Memory Map (x86): Difference between revisions
[unchecked revision] | [unchecked revision] |
m fixed formatting |
→External Links: update link to archive link |
||
(23 intermediate revisions by 19 users not shown) | |||
Line 1: | Line 1: | ||
This article describes the contents of the computer's physical memory at the moment that the BIOS jumps to your bootloader code. |
This article describes the contents of the computer's physical memory at the moment that the BIOS jumps to your bootloader code. |
||
== |
== Real mode address space (< 1 MiB)== |
||
When a typical x86 PC boots it will be in [[Real Mode]], with an active [[BIOS]]. During the time the CPU remains in Real Mode, IRQ0 (the clock) |
When a typical x86 PC boots it will be in [[Real Mode]], with an active [[BIOS]]. During the time the CPU remains in Real Mode, IRQ0 (the clock) |
||
Line 7: | Line 7: | ||
This means that during the PC boot process, the Real Mode IVT (see below) must be carefully preserved, because it is being used. |
This means that during the PC boot process, the Real Mode IVT (see below) must be carefully preserved, because it is being used. |
||
When the IVT is activated by an IRQ, it will call a BIOS routine to handle the IRQ. |
When the [[IVT]] is activated by an [[IRQ]], it will call a BIOS routine to handle the IRQ. |
||
Bootloaders will also access [[BIOS |
Bootloaders will also access [[BIOS#BIOS functions|BIOS functions]]. This means that the two memory workspaces that the BIOS uses (the BDA and the EBDA) must also |
||
be carefully preserved during boot. Also, every time the BIOS handles an IRQ0 (18 times a second), several bytes in the BDA get overwritten by the BIOS |
be carefully preserved during boot. Also, every time the BIOS handles an IRQ0 (18 times a second), several bytes in the BDA get overwritten by the BIOS |
||
-- so do not attempt to store anything there while IRQs are active in Real Mode. |
-- so do not attempt to store anything there while IRQs are active in Real Mode. |
||
Line 14: | Line 14: | ||
After all the BIOS functions have been called, and your kernel is loaded into memory somewhere, the bootloader or kernel may exit Real Mode |
After all the BIOS functions have been called, and your kernel is loaded into memory somewhere, the bootloader or kernel may exit Real Mode |
||
forever (often by going into 32bit [[Protected Mode]]). If the kernel never uses Real Mode again, then the first 0x500 bytes of memory in the |
forever (often by going into 32bit [[Protected Mode]]). If the kernel never uses Real Mode again, then the first 0x500 bytes of memory in the |
||
PC may be reused and overwritten. (However, it is very common to temporarily return to Real Mode in order to change the [[Video Display Mode]].) |
PC may be reused and overwritten. (However, it is very common to temporarily return to Real Mode in order to change the [[How_do_I_set_a_graphics_mode|Video Display Mode]].) |
||
When the CPU is in Protected Mode, [[System Management Mode]] (SMM) is still invisibly active, and cannot be shut off. SMM also seems to |
When the CPU is in Protected Mode, [[System Management Mode]] (SMM) is still invisibly active, and cannot be shut off. SMM also seems to |
||
Line 20: | Line 20: | ||
Note: the EBDA is a variable-sized memory area (on different BIOSes). If it exists, it is always immediately below 0xA0000 in memory. |
Note: the EBDA is a variable-sized memory area (on different BIOSes). If it exists, it is always immediately below 0xA0000 in memory. |
||
It is absolutely guaranteed to be |
It is absolutely guaranteed to be at most 128 KiB in size. Older computers typically uses 1 KiB from 0x9FC00 - 0x9FFFF, modern firmware can be found using significantly more. |
||
