel comfortable telling any more than I already have. But I will give you a hint: executing a 386 instruction on the 286 will cause the desired exception. I'll let you figure out the most elegant 386 instruction to use for this purpose! -- "Worship the Lord your God, and serve him only." Mat. 4:10 Robert Collins UUCP: ucbvax!ucivax!icnvax!conexch!rob HOMENET: (714) 995-7344 UUCP: uunet!ccicpg!turnkey!conexch!rob WORKNET: (714) 229-0284