You can determine the size of the EBDA by using BIOS function [[INT 12h]], or |
You can determine the size of the EBDA by using BIOS function [[Detecting Memory (x86)#Detecting Low Memory|INT 12h]], or by examining the word at 0x413 in the BDA (see below). |
||
Both of those methods will tell you |
Both of those methods will tell you how much conventional memory is usable before the EBDA. |
||
It should also be noted that your bootloader code is |
It should also be noted that your bootloader code is loaded and running in memory at physical addresses 0x7C00 through 0x7DFF. So that memory |
||
area is likely to also be unusable until execution has been transferred to a second stage bootloader, or to your kernel. |
area is likely to also be unusable until execution has been transferred to a second stage bootloader, or to your kernel. |
||
===Overview=== |
===Overview=== |
||
(all values except KiBs are in hex) |
|||
{| {{wikitable}} |
{| {{wikitable}} |
||
Line 36: | Line 34: | ||
! end |
! end |
||
! size |
! size |
||
! type |
|||
! description |
! description |
||
! colspan=2 | type |
|||
|- |
|- |
||
! colspan= |
! colspan=6 | Real mode address space (the first MiB) |
||
|- |
|- |
||
| 0x00000000 |
|||
| 00000000 |
|||
| 0x000003FF |
|||
| 000003FF |
|||
| |
| 1 KiB |
||
| RAM - partially unusable (see above) |
|||
| Real Mode IVT (Interrupt Vector Table) |
| Real Mode IVT (Interrupt Vector Table) |
||
| rowspan=2 | unusable in real mode |
|||
| rowspan=6 | 640 KiB RAM ("Low memory") |
|||
|- |
|- |
||
| 0x00000400 |
|||
| 00000400 |
|||
| 0x000004FF |
|||
| 000004FF |
|||
| 256 bytes |
|||
| 100 |
|||
| RAM - partially unusable (see above) |
|||
| BDA (BIOS data area) |
| BDA (BIOS data area) |
||
|- |
|- |
||
| 0x00000500 |
|||
| 00000500 |
|||
| 0x00007BFF |
|||
| 00007BFF |
|||
| |
| 29.75 KiB |
||
| RAM (guaranteed free for use) |
|||
| Conventional memory |
| Conventional memory |
||
| rowspan=3 | usable memory |
|||
|- |
|- |
||
| 0x00007C00 |
|||
| 00007C00 (typical location) |
|||
| 0x00007DFF |
|||
| 00007DFF |
|||
| 512 bytes |
|||
| 200 |
|||
| RAM - partially unusable (see above) |
|||
| Your OS BootSector |
| Your OS BootSector |
||
|- |
|- |
||
| 0x00007E00 |
|||
| 00007E00 |
|||
| 0x0007FFFF |
|||
| 0007FFFF |
|||
| |
| 480.5 KiB |
||
| RAM (guaranteed free for use) |
|||
| Conventional memory |
| Conventional memory |
||
|- |
|- |
||
| 0x00080000 |
|||
| 00080000 |
|||
| 0x0009FFFF |
|||
| 0009FBFF |
|||
| 128 KiB |
|||
| 1FC00 (approximately 120 KiB) |
|||
| RAM (free for use, <b>if it exists</b>) |
|||
| Conventional memory |
|||
|- |
|||
| 0009FC00 (typical location) |
|||
| 0009FFFF |
|||
| 400 |
|||
| RAM (unusable) |
|||
| EBDA (Extended BIOS Data Area) |
| EBDA (Extended BIOS Data Area) |
||
| partially used by the EBDA |
|||
|- |
|||
| 0x000A0000 |
|||
| 0x000BFFFF |
|||
| 128 KiB |
|||
| Video display memory |
|||
| hardware mapped |
|||
| rowspan=4 | 384 KiB System / Reserved ("Upper Memory") |
|||
|- |
|||
| 0x000C0000 |
|||
| 0x000C7FFF |
|||
| 32 KiB (typically) |
|||
| Video BIOS |
|||
| rowspan=3 | ROM and hardware mapped / Shadow RAM |
|||
|- |
|- |
||
| 0x000C8000 |
|||
| 000A0000 |
|||
| 0x000EFFFF |
|||
| 000FFFFF |
|||
| 160 KiB (typically) |
|||
| 60000 |
|||
| BIOS Expansions |
|||
| various (unusable) |
|||
|- |
|||
| ROM Area (384 KiB) |
|||
| 0x000F0000 |
|||
| 0x000FFFFF |
|||
| 64 KiB |
|||
| Motherboard BIOS |
|||
|} |
|} |
||
===BIOS Data Area (BDA)=== |
===BIOS Data Area (BDA)=== |
||
The BDA is only partially standardized |
The BDA is only partially standardized and mostly relevant for real mode BIOS operations. |
||
The following is a partial list. See the External Links references below for more detail. |
The following is a partial list. See the External Links references below for more detail. |
||
Line 101: | Line 107: | ||
! description |
! description |
||
|- |
|- |
||
| |
| 0x0400 (4 words) |
||
| IO |
| IO ports for COM1-COM4 serial (each address is 1 word, zero if none) |
||
|- |
|- |
||
| |
| 0x0408 (3 words) |
||
| IO |
| IO ports for LPT1-LPT3 parallel (each address is 1 word, zero if none) |
||
|- |
|- |
||
| |
| 0x040E (word) |
||
| EBDA base address >> 4 (<b>usually!</b>) |
| EBDA base address >> 4 (<b>usually!</b>) |
||
|- |
|- |
||
| |
| 0x0410 (word) |
||
| packed bit flags for detected hardware |
| packed bit flags for detected hardware |
||
|- |
|- |
||
| |
| 0x0413 (word) |
||
| Number of kilobytes before EBDA / unusable memory |
|||
|- |
|||
| 0x0417 (word) |
|||
| keyboard state flags |
|||
|- |
|||
| 0x041E (32 bytes) |
|||
| keyboard buffer |
|||
|- |
|||
| 0x0449 (byte) |
|||
| Display Mode |
| Display Mode |
||
|- |
|- |
||
| |
| 0x044A (word) |
||
| number of columns in text mode |
|||
|- |
|||
| 0x0463 (2 bytes, taken as a word) |
|||
| base IO port for video |
| base IO port for video |
||
|- |
|- |
||
| |
| 0x046C (word) |
||
| # of IRQ0 timer ticks since boot |
| # of IRQ0 timer ticks since boot |
||
|- |
|- |
||
| |
| 0x0475 (byte) |
||
| # of hard disk drives detected |
| # of hard disk drives detected |
||
|- |
|- |
||
| |
| 0x0480 (word) |
||
| keyboard buffer start |
|||
|- |
|||
| 0x0482 (word) |
|||
| keyboard buffer end |
|||
|- |
|||
| 0x0497 (byte) |
|||
| last keyboard LED/Shift key state |
| last keyboard LED/Shift key state |
||
|} |
|} |
||
===Extended BIOS Data Area (EBDA)=== |
===Extended BIOS Data Area (EBDA)=== |
||
You may see "maps" of the EBDA if you search the web. However, those maps are for the original IBM BIOS EBDA. |
You may see "maps" of the EBDA if you search the web. However, those maps are for the original IBM BIOS EBDA. Current BIOS might use a different map. The EBDA area is not standardized. |
||
apply to any current EBDA, used by any current BIOS. The EBDA area is not standardized. It <b>does</b> contain data that your |
|||
OS will need, but you must do a bytewise pattern search to find those tables. (See [[PlugNPlay]].) |
|||
===ROM Area=== |
|||
{| {{wikitable}} |
|||
|- |
|||
! start |
|||
! end |
|||
! size |
|||
! region/exception |
|||
! description |
|||
|- |
|||
! colspan=5 | Standard usage of the ROM Area |
|||
|- |
|||
| 000A0000 |
|||
| 000AFFFF |
|||
| 10000 |
|||
| video RAM |
|||
| VGA framebuffer (64 KiB) |
|||
|- |
|||
| 000B0000 |
|||
| 000B7FFF |
|||
| 8000 |
|||
| video RAM |
|||
| VGA text monochrome (32 KiB) |
|||
|- |
|||
| 000B8000 |
|||
| 000BFFFF |
|||
| 8000 |
|||
| video RAM |
|||
| VGA text color (32 KiB) |
|||
|- |
|||
| 000C0000 |
|||
| 000C7FFF |
|||
| 8000 |
|||
| ROM |
|||
| Video BIOS (32 KiB is typical size) |
|||
|- |
|||
| 000C8000 |
|||
| 000EFFFF |
|||
| 28000 |
|||
| ROMs and unusable space |
|||
| Mapped hardware & Misc. |
|||
|- |
|||
| 000F0000 |
|||
| 000FFFFF |
|||
| 10000 |
|||
| ROM |
|||
| Motherboard BIOS (64 KiB is typical size) |
|||
|} |
|||
== |
==Extended Memory (> 1 MiB)== |
||
The region of RAM above 1 MiB is not standardized, well-defined, or contiguous. There are likely to be regions of it that |
The region of RAM above 1 MiB is not standardized, well-defined, or contiguous. There are likely to be regions of it that |
||
Line 194: | Line 164: | ||
Some ACPI areas cannot be "reclaimed" this way. Some of the computer's RAM may extend above 4 GiB. |
Some ACPI areas cannot be "reclaimed" this way. Some of the computer's RAM may extend above 4 GiB. |
||
Use the BIOS function [[Detecting Memory (x86)#BIOS Function: INT 0x15, EAX = 0xE820|INT 15h, EAX=0xE820]] to get a reliable map of |
Use the BIOS function [[Detecting Memory (x86)#BIOS Function: INT 0x15, EAX = 0xE820|INT 15h, EAX=0xE820]] to get a reliable map of Extended Memory. |
||
Line 207: | Line 177: | ||
! colspan=5 | High Memory |
! colspan=5 | High Memory |
||
|- |
|- |
||
| 0x00100000 |
|||
| 00100000 |
|||
| 0x00EFFFFF |
|||
| 003FFFFF |
|||
| 0x00E00000 (14 MiB) |
|||
| 00300000 |
|||
| RAM -- |
| RAM -- free for use (if it exists) |
||
| Extended memory |
| Extended memory <sup>1, 2</sup> |
||
|- |
|- |
||
| 0x00F00000 |
|||
| 00400000 |
|||
| 0x00FFFFFF |
|||
| 00EFFFFF |
|||
| 0x00100000 (1 MiB) |
|||
| 00900000 (if it all exists) |
|||
| RAM -- free for use |
|||
| Extended memory |
|||
|- |
|||
| 00F00000 |
|||
| 00FFFFFF |
|||
| 100000 |
|||
| Possible memory mapped hardware |
| Possible memory mapped hardware |
||
| ISA Memory Hole 15-16MB |
| ISA Memory Hole 15-16MB <sup>3</sup> |
||
|- |
|- |
||
| 0x01000000 |
|||
| 01000000 |
|||
| ???????? |
| ???????? |
||
| ???????? (whatever exists) |
| ???????? (whatever exists) |
||
| RAM -- free for use |
| RAM -- free for use |
||
| More Extended memory |
| More Extended memory <sup>1</sup> |
||
|- |
|- |
||
| |
| 0xC0000000 (sometimes, depends on motherboard and devices) |
||
| 0xFFFFFFFF |
|||
| FFFFFFF |
|||
| 0x40000000 (1 GiB) |
|||
| 4000000 |
|||
| various ( |
| various (typically reserved for memory mapped devices) |
||
| PnP NVRAM?, |
| Memory mapped PCI devices, PnP NVRAM?, IO APIC/s, local APIC/s, BIOS, ... |
||
|- |
|- |
||
| |
| 0x0000000100000000 (possible memory above 4 GiB) |
||
| ???????? |
| ???????????????? |
||
| ???????? (whatever exists) |
| ???????????????? (whatever exists) |
||
| RAM -- free for use (PAE/64bit) |
| RAM -- free for use (PAE/64bit) |
||
| More Extended memory |
| More Extended memory <sup>1</sup> |
||
|- |
|||
| ???????????????? |
|||
| ???????????????? |
|||
| ???????????????? |
|||
| Possible memory mapped hardware |
|||
| Potentially usable for memory mapped PCI devices in modern hardware (but typically not, due to backward compatibility) |
|||
|} |
|} |
||
<sup>1</sup>: Different computers have different amounts of RAM, therefore the amount of extended memory you might find will vary and may be anything from "none" (e.g. an old 80386 system) to "lots". |
|||
<sup>1</sup>: Free for use except that your bootloader (ie. GRUB) may have loaded your "modules" here, and you don't want to overwrite those. |
|||
<sup>2</sup>: Free for use except that your bootloader (ie. GRUB) may have loaded your "modules" here, and you don't want to overwrite those. |
|||
<sup>3</sup>: The "ISA Memory Hole" (from 0x00F00000 to 0x00FFFFFF) was used for memory mapped ISA devices (e.g. video cards). Modern computers have no need for this hole, but some chipsets still support it (as an optional feature) and some motherboards may still allow it to be enabled with BIOS options, so it may exist in a modern computers with no ISA devices. |
|||
==Comments== |
|||
==See Also== |
==See Also== |
||
* [[Detecting Memory (x86)]] |
|||
===External Links=== |
===External Links=== |
||
* http://www.nondot.org/sabre/os/files/Booting/BIOS_SEG.txt -- detailed BIOS Data Area map |
* https://web.archive.org/web/20120130052813/http://www.nondot.org/sabre/os/files/Booting/BIOS_SEG.txt -- detailed BIOS Data Area map |
||
* |
* https://web.archive.org/web/20221127214951/https://www.bioscentral.com/misc/bda.htm -- another detailed BIOS Data Area map |
||
* [http:// |
* [http://files.osdev.org/mirrors/geezer/osd/ram/index.htm#layout Geezer's memory layout description] |
||
* http://stanislavs.org/helppc/bios_data_area.html |
|||
[[Category:X86]] |
[[Category:X86]] |
||
[[Category:Physical Memory]] |
Latest revision as of 12:15, 28 May 2024
This article describes the contents of the computer's physical memory at the moment that the BIOS jumps to your bootloader code.
Real mode address space (< 1 MiB)
When a typical x86 PC boots it will be in Real Mode, with an active BIOS. During the time the CPU remains in Real Mode, IRQ0 (the clock) will fire repeatedly, and the hardware that is used to boot the PC (floppy, hard disk, CD, Network card, USB) will also generate IRQs. This means that during the PC boot process, the Real Mode IVT (see below) must be carefully preserved, because it is being used.
When the IVT is activated by an IRQ, it will call a BIOS routine to handle the IRQ. Bootloaders will also access BIOS functions. This means that the two memory workspaces that the BIOS uses (the BDA and the EBDA) must also be carefully preserved during boot. Also, every time the BIOS handles an IRQ0 (18 times a second), several bytes in the BDA get overwritten by the BIOS -- so do not attempt to store anything there while IRQs are active in Real Mode.
After all the BIOS functions have been called, and your kernel is loaded into memory somewhere, the bootloader or kernel may exit Real Mode forever (often by going into 32bit Protected Mode). If the kernel never uses Real Mode again, then the first 0x500 bytes of memory in the PC may be reused and overwritten. (However, it is very common to temporarily return to Real Mode in order to change the Video Display Mode.)
When the CPU is in Protected Mode, System Management Mode (SMM) is still invisibly active, and cannot be shut off. SMM also seems to use the EBDA. So the EBDA memory area should never be overwritten.
Note: the EBDA is a variable-sized memory area (on different BIOSes). If it exists, it is always immediately below 0xA0000 in memory. It is absolutely guaranteed to be at most 128 KiB in size. Older computers typically uses 1 KiB from 0x9FC00 - 0x9FFFF, modern firmware can be found using significantly more. You can determine the size of the EBDA by using BIOS function INT 12h, or by examining the word at 0x413 in the BDA (see below). Both of those methods will tell you how much conventional memory is usable before the EBDA.
It should also be noted that your bootloader code is loaded and running in memory at physical addresses 0x7C00 through 0x7DFF. So that memory area is likely to also be unusable until execution has been transferred to a second stage bootloader, or to your kernel.
Overview
start | end | size | description | type | |
---|---|---|---|---|---|
Real mode address space (the first MiB) | |||||
0x00000000 | 0x000003FF | 1 KiB | Real Mode IVT (Interrupt Vector Table) | unusable in real mode | 640 KiB RAM ("Low memory") |
0x00000400 | 0x000004FF | 256 bytes | BDA (BIOS data area) | ||
0x00000500 | 0x00007BFF | 29.75 KiB | Conventional memory | usable memory | |
0x00007C00 | 0x00007DFF | 512 bytes | Your OS BootSector | ||
0x00007E00 | 0x0007FFFF | 480.5 KiB | Conventional memory | ||
0x00080000 | 0x0009FFFF | 128 KiB | EBDA (Extended BIOS Data Area) | partially used by the EBDA | |
0x000A0000 | 0x000BFFFF | 128 KiB | Video display memory | hardware mapped | 384 KiB System / Reserved ("Upper Memory") |
0x000C0000 | 0x000C7FFF | 32 KiB (typically) | Video BIOS | ROM and hardware mapped / Shadow RAM | |
0x000C8000 | 0x000EFFFF | 160 KiB (typically) | BIOS Expansions | ||
0x000F0000 | 0x000FFFFF | 64 KiB | Motherboard BIOS |
BIOS Data Area (BDA)
The BDA is only partially standardized and mostly relevant for real mode BIOS operations. The following is a partial list. See the External Links references below for more detail.
address (size) | description |
---|---|
0x0400 (4 words) | IO ports for COM1-COM4 serial (each address is 1 word, zero if none) |
0x0408 (3 words) | IO ports for LPT1-LPT3 parallel (each address is 1 word, zero if none) |
0x040E (word) | EBDA base address >> 4 (usually!) |
0x0410 (word) | packed bit flags for detected hardware |
0x0413 (word) | Number of kilobytes before EBDA / unusable memory |
0x0417 (word) | keyboard state flags |
0x041E (32 bytes) | keyboard buffer |
0x0449 (byte) | Display Mode |
0x044A (word) | number of columns in text mode |
0x0463 (2 bytes, taken as a word) | base IO port for video |
0x046C (word) | # of IRQ0 timer ticks since boot |
0x0475 (byte) | # of hard disk drives detected |
0x0480 (word) | keyboard buffer start |
0x0482 (word) | keyboard buffer end |
0x0497 (byte) | last keyboard LED/Shift key state |
Extended BIOS Data Area (EBDA)
You may see "maps" of the EBDA if you search the web. However, those maps are for the original IBM BIOS EBDA. Current BIOS might use a different map. The EBDA area is not standardized.
Extended Memory (> 1 MiB)
The region of RAM above 1 MiB is not standardized, well-defined, or contiguous. There are likely to be regions of it that contain memory mapped hardware, that nothing but a device driver should ever access. There are likely to be regions of it that contain ACPI tables which your initialization code will probably want to read, and that then can be overwritten and reused. Some ACPI areas cannot be "reclaimed" this way. Some of the computer's RAM may extend above 4 GiB.
Use the BIOS function INT 15h, EAX=0xE820 to get a reliable map of Extended Memory.
start | end | size | region/exception | description |
---|---|---|---|---|
High Memory | ||||
0x00100000 | 0x00EFFFFF | 0x00E00000 (14 MiB) | RAM -- free for use (if it exists) | Extended memory 1, 2 |
0x00F00000 | 0x00FFFFFF | 0x00100000 (1 MiB) | Possible memory mapped hardware | ISA Memory Hole 15-16MB 3 |
0x01000000 | ???????? | ???????? (whatever exists) | RAM -- free for use | More Extended memory 1 |
0xC0000000 (sometimes, depends on motherboard and devices) | 0xFFFFFFFF | 0x40000000 (1 GiB) | various (typically reserved for memory mapped devices) | Memory mapped PCI devices, PnP NVRAM?, IO APIC/s, local APIC/s, BIOS, ... |
0x0000000100000000 (possible memory above 4 GiB) | ???????????????? | ???????????????? (whatever exists) | RAM -- free for use (PAE/64bit) | More Extended memory 1 |
???????????????? | ???????????????? | ???????????????? | Possible memory mapped hardware | Potentially usable for memory mapped PCI devices in modern hardware (but typically not, due to backward compatibility) |
1: Different computers have different amounts of RAM, therefore the amount of extended memory you might find will vary and may be anything from "none" (e.g. an old 80386 system) to "lots".
2: Free for use except that your bootloader (ie. GRUB) may have loaded your "modules" here, and you don't want to overwrite those.
3: The "ISA Memory Hole" (from 0x00F00000 to 0x00FFFFFF) was used for memory mapped ISA devices (e.g. video cards). Modern computers have no need for this hole, but some chipsets still support it (as an optional feature) and some motherboards may still allow it to be enabled with BIOS options, so it may exist in a modern computers with no ISA devices.
See Also
External Links
- https://web.archive.org/web/20120130052813/http://www.nondot.org/sabre/os/files/Booting/BIOS_SEG.txt -- detailed BIOS Data Area map
- https://web.archive.org/web/20221127214951/https://www.bioscentral.com/misc/bda.htm -- another detailed BIOS Data Area map
- Geezer's memory layout description
- http://stanislavs.org/helppc/bios_data_area.html